Partner-ISR#wr t
Building configuration...

Current configuration : 7930 bytes

! Last configuration change at 07:35:48 UTC Thu May 8 2014
! NVRAM config last updated at 06:26:25 UTC Thu May 8 2014
! NVRAM config last updated at 06:26:25 UTC Thu May 8 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

hostname Partner-ISR

boot-start-marker
boot-end-marker



aaa new-model


aaa authorization network default local





aaa session-id common

ip cef






ip domain name partner.public
ipv6 multicast rpf use-bgp
no ipv6 cef

multilink bundle-name authenticated



crypto pki server Partner-CA
 issuer-name CN=Partner-CA, O=partner.public
 grant auto
 hash sha256

crypto pki trustpoint local-ca
 revocation-check none
 rsakeypair partner-ca.partner.public

crypto pki trustpoint Partner-CA
 revocation-check crl
 rsakeypair Partner-CA

crypto pki trustpoint partner-isr
 enrollment url http://198.51.100.1:80
 serial-number none
 fqdn partner-isr.partner.public
 ip-address none
 subject-name CN=partner-isr,O=partner.public
 revocation-check none


crypto pki certificate chain local-ca
crypto pki certificate chain Partner-CA
 certificate ca 01
  30820235 3082019E A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603
  55040313 0A506172 746E6572 2D434130 1E170D31 34303530 37323035 3035305A
  170D3137 30353036 32303530 35305A30 2E311730 15060355 040A130E 70617274
  6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130
  819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A714F501
  EF72818C 5FDDB61A 7B823F03 89D61740 3EACCCBB EEFD7402 637FFB58 9225726A
  083411E5 A498F9F6 F3F01DCA EDA76073 C6A7F890 176DFEC5 9358EB41 FA4370FB
  685C4E92 FA2A049D 79ADAC9A 8F264935 4A166697 B3265F4A 27EBF430 6E9A45B4
  BB0A7D33 D0C016FA D8D79644 AE70BE21 5E8FA0BF 51D8A433 FC4E3A77 02030100
  01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF
  04040302 0186301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC
  AD590198 5E9E5D30 1D060355 1D0E0416 0414F552 D4C997BE 53709FE0 5B08ACAD
  5901985E 9E5D300D 06092A86 4886F70D 01010B05 00038181 00411F07 D3E043FC
  B89AFFC0 1902CCAA 40F77E0E FD9401F5 32ACF1A7 9ECEF20A 7142F726 636346C9
  F6D7E5C2 4DDBED4D 84545F5F 36515275 F88B0758 44BC008A FA1458EB DE2C0B72
  CCCA81E8 4D8E74EF 98374678 CA5404B9 0FDDD0B7 4E5AE58A E84970EA 7F2B46C0
  8C96C36A DB5258E7 EA75E538 9AA226A4 7C6BCE71 47FA4A24 50
        quit
crypto pki certificate chain partner-isr
 certificate 04
  30820209 30820172 A0030201 02020104 300D0609 2A864886 F70D0101 0B050030
  2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603
  55040313 0A506172 746E6572 2D434130 1E170D31 34303530 38303635 3830365A
  170D3135 30353038 30363538 30365A30 5A311730 15060355 040A130E 70617274
  6E65722E 7075626C 69633114 30120603 55040313 0B706172 746E6572 2D697372
  31293027 06092A86 4886F70D 01090216 1A706172 746E6572 2D697372 2E706172
  746E6572 2E707562 6C696330 5C300D06 092A8648 86F70D01 01010500 034B0030
  48024100 A79637D3 CA9C05C9 9880442E DA363AA1 24163548 E279490F 35ACC0B8
  BE624D76 7300E635 0BA53C55 35691CEE 49DF4860 F35001AE 0AAD2771 F605108D
  476AFB5D 02030100 01A34F30 4D300B06 03551D0F 04040302 05A0301F 0603551D
  23041830 168014F5 52D4C997 BE53709F E05B08AC AD590198 5E9E5D30 1D060355
  1D0E0416 0414CCD2 D52A9583 27347F59 A7D1E85E BC1063A7 8521300D 06092A86
  4886F70D 01010B05 00038181 0064D97E 6D48AFAC B772C57A 2D0577EA 4CBC5FE2
  2118D9C0 F157E789 DB803924 EA6418C5 A62F9DAE 7A76CF92 682EDEFF 8F079E02
  EB9DCEFB A936ED9C 42A88B06 BA0F2D93 C5EB5FE7 BC1C1956 C702174F 27EF396D
  884CC863 EB51A939 8C486C7D 030CFD66 65307A3F FE9D381C 7DFF3D7D E07B9FED
  AC413B22 40B4490C 5B90BFA2 F4
        quit
 certificate ca 01
  30820235 3082019E A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  2E311730 15060355 040A130E 70617274 6E65722E 7075626C 69633113 30110603
  55040313 0A506172 746E6572 2D434130 1E170D31 34303530 37323035 3035305A
  170D3137 30353036 32303530 35305A30 2E311730 15060355 040A130E 70617274
  6E65722E 7075626C 69633113 30110603 55040313 0A506172 746E6572 2D434130
  819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A714F501
  EF72818C 5FDDB61A 7B823F03 89D61740 3EACCCBB EEFD7402 637FFB58 9225726A
  083411E5 A498F9F6 F3F01DCA EDA76073 C6A7F890 176DFEC5 9358EB41 FA4370FB
  685C4E92 FA2A049D 79ADAC9A 8F264935 4A166697 B3265F4A 27EBF430 6E9A45B4
  BB0A7D33 D0C016FA D8D79644 AE70BE21 5E8FA0BF 51D8A433 FC4E3A77 02030100
  01A36330 61300F06 03551D13 0101FF04 05300301 01FF300E 0603551D 0F0101FF
  04040302 0186301F 0603551D 23041830 168014F5 52D4C997 BE53709F E05B08AC
  AD590198 5E9E5D30 1D060355 1D0E0416 0414F552 D4C997BE 53709FE0 5B08ACAD
  5901985E 9E5D300D 06092A86 4886F70D 01010B05 00038181 00411F07 D3E043FC
  B89AFFC0 1902CCAA 40F77E0E FD9401F5 32ACF1A7 9ECEF20A 7142F726 636346C9
  F6D7E5C2 4DDBED4D 84545F5F 36515275 F88B0758 44BC008A FA1458EB DE2C0B72
  CCCA81E8 4D8E74EF 98374678 CA5404B9 0FDDD0B7 4E5AE58A E84970EA 7F2B46C0
  8C96C36A DB5258E7 EA75E538 9AA226A4 7C6BCE71 47FA4A24 50
        quit
license udi pid CISCO2901/K9 sn FCZ1801C1X1


username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

redundancy
crypto ikev2 authorization policy default
 route set interface

crypto ikev2 proposal ccnp-ikev2-proposal
 encryption aes-cbc-256
 integrity sha512
 group 20

crypto ikev2 policy ccnp-ikev2-policy
 proposal ccnp-ikev2-proposal
no crypto ikev2 policy default


crypto ikev2 profile ccnp-ikev2-profile
 match identity remote fqdn domain secure-x.public
 identity local fqdn partner-isr.partner.public
 authentication remote rsa-sig
 authentication local rsa-sig
 pki trustpoint partner-isr
 aaa authorization group cert list default default
 virtual-template 1



ip ssh version 2


crypto isakmp policy 10
 encr aes 256
 hash sha384
 authentication pre-share
 group 14
 lifetime 3600
crypto isakmp key ccnpsecDMVPN address 192.0.2.3
crypto isakmp key ccnpsecDMVPN address 203.0.113.1


crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
 mode transport
crypto ipsec transform-set ccnp-ts esp-gcm 256
 mode tunnel
no crypto ipsec transform-set default

crypto ipsec profile MYIPSECPROFILE
 set transform-set MYSET

crypto ipsec profile MYPROFILE
 set transform-set MYSET

crypto ipsec profile ccnp-ipsec-profile
 set transform-set ccnp-ts
 set pfs group20
 set ikev2-profile ccnp-ikev2-profile

no crypto ipsec profile default






interface Tunnel0
 ip address negotiated
 ip nhrp network-id 1
 ip nhrp shortcut virtual-template 1
 tunnel source GigabitEthernet0/1
 tunnel destination 192.0.2.3
 tunnel protection ipsec profile ccnp-ipsec-profile

interface Embedded-Service-Engine0/0
 no ip address
 shutdown

interface GigabitEthernet0/0
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto

interface GigabitEthernet0/1
 ip address 198.51.100.1 255.255.255.0
 duplex auto
 speed auto

interface Virtual-Template1 type tunnel
 ip unnumbered Tunnel0
 ip nhrp network-id 1
 ip nhrp shortcut virtual-template 1
 tunnel protection ipsec profile ccnp-ipsec-profile

router ospf 1
 network 10.1.1.0 0.0.0.255 area 0
 network 10.10.10.0 0.0.0.255 area 2

router bgp 65001
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 neighbor 10.10.100.99 remote-as 65001
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 198.51.100.2
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 privilege level 15
 logging synchronous
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 transport input ssh
line vty 5 1114
 transport input ssh
!
scheduler allocate 20000 1000
ntp server 192.0.2.2
!
end

Partner-ISR#