hostname esr-21-2 ip firewall sessions counters object-group service ssh port-range 22 exit object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service ntp port-range 123 exit object-group service OBJ_SVC_VPN port-range 500 port-range 4500 exit object-group service OBJ_SVC_NAT_SSH port-range 777 exit object-group network OBJ_NET_STATIC_IP ip address-range 12.12.12.22 exit object-group network OBJ_SERVER_IP ip address-range 192.168.102.1 exit syslog max-files 3 syslog file-size 512 syslog file tmpsys:syslog/default severity info exit username admin password encrypted $6$jK4EbZO6Wgf8SR4V$Qk9bbeYu.Dnz0YCTmFvSrIDfH3iXU6pgbI/boyXTVlgnc2LFvOFHhg9pA798kKV1H0vypPNMwofM5JZXLqrXc1 exit line aux 1 transport telnet port 2001 exit system jumbo-frames system config-confirm timeout 120 boot host auto-config vlan 2 exit no spanning-tree security zone LAN exit security zone WAN exit security zone VPN description "FROM_DMVPN" exit ip bfd multiplier 3 route-map BGP_OUT rule 1 exit exit router bgp 65002 router-id 2.2.2.2 neighbor 1.1.1.1 remote-as 65001 ebgp-multihop 2 update-source 2.2.2.2 address-family ipv4 unicast route-map BGP_OUT out enable exit enable exit address-family ipv4 unicast network 192.168.102.0/24 exit enable exit router ospf 555 router-id 2.2.2.2 area 0.0.0.0 network 10.255.254.0/24 network 2.2.2.2/32 enable exit enable exit interface port-channel 1 exit interface port-channel 1.300 security-zone LAN ip address 10.14.112.249/24 exit interface port-channel 1.3 security-zone LAN ip address 192.168.102.254/24 exit interface port-channel 1.102 exit interface gigabitethernet 1/0/1 description "WAN" security-zone WAN ip address 11.11.11.22/24 exit interface gigabitethernet 1/0/2 description "WAN2" mtu 9500 security-zone WAN ip address 12.12.12.22/24 exit interface gigabitethernet 1/0/2.555 description "p2p_mpls" mtu 9500 security-zone VPN ip address 172.30.30.2/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf exit interface gigabitethernet 1/0/3 mode switchport exit interface gigabitethernet 1/0/4 mode switchport exit interface gigabitethernet 1/0/5 mode switchport exit interface gigabitethernet 1/0/6 mode switchport exit interface gigabitethernet 1/0/7 mode switchport exit interface gigabitethernet 1/0/8 mode switchport channel-group 1 mode auto exit interface gigabitethernet 1/0/9 mode switchport exit interface gigabitethernet 1/0/10 mode switchport exit interface gigabitethernet 1/0/11 mode switchport exit interface gigabitethernet 1/0/12 mode switchport exit interface loopback 1 ip address 2.2.2.2/32 ip ospf instance 555 ip ospf mtu-ignore ip ospf exit tunnel gre 101 mtu 1400 multipoint security-zone VPN local address 11.11.11.22 ip address 10.255.255.2/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf priority 0 ip ospf ip nhrp authentication encrypted B18B2823930318AA ip nhrp holding-time 300 ip nhrp map 10.255.255.1 11.11.11.11 ip nhrp nhs 10.255.255.1/24 ip nhrp ipsec IPSEC_VPN_HUB static ip nhrp ipsec IPSEC_VPN_SPOKE dynamic ip nhrp multicast nhs ip nhrp enable enable exit tunnel gre 102 mtu 1400 multipoint security-zone VPN local address 12.12.12.22 ip address 10.255.254.2/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf priority 0 ip ospf network point-to-point ip ospf ip nhrp authentication encrypted B18B2823930318AA ip nhrp holding-time 300 ip nhrp map 10.255.254.1 12.12.12.11 ip nhrp nhs 10.255.254.1/32 ip nhrp ipsec IPSEC_VPN_HUB_102 static ip nhrp multicast nhs ip nhrp enable enable exit mpls ldp router-id 2.2.2.2 address-family ipv4 interface gigabitethernet 1/0/2.555 exit exit exit l2vpn pw-class L2_VPN description "TEST" exit p2p P2P_L2_VPN interface port-channel 1.102 pw 102 1.1.1.1 pw-class L2_VPN enable exit enable exit exit forwarding interface gigabitethernet 1/0/2.555 exit security zone-pair VPN self rule 10 description "ANY" action permit enable exit exit security zone-pair LAN self rule 1 action permit enable exit exit security zone-pair WAN self rule 1 description "GRE" action permit match protocol gre enable exit rule 2 description "ISAKMP" action permit match protocol udp match destination-port OBJ_SVC_VPN enable exit rule 3 description "ESP" action permit match protocol esp enable exit rule 10 description "ICMP" action permit match protocol icmp enable exit rule 20 description "AH" action permit match protocol ah enable exit rule 100 description "ANY" action permit enable exit exit security zone-pair LAN VPN description "LAN_to_VPN" rule 10 description "ANY" action permit enable exit exit security zone-pair VPN LAN description "VPN_to_LAN" rule 10 description "ANY" action permit enable exit exit security zone-pair WAN LAN rule 10 description "DNAT_777" action permit match protocol tcp match destination-address OBJ_SERVER_IP match destination-nat enable exit exit security zone-pair LAN WAN rule 10 description "ANY" action permit enable exit exit security ike proposal IKE_PROP_1 encryption algorithm aes128 dh-group 2 exit security ike policy IKE_POL_1 pre-shared-key ascii-text encrypted 91B8083FE00447F6D804 proposal IKE_PROP_1 exit security ike gateway IKE_GW_HUB ike-policy IKE_POL_1 local address 11.11.11.22 local network 11.11.11.22/32 protocol gre remote address 11.11.11.11 remote network 11.11.11.11/32 protocol gre mode policy-based exit security ike gateway IKE_GW_HUB_102 ike-policy IKE_POL_1 local address 12.12.12.22 local network 12.12.12.22/32 protocol gre remote address 12.12.12.11 remote network 12.12.12.11/32 protocol gre mode policy-based exit security ike gateway IKE_GW_SPOKE ike-policy IKE_POL_1 local address 11.11.11.22 local network 11.11.11.22/32 protocol gre remote address any remote network any mode policy-based exit security ipsec proposal IPSEC_PROP_1 encryption algorithm aes128 exit security ipsec policy IPSEC_POL_HUB_1 proposal IPSEC_PROP_1 exit security ipsec vpn IPSEC_VPN_HUB mode ike ike establish-tunnel route ike gateway IKE_GW_HUB ike ipsec-policy IPSEC_POL_HUB_1 enable exit security ipsec vpn IPSEC_VPN_HUB_102 mode ike ike establish-tunnel route ike gateway IKE_GW_HUB_102 ike ipsec-policy IPSEC_POL_HUB_1 enable exit security ipsec vpn IPSEC_VPN_SPOKE mode ike ike establish-tunnel route ike gateway IKE_GW_SPOKE ike ipsec-policy IPSEC_POL_HUB_1 enable exit security passwords default-expired nat destination pool SERVER_IP ip address 192.168.102.1 ip port 22 exit ruleset DNAT from zone WAN rule 1 match protocol tcp match destination-address OBJ_NET_STATIC_IP match destination-port OBJ_SVC_NAT_SSH action destination-nat pool SERVER_IP enable exit exit exit ip dhcp-server pool lan-pool network 192.168.1.0/24 address-range 192.168.1.2-192.168.1.254 default-router 192.168.1.1 exit ip route 0.0.0.0/0 10.14.112.254 ip ssh server lldp enable clock timezone gmt +4 ntp enable ntp server 10.1.8.2 exit ntp server 10.1.8.1 exit