esr-10# sh run ip firewall sessions counters object-group service ssh port-range 22 exit object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service ntp port-range 123 exit object-group service OBJ_SVC_VPN port-range 500 port-range 4500 exit object-group network OBJ_NET_STATIC_IP ip prefix 91.240.179.240/32 exit object-group network OBJ_NET_USERS ip prefix 10.99.0.0/24 exit syslog max-files 3 syslog file-size 512 syslog sequence-numbers syslog file tmpsys:syslog/default severity info exit syslog file tmpsys:syslog/syslog severity info exit username admin password encrypted $6$UWb.ZOkNM8ON58/F$YmUxwngy50F9A1s.pckLMJ1Uoe.ZvjmTYTo4ULSYSqoBgdH7Znlb9vmiyv3L4waomDYncyzH1T1M8Tm0wVXoA. exit username techsupport password encrypted $6$MRHOnalF2IZoZ9ki$H38x5vfi52u3yn4KSpkK5LTCI/UfRg2vfqFh6F29/53V4d8LcnQAAjRegqhRRXdeuE2Z.n4lgm7aej3eMng6F1 exit aaa authentication mode break aaa authentication login CONSOLE radius local aaa authentication login SSH radius local aaa authentication enable default radius enable radius-server host 10.4.0.248 key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9 exit line console login authentication CONSOLE exit line ssh login authentication SSH exit tech-support login enable system jumbo-frames system config-confirm timeout 120 boot host auto-config boot host auto-update vlan 2 exit no spanning-tree security zone LAN exit security zone WAN exit security zone VPN exit route-map RM_BGP_OUT rule 10 exit exit router bgp 64556 peer-group PG_BGP_P11 remote-as 64513 graceful-restart route-map RM_BGP_OUT out exit neighbor 172.30.2.1 peer-group PG_BGP_P11 address-family ipv4 unicast enable exit enable exit neighbor 172.30.2.2 peer-group PG_BGP_P11 address-family ipv4 unicast enable exit enable exit address-family ipv4 unicast network 10.99.0.0/24 exit enable exit interface gigabitethernet 1/0/1.1100 description "WAN" security-zone WAN ip address 91.240.179.240/24 exit interface gigabitethernet 1/0/2 mode switchport exit interface gigabitethernet 1/0/3 mode switchport exit interface gigabitethernet 1/0/4 security-zone LAN ip address 10.99.0.254/24 exit interface gigabitethernet 1/0/5 mode switchport exit interface gigabitethernet 1/0/6 mode switchport switchport access vlan 2 exit interface loopback 8 ip address 1.1.1.1/32 ip address 10.255.99.1/32 exit tunnel gre 1 key 1001 mtu 1400 multipoint security-zone VPN local address 91.240.179.240 ip address 172.30.1.76/24 ip tcp adjust-mss 1360 ip nhrp authentication encrypted B18B2823930318AA ip nhrp holding-time 300 ip nhrp map 172.30.1.2 78.85.13.42 ip nhrp map 172.30.1.1 85.140.32.27 ip nhrp nhs 172.30.1.1/24 ip nhrp nhs 172.30.1.2/24 ip nhrp ipsec IPSEC_VPN_HUB static ip nhrp ipsec IPSEC_VPN_SPOKE dynamic ip nhrp multicast nhs ip nhrp enable enable exit tunnel gre 2 key 1002 mtu 1400 multipoint security-zone VPN local address 91.240.179.240 ip address 172.30.2.76/24 ip tcp adjust-mss 1360 ip nhrp authentication encrypted B18B2823930318A9 ip nhrp holding-time 300 ip nhrp map 172.30.2.1 5.227.124.143 ip nhrp map 172.30.2.2 78.85.13.93 ip nhrp nhs 172.30.2.1/24 ip nhrp nhs 172.30.2.2/24 ip nhrp ipsec IPSEC_VPN_HUB static ip nhrp ipsec IPSEC_VPN_SPOKE dynamic ip nhrp multicast nhs ip nhrp enable enable exit snmp-server snmp-server community "lmTUEsk6Yvlv" ro security zone-pair LAN WAN rule 10 description "ANY" action permit enable exit exit security zone-pair LAN VPN rule 10 description "ANY" action permit enable exit exit security zone-pair VPN LAN rule 10 description "ANY" action permit enable exit exit security zone-pair LAN self rule 1 action permit enable exit rule 2 exit exit security zone-pair WAN self rule 1 description "GRE" action permit match protocol gre enable exit rule 2 description "ISAKMP" action permit match protocol udp match destination-port OBJ_SVC_VPN enable exit rule 3 description "ESP" action permit match protocol esp enable exit rule 10 description "ICMP" action permit match protocol icmp enable exit exit security zone-pair VPN self rule 10 description "ANY" action permit enable exit exit security ike proposal IKE_PROP_1 encryption algorithm aes128 dh-group 2 exit security ike policy IKE_POL_1 pre-shared-key ascii-text encrypted 91B8083FE00447F6D804 proposal IKE_PROP_1 exit security ike gateway IKE_GW_HUB ike-policy IKE_POL_1 local address 91.240.179.240 local network 91.240.179.240/32 protocol gre remote address any remote network 78.85.13.42/32 protocol gre remote network 85.140.32.27/32 protocol gre remote network 5.227.124.143/32 protocol gre remote network 78.85.13.93/32 protocol gre mode policy-based exit security ike gateway IKE_GW_SPOKE ike-policy IKE_POL_1 local address 91.240.179.240 local network 91.240.179.240/32 protocol gre remote address any remote network any protocol gre mode policy-based exit security ipsec proposal IPSEC_PROP_1 encryption algorithm aes128 exit security ipsec policy IPSEC_POL_HUB_1 proposal IPSEC_PROP_1 exit security ipsec vpn IPSEC_VPN_HUB mode ike ike establish-tunnel route ike gateway IKE_GW_HUB ike ipsec-policy IPSEC_POL_HUB_1 enable exit security ipsec vpn IPSEC_VPN_SPOKE mode ike ike establish-tunnel route ike gateway IKE_GW_SPOKE ike ipsec-policy IPSEC_POL_HUB_1 enable exit security passwords default-expired nat source ruleset SNAT to zone WAN rule 10 match source-address OBJ_NET_USERS action source-nat interface enable exit exit exit ip dhcp-server pool lan-pool network 192.168.1.0/24 address-range 192.168.1.2-192.168.1.254 default-router 192.168.1.1 exit ip route 0.0.0.0/0 91.240.179.254 ip route 10.99.0.0/24 blackhole 254 ip route 9.9.9.9/32 91.240.179.254 track 1 name track_route ip sla logging level error ip sla ip sla logging ip sla test 1 icmp-echo 8.8.8.8 source-ip 91.240.179.240 exit ip sla test 2 icmp-echo 10.255.99.1 source-ip 10.99.0.254 exit ip sla schedule 1 life forever start-time now ip sla schedule 2 life forever start-time now ip ssh server ip ssh authentication algorithm md5 disable ip ssh authentication algorithm md5-96 disable ip ssh authentication algorithm ripemd160 disable ip ssh authentication algorithm sha1 disable ip ssh authentication algorithm sha1-96 disable ip ssh encryption algorithm aes128 disable ip ssh encryption algorithm aes128ctr disable ip ssh encryption algorithm aes192 disable ip ssh encryption algorithm aes192ctr disable ip ssh encryption algorithm arcfour disable ip ssh encryption algorithm arcfour128 disable ip ssh encryption algorithm arcfour256 disable ip ssh encryption algorithm blowfish disable ip ssh encryption algorithm cast128 disable ip ssh key-exchange algorithm dh-group-exchange-sha1 disable ip ssh key-exchange algorithm dh-group1-sha1 disable ip ssh key-exchange algorithm dh-group14-sha1 disable ip ssh key-exchange algorithm ecdh-sha2-nistp256 disable ip ssh key-exchange algorithm ecdh-sha2-nistp384 disable ip ssh key-exchange algorithm ecdh-sha2-nistp521 disable clock timezone gmt +4 ntp enable ntp broadcast-client enable ntp server 10.1.8.2 minpoll 4 exit ntp server 10.1.8.1 minpoll 4 exit track 1 track sla test 1 track sla test 2 exit esr-10#