HQ-ISR#wr t Building configuration... Current configuration : 8355 bytes ! Last configuration change at 07:37:03 UTC Thu May 8 2014 ! NVRAM config last updated at 06:26:12 UTC Thu May 8 2014 ! NVRAM config last updated at 06:26:12 UTC Thu May 8 2014 version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname HQ-ISR boot-start-marker boot-end-marker aaa new-model aaa authorization network default local aaa session-id common ip cef ip domain name secure-x.public ipv6 multicast rpf use-bgp no ipv6 cef multilink bundle-name authenticated crypto pki trustpoint TP-self-signed-2642359924 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2642359924 revocation-check none rsakeypair TP-self-signed-2642359924 crypto pki trustpoint partner-isr enrollment url http://198.51.100.1:80 serial-number none fqdn hq-isr.secure-x.public ip-address none subject-name CN=hq-isr,O=secure-x.public revocation-check none rsakeypair hq-isr.secure-x.public crypto pki certificate chain TP-self-signed-2642359924 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363432 33353939 3234301E 170D3134 30353037 31373234 32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36343233 35393932 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AD2A EF5F2CCE E1FEE08D EEA49C6A 000D4BCC 56560E49 8217AA70 62256F9F AF0B444A CD65697E FF7746A2 31612FF2 42D58B69 DFCD894B 89ADD170 D58861FD 9AD39775 05172BC0 06B33889 56FCBFD3 71500C45 A0A4E266 23A84C31 DD01E94A 79172E0B DB02874A 393F96EF 295DEC96 61219AD3 77D11685 895BEC26 0F78D861 EA350203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14C6E6F9 CF9FC4F5 D9B8AB88 3697D078 9CBA8277 38301D06 03551D0E 04160414 C6E6F9CF 9FC4F5D9 B8AB8836 97D0789C BA827738 300D0609 2A864886 F70D0101 05050003 81810029 DC06BFB1 E67B1C37 5DB1449D 5E45A73A 4B4115CD 304D4E23 E0A3FB0C C5E65EC6 53940805 D72F2CBB F4D9302F 4F2A8164 2749CC52 19F3282A 372BC41F 0251E36D 2049CEBA 4A379459 03A835BF 3BDA96EB DBC0341D F0DDA0AB 9D8DF24E 0DFC2F5A AFC932E4 9DFEE2C7 16F4FBF0 A2B33463 C03DE529 382DA6D8 99C7921B 7B29C0 quit crypto pki certificate chain partner-isr certificate 02 308202C9 30820232 A0030201 02020102 300D0609 2A864886 F70D0101 0B050030 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 1E170D31 34303530 37323035 3331385A 170D3135 30353037 32303533 31385A30 52311830 16060355 040A130F 73656375 72652D78 2E707562 6C696331 0F300D06 03550403 13066871 2D697372 31253023 06092A86 4886F70D 01090216 1668712D 6973722E 73656375 72652D78 2E707562 6C696330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 C7BF3DCA 2E531C52 BFC0CDB8 1B72AF08 369DC553 39C7DC68 54258A6A 25BCEDFA B9295679 87799634 A4CC7673 B1D54141 0E656D4B 320009E1 DD0CE31F 6F45276B 236CAAE9 8F7D8C65 D4E4730F 584EAFF9 F8905199 3F491192 8C7744E2 B1D7B4A0 311D3DEB CAFEA5BC 5DDDC286 B3CC1468 E89227C2 B301CEA1 904EAFB9 B2E88B53 E2002F1D D89A61A3 F20F3D1E EDDF14C7 D989961A 63589C9D EA9CD25C A763A04A 2A13CC1B 70E1A6D7 C7EE1642 C3897A95 3D36EC62 71A07B81 552877CB 6A8BA255 C3F684BC 04D8E40C 7400A533 72CFF714 4A4EB7B5 92D1368F 794588D6 D024ACB9 00D76DAF F271835B 065AB742 4CB53DA4 88FA9515 769A8FBD B0332710 97B48AE7 02030100 01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC AD590198 5E9E5D30 1D060355 1D0E0416 0414A7CF C457B6EC 2C538DFB 87455AAB D58B8FF9 37D3300D 06092A86 4886F70D 01010B05 00038181 002C4857 60AD6865 BDD5B7FD 5D25D06E 8D1A70A5 90D617D0 29008947 13DD2876 A3614627 2F94DA86 62B7154B 217A3E15 E39EB93E 91B2A49F 7A966384 FD06B2A1 C627B226 38546532 714A5927 380060FF 50FD3DBD A2FC480C 77CE217D 5350614E 1E32E2C2 7EA954AE 40EF89FC 7D676783 2F9B7FCC DE7AFE6E F6B24CEB 464AAC8D D7 quit certificate ca 01 30820235 3082019E A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 1E170D31 34303530 37323035 3035305A 170D3137 30353036 32303530 35305A30 2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A714F501 EF72818C 5FDDB61A 7B823F03 89D61740 3EACCCBB EEFD7402 637FFB58 9225726A 083411E5 A498F9F6 F3F01DCA EDA76073 C6A7F890 176DFEC5 9358EB41 FA4370FB 685C4E92 FA2A049D 79ADAC9A 8F264935 4A166697 B3265F4A 27EBF430 6E9A45B4 BB0A7D33 D0C016FA D8D79644 AE70BE21 5E8FA0BF 51D8A433 FC4E3A77 02030100 01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF 04040302 0186301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC AD590198 5E9E5D30 1D060355 1D0E0416 0414F552 D4C997BE 53709FE0 5B08ACAD 5901985E 9E5D300D 06092A86 4886F70D 01010B05 00038181 00411F07 D3E043FC B89AFFC0 1902CCAA 40F77E0E FD9401F5 32ACF1A7 9ECEF20A 7142F726 636346C9 F6D7E5C2 4DDBED4D 84545F5F 36515275 F88B0758 44BC008A FA1458EB DE2C0B72 CCCA81E8 4D8E74EF 98374678 CA5404B9 0FDDD0B7 4E5AE58A E84970EA 7F2B46C0 8C96C36A DB5258E7 EA75E538 9AA226A4 7C6BCE71 47FA4A24 50 quit license udi pid CISCO2901/K9 sn FCZ1801C1X3 license boot module c2900 technology-package securityk9 username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY username guiaccess privilege 15 secret 4 1wLgDhbOLsU0GdsP0B9e5YU2KA7gxZujqOLWf0j48q6 redundancy no crypto ikev2 authorization policy default crypto ikev2 authorization policy ccnp-spokes pool ccnp-pool route set interface crypto ikev2 proposal ccnp-ike2-proposal encryption aes-cbc-256 integrity sha512 group 20 no crypto ikev2 proposal default crypto ikev2 policy ccnp-ikev2-policy match fvrf any proposal ccnp-ike2-proposal no crypto ikev2 policy default crypto ikev2 keyring KR peer BRANCH-ISR address 203.0.113.1 pre-shared-key remote cisco123 ! crypto ikev2 profile ccnp-ikev2-profile match identity remote fqdn domain secure-x.public match identity remote fqdn domain partner.public identity local fqdn hq-isr.secure-x.public authentication remote rsa-sig authentication local rsa-sig pki trustpoint partner-isr aaa authorization group cert list default ccnp-spokes virtual-template 1 crypto ipsec transform-set ccnp-ts esp-gcm 256 mode tunnel no crypto ipsec transform-set default crypto ipsec profile ccnp-ipsec-profile set transform-set ccnp-ts set pfs group20 set ikev2-profile ccnp-ikev2-profile no crypto ipsec profile default interface Loopback0 ip address 10.10.100.99 255.255.255.255 interface Embedded-Service-Engine0/0 no ip address shutdown interface GigabitEthernet0/0 ip address 172.16.2.3 255.255.255.0 duplex auto speed auto interface GigabitEthernet0/1 ip address 192.0.2.3 255.255.255.0 duplex auto speed auto interface Virtual-Template1 type tunnel ip unnumbered Loopback0 ip nhrp network-id 1 ip nhrp redirect tunnel protection ipsec profile ccnp-ipsec-profile router ospf 1 redistribute static subnets network 10.1.1.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0 distance 210 router bgp 65001 bgp log-neighbor-changes bgp listen range 10.10.100.0/24 peer-group spokes aggregate-address 10.0.0.0 255.0.0.0 neighbor spokes peer-group neighbor spokes remote-as 65001 neighbor spokes update-source Loopback0 ip local pool ccnp-pool 10.10.100.1 10.10.100.90 ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ! ip route 0.0.0.0 0.0.0.0 192.0.2.2 ! ! ! ! ! control-plane host ! ! control-plane ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 transport input all line vty 5 1114 transport input all ! scheduler allocate 20000 1000 ntp server 192.0.2.2 ! end HQ-ISR#