Branch-ISR#wr t Building configuration... Current configuration : 6529 bytes ! Last configuration change at 07:35:34 UTC Thu May 8 2014 ! NVRAM config last updated at 06:26:18 UTC Thu May 8 2014 ! NVRAM config last updated at 06:26:18 UTC Thu May 8 2014 version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname Branch-ISR boot-start-marker boot-end-marker enable password cisco aaa new-model aaa authorization network default local aaa session-id common ip cef ip domain name secure-x.public ipv6 multicast rpf use-bgp no ipv6 cef multilink bundle-name authenticated crypto pki trustpoint partner-isr enrollment url http://198.51.100.1:80 serial-number none fqdn branch-isr.secure-x.public ip-address none subject-name CN=branch-isr,O=secure-x.public revocation-check none rsakeypair branch-keypair crypto pki certificate chain partner-isr certificate 03 308202D1 3082023A A0030201 02020103 300D0609 2A864886 F70D0101 0B050030 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 1E170D31 34303530 38303634 3533325A 170D3135 30353038 30363435 33325A30 5A311830 16060355 040A130F 73656375 72652D78 2E707562 6C696331 13301106 03550403 130A6272 616E6368 2D697372 31293027 06092A86 4886F70D 01090216 1A627261 6E63682D 6973722E 73656375 72652D78 2E707562 6C696330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A506718F 279C6318 88BE0E7F 0CBFD386 1E48B605 C29F29BC 3A8DCB03 CB3D0300 CB90C6C7 7E302D3A DF68721F 0B002F7D 680F2B64 113576FA BC23C450 4E842DE5 1666EAAC 25935FB3 3F8AF61D B52A12CF E7B62D54 2C085DD9 7DB4E379 59EB55FB 73394CF4 6B2AB602 74BDEC95 BB9F27CF 181B6DAC FBA7A616 6E41260A 9931A702 C0DE002B AB22BC2A BCA696EA EC155AD9 632A3C5B A0D249BC 79B02B1B BDD19E92 0C17F23D 4277C0F4 048FE725 629B9563 C11B2043 A477BDAF 497B0761 5CB8E3AA 1BDD9D6C 09BCBE43 8A808F58 9D19751A BCE9BF20 D963172B 4BD0ECC7 20DADFB2 C76F3F4E 7DB9BA35 288DCBF4 6EEA92A0 FD3704B2 78DF026C 0AC49FCF 371E49C7 02030100 01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC AD590198 5E9E5D30 1D060355 1D0E0416 041444C9 1C4414EB A7BB5631 7B7F03D7 5057069D CD68300D 06092A86 4886F70D 01010B05 00038181 00096305 8A202C68 69A824E0 151D43AE 9185FE28 83257F41 0E716391 76F6960F 5923DBD1 C58606E0 1CDE174D 15C234AA B65C7F2E BE76477A 47474A42 069C6965 D1A474D9 3227F96C 842DEEDE 2606514E BA426BB4 4E7B1F72 EA6C3267 B88B4525 726035E2 BFB4725B 8D63E704 12BF026B DA99F830 7F8B2005 40996958 98B09ACF CC quit certificate ca 01 30820235 3082019E A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 1E170D31 34303530 37323035 3035305A 170D3137 30353036 32303530 35305A30 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A714F501 EF72818C 5FDDB61A 7B823F03 89D61740 3EACCCBB EEFD7402 637FFB58 9225726A 083411E5 A498F9F6 F3F01DCA EDA76073 C6A7F890 176DFEC5 9358EB41 FA4370FB 685C4E92 FA2A049D 79ADAC9A 8F264935 4A166697 B3265F4A 27EBF430 6E9A45B4 BB0A7D33 D0C016FA D8D79644 AE70BE21 5E8FA0BF 51D8A433 FC4E3A77 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC AD590198 5E9E5D30 1D060355 1D0E0416 0414F552 D4C997BE 53709FE0 5B08ACAD 5901985E 9E5D300D 06092A86 4886F70D 01010B05 00038181 00411F07 D3E043FC B89AFFC0 1902CCAA 40F77E0E FD9401F5 32ACF1A7 9ECEF20A 7142F726 636346C9 F6D7E5C2 4DDBED4D 84545F5F 36515275 F88B0758 44BC008A FA1458EB DE2C0B72 CCCA81E8 4D8E74EF 98374678 CA5404B9 0FDDD0B7 4E5AE58A E84970EA 7F2B46C0 8C96C36A DB5258E7 EA75E538 9AA226A4 7C6BCE71 47FA4A24 50 quit license udi pid CISCO2901/K9 sn FCZ1801C1X8 license boot module c2900 technology-package securityk9 username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY redundancy crypto ikev2 proposal ccnp-ike2-proposal encryption aes-cbc-256 integrity sha512 group 20 no crypto ikev2 proposal default crypto ikev2 policy ccnp-ikev2-policy match fvrf any proposal ccnp-ike2-proposal no crypto ikev2 policy default crypto ikev2 keyring KR peer HQ-ISR address 192.0.2.3 pre-shared-key local cisco123 ! crypto ikev2 profile ccnp-ikev2-profile match identity remote fqdn domain secure-x.public match identity remote fqdn domain partner.public identity local fqdn branch-isr.secure-x.public authentication remote rsa-sig authentication local rsa-sig pki trustpoint partner-isr aaa authorization group cert list default default virtual-template 1 crypto ipsec transform-set ccnp-ts esp-gcm 256 mode tunnel no crypto ipsec transform-set default crypto ipsec profile ccnp-ipsec-profile set transform-set ccnp-ts set pfs group20 set ikev2-profile ccnp-ikev2-profile no crypto ipsec profile default interface Tunnel0 ip address negotiated ip nhrp network-id 1 ip nhrp shortcut virtual-template 1 tunnel source GigabitEthernet0/1 tunnel destination 192.0.2.3 tunnel protection ipsec profile ccnp-ipsec-profile interface Embedded-Service-Engine0/0 no ip address shutdown interface GigabitEthernet0/0 ip address 10.11.11.1 255.255.255.0 duplex auto speed auto interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 duplex auto speed auto interface Virtual-Template1 type tunnel ip unnumbered Tunnel0 ip nhrp network-id 1 ip nhrp shortcut virtual-template 1 tunnel protection ipsec profile ccnp-ipsec-profile router bgp 65001 bgp log-neighbor-changes network 10.11.11.0 mask 255.255.255.0 neighbor 10.10.100.99 remote-as 65001 ! ip forward-protocol nd ! ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 203.0.113.2 ! access-list 101 permit ip 10.11.11.0 0.0.0.255 10.10.9.0 0.0.0.255 ! ! ! ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 privilege level 15 transport input all line vty 5 1000 privilege level 15 transport input all ! scheduler allocate 20000 1000 ntp server 192.0.2.2 ! end Branch-ISR#