hostname esr-21-1 ip firewall sessions counters object-group service ssh port-range 22 exit object-group service dhcp_server port-range 67 exit object-group service dhcp_client port-range 68 exit object-group service ntp port-range 123 exit object-group service OBJ_SVC_VPN port-range 500 port-range 4500 exit syslog max-files 3 syslog file-size 512 syslog sequence-numbers syslog file tmpsys:syslog/default severity info exit username admin password encrypted $6$Yiowl5cYGbXIc3rE$LmaHnxnZCqN8uHDfytK9Mnwg3.lCIapFgP7kezlGPJX5TtdiaX4lHxEjRtvh6nXzV3bzJCa3nHPgNUhd9Dtf2. exit aaa authentication mode break aaa authentication login CONSOLE radius local aaa authentication login SSH radius local aaa authentication enable default radius enable radius-server host 10.4.0.248 key ascii-text encrypted A9B020579B141DFFB0269F00275C72E9 source-interface port-channel 1.300 exit line console login authentication CONSOLE exit line ssh login authentication SSH exit system jumbo-frames system config-confirm timeout 120 boot host auto-config vlan 2,10 exit no spanning-tree security zone LAN exit security zone WAN exit security zone VPN exit ip bfd multiplier 3 route-map RM_BGP_OUT rule 10 exit exit router bgp 65001 neighbor 2.2.2.2 remote-as 65002 ebgp-multihop 2 update-source 1.1.1.1 address-family ipv4 unicast route-map RM_BGP_OUT out enable exit enable exit address-family ipv4 unicast network 192.168.100.0/24 exit enable exit router ospf log-adjacency-changes router ospf 555 router-id 1.1.1.1 area 0.0.0.0 network 10.255.254.0/24 network 1.1.1.1/32 enable exit enable exit bridge 1 vlan 1 security-zone WAN ip address 11.11.11.11/24 enable exit interface port-channel 1 mtu 9100 exit interface port-channel 1.300 description "MGM" ip firewall disable ip address 10.14.112.248/24 exit interface port-channel 1.3 security-zone LAN ip address 192.168.100.254/24 exit interface gigabitethernet 1/0/1 description "WAN" mode switchport exit interface gigabitethernet 1/0/2 description "WAN2" mtu 9500 security-zone WAN ip address 12.12.12.11/24 exit interface gigabitethernet 1/0/2.555 shutdown description "p2p_mpls" mtu 9500 security-zone VPN ip address 172.30.30.1/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf exit interface gigabitethernet 1/0/3 mode switchport exit interface gigabitethernet 1/0/4 mode switchport exit interface gigabitethernet 1/0/5 mode switchport exit interface gigabitethernet 1/0/6 mode switchport exit interface gigabitethernet 1/0/7 mode switchport exit interface gigabitethernet 1/0/8 mode switchport channel-group 1 mode auto exit interface gigabitethernet 1/0/9 mode switchport exit interface gigabitethernet 1/0/10 mode switchport exit interface gigabitethernet 1/0/11 mode switchport exit interface gigabitethernet 1/0/12.100 exit interface loopback 1 ip address 1.1.1.1/32 ip ospf instance 555 ip ospf mtu-ignore ip ospf exit tunnel gre 101 mtu 1400 multipoint security-zone VPN local address 11.11.11.11 ip address 10.255.255.1/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf priority 5 ip ospf ip bfd min-rx-interval 300 ip bfd min-tx-interval 300 ip bfd multiplier 3 ip nhrp authentication encrypted B18B2823930318AA ip nhrp holding-time 300 ip nhrp ipsec IPSEC_VPN_HUB dynamic ip nhrp multicast dynamic ip nhrp enable enable exit tunnel gre 102 mtu 1400 multipoint security-zone VPN local address 12.12.12.11 ip address 10.255.254.1/24 ip ospf instance 555 ip ospf mtu-ignore ip ospf priority 5 ip ospf network point-to-point ip ospf ip nhrp authentication encrypted B18B2823930318AA ip nhrp holding-time 300 ip nhrp ipsec IPSEC_VPN_HUB_102 dynamic ip nhrp multicast dynamic ip nhrp enable exit tunnel ip4ip4 1 exit mpls ldp router-id 1.1.1.1 address-family ipv4 interface gigabitethernet 1/0/2.555 exit exit exit l2vpn pw-class L2_VPN exit p2p P2P_L2VPN interface gigabitethernet 1/0/7 pw 102 2.2.2.2 pw-class L2_VPN enable exit enable exit exit forwarding interface gigabitethernet 1/0/2.555 exit security zone-pair LAN VPN rule 10 description "ANY" action permit enable exit exit security zone-pair VPN LAN rule 10 description "ANY" action permit enable exit exit security zone-pair LAN self rule 1 action permit enable exit rule 2 exit exit security zone-pair WAN self rule 1 description "GRE" action permit match protocol gre enable exit rule 2 description "ISAKMP" action permit match protocol udp match destination-port OBJ_SVC_VPN enable exit rule 3 description "ESP" action permit match protocol esp enable exit rule 10 description "ICMP" action permit match protocol icmp enable exit exit security zone-pair VPN self rule 10 description "ANY" action permit enable exit exit security ike proposal IKEPROP encryption algorithm aes256 dh-group 2 exit security ike proposal IKE_PROP_1 encryption algorithm aes128 dh-group 2 exit security ike policy IKEPOLICY pre-shared-key ascii-text encrypted 88B11079E15D1B proposal IKEPROP exit security ike policy IKE_POL_1 pre-shared-key ascii-text encrypted 91B8083FE00447F6D804 proposal IKE_PROP_1 exit security ike gateway IKEGW ike-policy IKEPOLICY local address 11.11.11.2 local network 11.11.11.2/32 protocol gre remote address 11.11.11.1 remote network 11.11.11.1/32 protocol gre mode policy-based exit security ike gateway IKE_GW_1 ike-policy IKE_POL_1 local address 11.11.11.11 local network 11.11.11.11/32 protocol gre remote address any remote network any mode policy-based exit security ike gateway IKE_GW_2 ike-policy IKE_POL_1 local address 12.12.12.11 local network 12.12.12.11/32 protocol gre remote address any remote network any protocol gre mode policy-based exit security ipsec proposal IPSECPROP encryption algorithm aes128 exit security ipsec proposal IPSEC_PROP_1 encryption algorithm aes128 exit security ipsec policy IPSECPOLICY proposal IPSECPROP exit security ipsec policy IPSEC_POL_1 proposal IPSEC_PROP_1 exit security ipsec vpn IPSECVPN mode ike ike establish-tunnel route ike gateway IKEGW ike ipsec-policy IPSECPOLICY enable exit security ipsec vpn IPSEC_VPN_HUB mode ike ike establish-tunnel route ike gateway IKE_GW_1 ike ipsec-policy IPSEC_POL_1 enable exit security ipsec vpn IPSEC_VPN_HUB_102 mode ike ike establish-tunnel route ike gateway IKE_GW_2 ike ipsec-policy IPSEC_POL_1 enable exit security passwords default-expired ip dhcp-server pool lan-pool network 192.168.1.0/24 address-range 192.168.1.2-192.168.1.254 default-router 192.168.1.1 exit ip route 0.0.0.0/0 10.14.112.254 ip ssh server lldp enable clock timezone gmt +4 ntp enable ntp server 10.1.8.2 minpoll 4 exit ntp server 10.1.8.1 minpoll 4 exit