! R1
conf t
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
exit
default crypto ikev2 proposal
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
exit
do show crypto ikev2 proposal default
default crypto ikev2 policy
do show crypto ikev2 policy default
crypto ikev2 profile IKEv2-Profile
identity local dn
match certificate CMAP
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
virtual-template 1
exit
default crypto ipsec transform-set
crypto ipsec transform-set default esp-gcm 256
exit
do show crypto ipsec transform-set default
default crypto ipsec profile
do show crypto ipsec profile
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface virtual-template 1 type tunnel
ip unnumbered loop 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile default
ip ospf 1 area 0
end
!R2-R4
conf t
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
exit
default crypto ikev2 proposal
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
exit
do show crypto ikev2 proposal default
default crypto ikev2 policy
do show crypto ikev2 policy default
crypto ikev2 profile IKEv2-Profile
identity local dn
match certificate CMAP
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
exit
default crypto ipsec transform-set
crypto ipsec transform-set default esp-gcm 256
exit
do show crypto ipsec transform-set default
default crypto ipsec profile
do show crypto ipsec profile
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface Tunnel0
ip unnumbered loop 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel destination 15.0.0.1
tunnel protection ipsec profile default
ip ospf 1 area 0
end
show crypto ikev2 sa
show crypto engine connections active
show ip route ospf
ping 10.1.1.1 source 10.2.2.2
! R3
show crypto ikev2 sa
show crypto engine connections active
show ip route ospf
ping 10.1.1.1 source 10.3.3.3
ping 10.2.2.2 source 10.3.3.3
ping 10.4.4.4 source 10.3.3.3
traceroute 10.4.4.4 source 10.3.3.3
Full configs after FlexVPN Hub and Spoke RSA-Sigs
R1#show run
Building configuration...
Current configuration : 5310 bytes
!
version 15.3
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
clock timezone PST -8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
!
crypto pki trustpoint Trusted-CA
enrollment url http://5.5.5.5:80
fqdn r1.cbtnuggets.com
ip-address 15.0.0.1
subject-name CN=r1,O=cbtnuggets.com
revocation-check none
rsakeypair r1.cbtnuggets.com
!
!
!
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
!
crypto pki certificate chain Trusted-CA
certificate 02
3082024A 308201B3 A0030201 02020102 300D0609 2A864886 F70D0101 05050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323034 3131355A 170D3135 30363330
32303431 31355A30 5F311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02723131 37301506 092A8648 86F70D01 09081308
31352E30 2E302E31 301E0609 2A864886 F70D0109 02161172 312E6362 746E7567
67657473 2E636F6D 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081
89028181 00B653B6 ABDC5758 2339C4F1 7B0AD0F9 9E817998 568D6650 C6686D91
807CAC24 78CB9986 32A0DA40 C33FF34E A249B631 E8D0D530 2D2288BF 79EEA549
9E4B83B8 722766EB F9F26EF8 78F51485 2C263A89 FB535F96 4620B661 3EF83E39
78FFDE79 8BC8485A 67A21841 6BC3E611 CAA1E8C9 51CE6E8C 4E1AD63A E3F837C0
908D448E C3020301 0001A34F 304D300B 0603551D 0F040403 0205A030 1F060355
1D230418 30168014 DA6D6286 7C1E7F0E 00CCD5E5 CB67AC9B 131A5A49 301D0603
551D0E04 160414A7 B4F5492A 70171837 E375E803 59BD0EFF 69B45530 0D06092A
864886F7 0D010105 05000381 81000737 5EE3D7EA 52F95BF0 016C16C5 0E8D9CF9
B573C05F D2267B72 D97F91D3 64869B82 ACDECDC6 F5459A26 1255C610 DA0BF921
4763FE3D 2FB195E0 3F952249 1529B0D0 DFAD4287 301F927D 25D75B40 4A474C0A
6E1E0898 B27FA7EE 127D0AA7 A2440648 62854251 77EE351A 230FBD78 EC3C6BF5
AA2229B4 0499BF9C 235E1CE3 FEC1
quit
certificate ca 01
30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323033 3233395A 170D3137 30363239
32303332 33395A30 26311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02434130 819F300D 06092A86 4886F70D 01010105
0003818D 00308189 02818100 E6A45D41 6A03505B 25AC43E4 DF75D423 4FC17F38
B71CCB69 689C91A3 72805451 3F08E5A5 8270328E B8A90A3E AA4F5F10 E111BAA3
0AE8A8FD E71E026E 9114E31E B7882821 492DE980 865B0E74 4720CF6B FE3E7DA9
AD2A532D 0C8AC331 74516469 C417A751 8B681B49 B39FCA0D B2CF4801 9C231964
D07D137C 80D00C53 AB343A59 02030100 01A36330 61300F06 03551D13 0101FF04
05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830
168014DA 6D62867C 1E7F0E00 CCD5E5CB 67AC9B13 1A5A4930 1D060355 1D0E0416
0414DA6D 62867C1E 7F0E00CC D5E5CB67 AC9B131A 5A49300D 06092A86 4886F70D
01010405 00038181 0029D86B E3CCC3A7 1E364195 96CE9968 3C0A4D3A 32075312
30E3AB3C D6D9EBEE 002BF78F 5E89AA91 6B5786D8 8E2895D9 D5338A3A B5F02391
20F9A9C8 E257585E 6A5BA551 E6FE7191 71259408 5EB037CA 503E0206 E6B73C81
66C88387 1052844A 17C462AF 6A845350 068E3459 A104B967 93B5EFBC AEEEFB26
4AA7B748 CF9C0F38 1C
quit
!
redundancy
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
crypto ikev2 profile IKEv2-Profile
match certificate CMAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
virtual-template 1
!
crypto isakmp diagnose error
!
!
crypto ipsec transform-set default esp-gcm 256
!
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 15.0.0.1 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip ospf 1 area 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile default
!
router ospf 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 15.0.0.5
!
no cdp advertise-v2
control-plane
alias exec c config t
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
ntp server 5.5.5.5
!
end
R2#show run
Building configuration...
Current configuration : 5297 bytes
!
version 15.3
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone PST -8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
crypto pki trustpoint Trusted-CA
enrollment url http://5.5.5.5:80
fqdn r2.cbtnuggets.com
ip-address 25.0.0.2
subject-name CN=r2,O=cbtnuggets.com
revocation-check none
rsakeypair r2.cbtnuggets.com
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
!
crypto pki certificate chain Trusted-CA
certificate 03
3082024A 308201B3 A0030201 02020103 300D0609 2A864886 F70D0101 05050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323034 3231345A 170D3135 30363330
32303432 31345A30 5F311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02723231 37301506 092A8648 86F70D01 09081308
32352E30 2E302E32 301E0609 2A864886 F70D0109 02161172 322E6362 746E7567
67657473 2E636F6D 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081
89028181 00D05645 14D61302 091164C1 959EB527 ED87FE2E 797258EA 67464B66
14AE2E62 4A6C472A 6CD01B51 65848B64 28B697ED 04D344F3 35A0D7F0 72425D64
949D1BB7 77562536 F56327D8 95469071 239A7DE3 45F5ECFE 13F6181D F8AD2178
0398294A 34DA4B10 DCC7FE72 651266F5 78A6493C 6B85EEE4 163A0DD3 273204C1
4CAF2E68 7F020301 0001A34F 304D300B 0603551D 0F040403 0205A030 1F060355
1D230418 30168014 DA6D6286 7C1E7F0E 00CCD5E5 CB67AC9B 131A5A49 301D0603
551D0E04 16041453 0CF1AEB9 56EFA10D 13C0008F 4142CB1E DEF21930 0D06092A
864886F7 0D010105 05000381 810083C2 18142500 53E6E3F7 F9207B1B 53D9FC31
A6FB145C 75CAAD58 C63B7F9E AB04A017 C1593332 A50C5C29 04A1E4AC 8075B724
F7B2BE57 E43192B3 5C9BBC6B F72F1C09 45E26852 23C13393 A0D8CDCB C816EDE5
E9028950 9FCC85D1 4653245E D925F977 3FF0D167 5349EC86 14CBF14E 201EF3E5
8C535775 C66CEBA2 A42EAE67 EB49
quit
certificate ca 01
30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323033 3233395A 170D3137 30363239
32303332 33395A30 26311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02434130 819F300D 06092A86 4886F70D 01010105
0003818D 00308189 02818100 E6A45D41 6A03505B 25AC43E4 DF75D423 4FC17F38
B71CCB69 689C91A3 72805451 3F08E5A5 8270328E B8A90A3E AA4F5F10 E111BAA3
0AE8A8FD E71E026E 9114E31E B7882821 492DE980 865B0E74 4720CF6B FE3E7DA9
AD2A532D 0C8AC331 74516469 C417A751 8B681B49 B39FCA0D B2CF4801 9C231964
D07D137C 80D00C53 AB343A59 02030100 01A36330 61300F06 03551D13 0101FF04
05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830
168014DA 6D62867C 1E7F0E00 CCD5E5CB 67AC9B13 1A5A4930 1D060355 1D0E0416
0414DA6D 62867C1E 7F0E00CC D5E5CB67 AC9B131A 5A49300D 06092A86 4886F70D
01010405 00038181 0029D86B E3CCC3A7 1E364195 96CE9968 3C0A4D3A 32075312
30E3AB3C D6D9EBEE 002BF78F 5E89AA91 6B5786D8 8E2895D9 D5338A3A B5F02391
20F9A9C8 E257585E 6A5BA551 E6FE7191 71259408 5EB037CA 503E0206 E6B73C81
66C88387 1052844A 17C462AF 6A845350 068E3459 A104B967 93B5EFBC AEEEFB26
4AA7B748 CF9C0F38 1C
quit
!
redundancy
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
crypto ikev2 profile IKEv2-Profile
match certificate CMAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
!
crypto isakmp diagnose error
crypto ipsec transform-set default esp-gcm 256
!
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 10.2.2.2 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
!
interface Tunnel0
ip unnumbered Loopback0
ip ospf 1 area 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel destination 15.0.0.1
tunnel protection ipsec profile default
!
interface Ethernet0/0
ip address 25.0.0.2 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 25.0.0.5
!
no cdp advertise-v2
control-plane
alias exec c config t
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
ntp server 5.5.5.5
!
end
R3#show run
Building configuration...
Current configuration : 5362 bytes
!
! No configuration change since last restart
version 15.3
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone PST -8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip domain lookup
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
crypto pki trustpoint Trusted-CA
enrollment url http://5.5.5.5:80
fqdn r3.cbtnuggets.com
ip-address 35.0.0.3
subject-name CN=r3,O=cbtnuggets.com
revocation-check none
rsakeypair r3.cbtnuggets.com
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
!
crypto pki certificate chain Trusted-CA
certificate 05
3082024A 308201B3 A0030201 02020105 300D0609 2A864886 F70D0101 05050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323034 3434385A 170D3135 30363330
32303434 34385A30 5F311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02723331 37301506 092A8648 86F70D01 09081308
33352E30 2E302E33 301E0609 2A864886 F70D0109 02161172 332E6362 746E7567
67657473 2E636F6D 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081
89028181 00BA9808 06198447 65F544EC A4F09FCA E64247A3 4A4EA352 681CD308
B91A4347 9498A3C2 119452F6 50267CFF 29B1DF2D 208904D8 810DF8CC 5B12E861
BB39FE11 77555806 3FD86998 769857AE 8DE366D1 FF2C71D3 B2BEEC27 56AC794E
21579444 32C94D6F 412F5FDF BA85F630 8C0C8D2B DF8B33E6 AA170541 41F464A5
CCDF6E4F B3020301 0001A34F 304D300B 0603551D 0F040403 0205A030 1F060355
1D230418 30168014 DA6D6286 7C1E7F0E 00CCD5E5 CB67AC9B 131A5A49 301D0603
551D0E04 16041488 16086A9F D82A29BC EC299C99 EA4D6A6A 4ACA1B30 0D06092A
864886F7 0D010105 05000381 81003B7A FD0455AC 07A73A7B B36B9591 4077E90C
40A2FA85 22632AF3 12328BDB BFE9F16E B57BE785 FF2B5FDE A805121E 7955D4F7
BCCA5E5A 094E889D 21D65FFC D18F36A2 6CB3786E 9BF39708 18D5D905 B543D727
D8A2223D 522EE178 128F55A5 4D45BEAA 01D486C6 407A5348 1EF3E0A3 7779E6B3
C502586A B9F79A88 53F85D41 7DD7
quit
certificate ca 01
30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323033 3233395A 170D3137 30363239
32303332 33395A30 26311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02434130 819F300D 06092A86 4886F70D 01010105
0003818D 00308189 02818100 E6A45D41 6A03505B 25AC43E4 DF75D423 4FC17F38
B71CCB69 689C91A3 72805451 3F08E5A5 8270328E B8A90A3E AA4F5F10 E111BAA3
0AE8A8FD E71E026E 9114E31E B7882821 492DE980 865B0E74 4720CF6B FE3E7DA9
AD2A532D 0C8AC331 74516469 C417A751 8B681B49 B39FCA0D B2CF4801 9C231964
D07D137C 80D00C53 AB343A59 02030100 01A36330 61300F06 03551D13 0101FF04
05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830
168014DA 6D62867C 1E7F0E00 CCD5E5CB 67AC9B13 1A5A4930 1D060355 1D0E0416
0414DA6D 62867C1E 7F0E00CC D5E5CB67 AC9B131A 5A49300D 06092A86 4886F70D
01010405 00038181 0029D86B E3CCC3A7 1E364195 96CE9968 3C0A4D3A 32075312
30E3AB3C D6D9EBEE 002BF78F 5E89AA91 6B5786D8 8E2895D9 D5338A3A B5F02391
20F9A9C8 E257585E 6A5BA551 E6FE7191 71259408 5EB037CA 503E0206 E6B73C81
66C88387 1052844A 17C462AF 6A845350 068E3459 A104B967 93B5EFBC AEEEFB26
4AA7B748 CF9C0F38 1C
quit
!
redundancy
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
crypto ikev2 profile IKEv2-Profile
match certificate CMAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
!
crypto isakmp diagnose error
!
!
crypto ipsec transform-set default esp-gcm 256
!
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip address 10.3.3.3 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
!
interface Tunnel0
ip unnumbered Loopback0
ip ospf 1 area 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel destination 15.0.0.1
tunnel protection ipsec profile default
!
interface Ethernet0/0
ip address 35.0.0.3 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 35.0.0.5
!
no cdp advertise-v2
control-plane
alias exec c config t
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
ntp server 5.5.5.5
!
end
R4#show run
Building configuration...
Current configuration : 5362 bytes
!
! No configuration change since last restart
version 15.3
no service timestamps debug uptime
no service timestamps log uptime
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone PST -8 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip domain lookup
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
multilink bundle-name authenticated
crypto pki trustpoint Trusted-CA
enrollment url http://5.5.5.5:80
fqdn r4.cbtnuggets.com
ip-address 45.0.0.5
subject-name CN=r4,O=cbtnuggets.com
revocation-check none
rsakeypair r4.cbtnuggets.com
crypto pki certificate map CMAP 1
issuer-name co cbtnuggets
!
crypto pki certificate chain Trusted-CA
certificate 06
3082024A 308201B3 A0030201 02020106 300D0609 2A864886 F70D0101 05050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323034 3535375A 170D3135 30363330
32303435 35375A30 5F311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02723431 37301506 092A8648 86F70D01 09081308
34352E30 2E302E35 301E0609 2A864886 F70D0109 02161172 342E6362 746E7567
67657473 2E636F6D 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081
89028181 00E889F5 E2664DBA 00E488E4 127F00E9 33067393 0E33086B 426EABF6
2A1ECA04 7AC8F3FB C1EAC99B 111B6D81 3CAB9F07 6C8028C5 18A5B24E F37D1352
7EC3D9BA D2EF3F50 D0ED797A 0E3985B6 BD04B526 12D8EF6F 573C7F1F 9A5C0F0E
88F4B4B4 DF62DDED 563AEAB3 26B3F7AF 4ED072CB C8561614 34F70E09 37A512F9
61C2C969 B7020301 0001A34F 304D300B 0603551D 0F040403 0205A030 1F060355
1D230418 30168014 DA6D6286 7C1E7F0E 00CCD5E5 CB67AC9B 131A5A49 301D0603
551D0E04 160414AF 5F14869D A54E1338 262F03F8 52F15188 F481D630 0D06092A
864886F7 0D010105 05000381 8100529C DB22B2EC 116E90E7 297410F3 69761163
2D380858 788C6A3A 4D232C4C E80DE083 5106D1D2 AF124A5E 2A0DAD96 1B9EE611
D6116C80 0BC7CA74 483C71BA 7F6BFA7D 52DD5324 BF4331CC AC46E375 36EEFD6B
3A3007D4 76AA2EB8 4D8E2380 77D71A69 3D9EA83A 394BC0AA 3C232706 31C362E7
C3F4A7C9 0BB2C5DA 89F858F6 FAFE
quit
certificate ca 01
30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 04050030
26311730 15060355 040A130E 6362746E 75676765 74732E63 6F6D310B 30090603
55040313 02434130 1E170D31 34303633 30323033 3233395A 170D3137 30363239
32303332 33395A30 26311730 15060355 040A130E 6362746E 75676765 74732E63
6F6D310B 30090603 55040313 02434130 819F300D 06092A86 4886F70D 01010105
0003818D 00308189 02818100 E6A45D41 6A03505B 25AC43E4 DF75D423 4FC17F38
B71CCB69 689C91A3 72805451 3F08E5A5 8270328E B8A90A3E AA4F5F10 E111BAA3
0AE8A8FD E71E026E 9114E31E B7882821 492DE980 865B0E74 4720CF6B FE3E7DA9
AD2A532D 0C8AC331 74516469 C417A751 8B681B49 B39FCA0D B2CF4801 9C231964
D07D137C 80D00C53 AB343A59 02030100 01A36330 61300F06 03551D13 0101FF04
05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830
168014DA 6D62867C 1E7F0E00 CCD5E5CB 67AC9B13 1A5A4930 1D060355 1D0E0416
0414DA6D 62867C1E 7F0E00CC D5E5CB67 AC9B131A 5A49300D 06092A86 4886F70D
01010405 00038181 0029D86B E3CCC3A7 1E364195 96CE9968 3C0A4D3A 32075312
30E3AB3C D6D9EBEE 002BF78F 5E89AA91 6B5786D8 8E2895D9 D5338A3A B5F02391
20F9A9C8 E257585E 6A5BA551 E6FE7191 71259408 5EB037CA 503E0206 E6B73C81
66C88387 1052844A 17C462AF 6A845350 068E3459 A104B967 93B5EFBC AEEEFB26
4AA7B748 CF9C0F38 1C
quit
!
redundancy
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
crypto ikev2 proposal default
encryption aes-cbc-256
integrity sha256
group 14
crypto ikev2 profile IKEv2-Profile
match certificate CMAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint Trusted-CA
!
crypto isakmp diagnose error
!
!
crypto ipsec transform-set default esp-gcm 256
!
crypto ipsec profile default
set ikev2-profile IKEv2-Profile
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
ip address 10.4.4.4 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
!
interface Tunnel0
ip unnumbered Loopback0
ip ospf 1 area 0
tunnel source Ethernet0/0
tunnel mode ipsec ipv4
tunnel destination 15.0.0.1
tunnel protection ipsec profile default
!
interface Ethernet0/0
ip address 45.0.0.4 255.255.255.0
!
interface Ethernet0/1
no ip address
shutdown
!
interface Ethernet0/2
no ip address
shutdown
!
interface Ethernet0/3
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 45.0.0.5
!
no cdp advertise-v2
control-plane
alias exec c config t
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
transport input all
!
ntp server 5.5.5.5
!
end
Thank you for all configs and your work.
ReplyDeleteI am glad it helped you !!
ReplyDelete