! ! Last configuration change at 08:36:33 EDT Mon May 23 2016 by wstegman ! NVRAM config last updated at 10:48:44 EDT Fri May 20 2016 by wstegman ! ! ! ! ip vrf IWAN_INET rd 127:101 ! ip vrf IWAN_MPLS rd 127:20 ! ! ! ! ! ! ! license udi pid CISCO2911/K9 sn FTX1352A0WD license accept end user agreement license boot module c2900 technology-package datak9 hw-module pvdm 0/0 ! ! crypto ikev2 keyring DMVPN-KEYRING-1 peer ANY address 0.0.0.0 0.0.0.0 pre-shared-key xxxxx ! ! crypto ikev2 keyring DMVPN-KEYRING-1-TEST peer ANY address 0.0.0.0 0.0.0.0 pre-shared-key xxxxx ! ! ! crypto ikev2 profile FVRF-IKEv2-IWAN_INET match fvrf IWAN_INET match identity remote address 0.0.0.0 authentication local pre-share authentication remote pre-share keyring local DMVPN-KEYRING-1 ! crypto ikev2 profile FVRF-IKEv2-IWAN_MPLS match fvrf IWAN_MPLS match identity remote address 0.0.0.0 authentication local pre-share authentication remote pre-share keyring local DMVPN-KEYRING-1 ! crypto ikev2 profile FVRF-IKEv2-IWAN_MPLS-TEST match fvrf IWAN_MPLS match identity remote address 0.0.0.0 authentication local pre-share authentication remote pre-share keyring local DMVPN-KEYRING-1-TEST ! crypto ikev2 nat keepalive 3600 crypto ikev2 diagnose error 100 crypto ikev2 dpd 40 5 on-demand ! ! t ! ! crypto isakmp fragmentation crypto isakmp keepalive 10 crypto isakmp nat keepalive 3600 ! crypto ipsec security-association replay window-size 1024 ! crypto ipsec transform-set Fulton_VPN_iWAN esp-aes 256 esp-sha256-hmac mode transport crypto ipsec fragmentation after-encryption ! crypto ipsec profile DMVPN-PROFILE-IWAN_INET set transform-set Fulton_VPN_iWAN set ikev2-profile FVRF-IKEv2-IWAN_INET ! crypto ipsec profile DMVPN-PROFILE-IWAN_MPLS set transform-set Fulton_VPN_iWAN set ikev2-profile FVRF-IKEv2-IWAN_MPLS ! crypto ipsec profile DMVPN-PROFILE-IWAN_MPLS-TEST set transform-set Fulton_VPN_iWAN set ikev2-profile FVRF-IKEv2-IWAN_MPLS-TEST ! ! ! ! interface Loopback0 ip address 10.250.254.252 255.255.255.255 ! interface Loopback20 ip address 10.250.250.1 255.255.255.255 ! interface Tunnel60 bandwidth 10000 ip address 10.10.2.4 255.255.252.0 no ip redirects ip mtu 1400 ip nhrp authentication 5haki3po ip nhrp map 10.10.0.1 12.173.97.38 ip nhrp map multicast 12.173.97.38 ip nhrp map 10.10.0.2 12.33.108.137 ip nhrp map multicast 12.33.108.137 ip nhrp network-id 1696 ip nhrp holdtime 600 ip nhrp nhs 10.10.0.1 ip nhrp nhs 10.10.0.2 ip nhrp registration no-unique zone-member security TRUSTED ip tcp adjust-mss 1200 if-state nhrp tunnel source GigabitEthernet0/1 tunnel mode gre multipoint tunnel key 1696 tunnel path-mtu-discovery tunnel vrf IWAN_INET tunnel protection ipsec profile DMVPN-PROFILE-IWAN_INET ! interface Tunnel61 bandwidth 1544 ip address 10.10.6.4 255.255.252.0 no ip redirects ip mtu 1400 ip nhrp authentication qKr[*8}b ip nhrp map multicast 10.5.0.5 ip nhrp map 10.10.4.2 10.5.0.5 ip nhrp map 10.10.4.1 10.5.0.1 ip nhrp map multicast 10.5.0.1 ip nhrp network-id 1697 ip nhrp nhs 10.10.4.1 ip nhrp nhs 10.10.4.2 zone-member security TRUSTED ip tcp adjust-mss 1360 delay 100 if-state nhrp tunnel source Serial0/0/0 tunnel mode gre multipoint tunnel key 1697 tunnel vrf IWAN_MPLS tunnel protection ipsec profile DMVPN-PROFILE-IWAN_MPLS ! interface Tunnel70 bandwidth 1544 ip address 10.70.4.2 255.255.255.252 no ip redirects ip mtu 1400 ip nhrp authentication TestingE ip nhrp map multicast 10.5.0.5 ip nhrp map 10.70.4.1 10.5.0.5 ip nhrp network-id 9000 ip nhrp nhs 10.70.4.1 ip tcp adjust-mss 1360 delay 100 shutdown if-state nhrp tunnel source Serial0/0/0 tunnel mode gre multipoint tunnel key 9000 tunnel vrf IWAN_MPLS tunnel protection ipsec profile DMVPN-PROFILE-IWAN_MPLS-TEST ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 mac-address 0021.7081.f624 no ip address no ip redirects no ip unreachables duplex auto speed auto ! ! interface GigabitEthernet0/1 description ISP Connection ip vrf forwarding IWAN_INET ip address 173.163.41.169 255.255.255.252 no ip redirects no ip unreachables ip nat outside ip virtual-reassembly in zone-member security INET duplex auto speed auto ! interface Serial0/0/0 description ASC Test Branch DHEC603473 bandwidth 1536 ip vrf forwarding IWAN_MPLS ip address 10.5.0.17 255.255.255.252 ip flow ingress ip flow egress encapsulation ppp no peer neighbor-route service-module t1 timeslots 1-24 service-module t1 remote-alarm-enable service-module t1 fdl both service-policy output WAN-EDGE-CA&CM ! ! interface GigabitEthernet1/0.15 description *Data Subnet VLAN 15 at switch* encapsulation dot1Q 15 native ip address 10.15.51.193 255.255.255.192 ip helper-address 10.13.99.200 ip helper-address 10.15.144.200 no ip redirects no ip unreachables ip nbar protocol-discovery ipv4 ip flow ingress ip flow egress zone-member security TRUSTED ! ! ! interface GigabitEthernet1/1 description Internal switch interface connected to EtherSwitch Service Module no ip address ! interface Vlan1 no ip address ! interface Dialer1 no ip address shutdown ! ! ! router eigrp IWAN ! address-family ipv4 unicast autonomous-system 10 ! af-interface Tunnel61 hold-time 60 exit-af-interface ! af-interface Tunnel60 hello-interval 20 hold-time 60 exit-af-interface ! af-interface GigabitEthernet1/0.15 passive-interface exit-af-interface ! af-interface GigabitEthernet1/0.20 passive-interface exit-af-interface ! af-interface GigabitEthernet1/0.22 passive-interface exit-af-interface ! af-interface GigabitEthernet1/0 passive-interface exit-af-interface ! topology base maximum-paths 1 exit-af-topology network 10.15.51.192 0.0.0.63 network 10.20.51.192 0.0.0.63 network 10.70.4.0 0.0.0.255 network 10.10.0.0 0.0.3.255 network 10.10.4.0 0.0.3.255 network 10.200.200.0 0.0.0.63 network 10.250.254.252 0.0.0.0 eigrp stub connected summary exit-address-family ! ! i ! ip nat inside source list 102 interface GigabitEthernet0/1 overload ip route 10.15.150.22 255.255.255.255 10.118.4.2 ip route vrf IWAN_INET 0.0.0.0 0.0.0.0 173.163.41.170 ip route vrf IWAN_MPLS 0.0.0.0 0.0.0.0 10.5.0.18 ip ssh version 2