! use a text editor to search and replace to create new router configs ! replace $SITENAME with the name for the site ("VA01") ! replace $TIMEZONE with the timezone for the site, ("EST") ! replace $TIMEDIFF with the GMT offset for the site, ("5") ! replace $TIMESUMMER with the summertime TZ name ("EDT") ! replace $SITENUM with the # of the site (second octet in site subnet) ! replace $ISPADDR with the outside interface IP assigned by ISP ! replace $ISPMASK with the subnet mask assigned by ISP ! replace $ISPGATEWAY with the default router IP assigned by the ISP service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption ! hostname US200CSR01 ! boot-start-marker boot-end-marker ! ! no logging console ! aaa new-model ! ! aaa authentication login default local aaa authorization console aaa authorization exec default local ! ! ! ! ! aaa session-id common ! clock timezone EST -5 clock summer-time EDT recurring ! no ipv6 cef ip auth-proxy max-login-attempts 5 ip admission max-login-attempts 5 ! ! ! no ip domain lookup ip domain name xxxxxxxx.com cry key gen rsa gen mod 1024 ip cef ! multilink bundle-name authenticated ! ! ! ! redundancy ! ! ! ! ! no ip ftp passive ip scp server enable ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 crypto isakmp key "my_dmvpn_PSK" address 0.0.0.0 no-xauth ! ! crypto ipsec transform-set ESP-3DES-SHA-TRANSPORT esp-3des esp-sha-hmac mode transport ! crypto ipsec profile DMVPN-TUNNEL set transform-set ESP-3DES-SHA-TRANSPORT ! ! interface Tunnel0 no shut description DMVPN TUNNEL TO US100_DMVPN_RTR1 ip address 10.100.253.200 255.255.255.0 no ip redirects ip mtu 1440 ip hold-time eigrp 1024 35 no ip next-hop-self eigrp 1024 no ip split-horizon eigrp 1024 ip nhrp authentication sfnhrp ip nhrp map 10.100.253.254 xxx.xxx.xxx.xxx ip nhrp map multicast xxx.xxx.xxx.xxx ip nhrp network-id 253 ip nhrp holdtime 300 ip nhrp nhs 10.100.253.254 ip virtual-reassembly in ip virtual-reassembly out ip tcp adjust-mss 1380 tunnel source GigabitEthernet1 tunnel mode gre multipoint tunnel key 253 tunnel path-mtu-discovery tunnel protection ipsec profile DMVPN-TUNNEL shared ! ! interface Tunnel1 no shut description DMVPN TUNNEL TO US100_DMVPN_RTR2 ip address 10.100.254.200 255.255.255.0 no ip redirects ip mtu 1440 ip hold-time eigrp 1024 35 no ip next-hop-self eigrp 1024 no ip split-horizon eigrp 1024 ip nhrp authentication sfnhrp ip nhrp map 10.100.254.254 xxx.xxx.xxx.xxx ip nhrp map multicast xxx.xxx.xxx.xxx ip nhrp network-id 254 ip nhrp holdtime 300 ip nhrp nhs 10.100.254.254 ip virtual-reassembly in ip virtual-reassembly out ip tcp adjust-mss 1380 tunnel source GigabitEthernet1 tunnel mode gre multipoint tunnel key 254 tunnel path-mtu-discovery tunnel protection ipsec profile DMVPN-TUNNEL shared ! ! interface GigabitEthernet0/0 description OUTSIDE no shut ip address $ISPADDR $ISPMASK ip access-group OUTSIDE_IN in duplex auto speed auto ! interface GigabitEthernet0/1 description INSIDE no shut ip address 10.$SITENUM.0.1 255.255.255.0 ip policy route-map DEFAULT_POLICY_ROUTE duplex auto speed auto ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown ! ! no router eigrp 1024 network 10.200.0.0 0.0.255.255 network 10.100.253.0 0.0.0.255 network 10.100.254.0 0.0.0.255 passive-interface default no passive-interface Tunnel0 no passive-interface Tunnel1 ! ip forward-protocol nd ! no ip http server ip http authentication local no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 $ISPGATEWAY ! ip access-list extended DEFAULT_POLICY deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255 permit ip 10.200.0.0 0.0.255.255 any ip access-list extended OUTSIDE_IN permit icmp any any echo-reply permit icmp any any unreachable permit icmp any any time-exceeded permit esp any any permit gre any any permit udp any eq ntp any eq ntp permit tcp host xxx.xxx.xxx.xxx any eq 22 permit udp any any eq isakmp permit udp any any eq non500-isakmp permit tcp host xxx.xxx.xxx.xxx any eq 22 permit tcp host xxx.xxx.xxx.xxx any eq 22 ! ! route-map DEFAULT_POLICY_ROUTE permit 10 match ip address DEFAULT_POLICY ! ! ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! scheduler allocate 20000 1000 ntp server 198.82.1.201 !