
crypto isakmp policy 1
 encr aes
 authentication pre-share
crypto isakmp key xxxxxx address 0.0.0.0
!
crypto ipsec security-association replay window-size 1024
!
crypto ipsec transform-set trans2 esp-aes esp-md5-hmac
 mode transport
!
!
crypto ipsec profile vpnprof
 set security-association replay window-size 1024
 set transform-set trans2
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 no ip address
!
interface Loopback1
 ip address 10.250.0.156 255.255.255.255
!
interface Tunnel1
 bandwidth 20000
 ip address 10.192.0.254 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication xxxxxx
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip nhrp holdtime 600
 ip nhrp redirect
 ip policy route-map VPN-Internal
 ip ospf network broadcast
 ip ospf hello-interval 30
 ip ospf priority 2
 delay 1000
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel protection ipsec profile vpnprof
!
interface GigabitEthernet0/0/0
 description Uplink to Core1
 ip address 192.168.100.97 255.255.255.248
 ip pim sparse-mode
 negotiation auto
!
interface GigabitEthernet0/0/1
 description WAN UPLINK
 ip address 1.1.1.2 255.255.255.0
 negotiation auto
!
interface Service-Engine0/1/0
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Vlan1
 no ip address
 shutdown
!
router ospf 1
 router-id 10.250.0.156
 log-adjacency-changes detail
 auto-cost reference-bandwidth 100000
 passive-interface Loopback1
 network 10.192.0.0 0.0.0.255 area 1
 network 10.250.0.156 0.0.0.0 area 1
 network 192.168.100.97 0.0.0.0 area 1
!
ip forward-protocol nd
ip pim rp-address 10.250.0.20
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 1.1.1.2 255.255.255.255 2.2.2.1
ip tacacs source-interface Loopback0
!
!
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.100.0 0.0.0.7 any
access-list 100 permit ip 192.168.71.0 0.0.0.255 any
!
route-map VPN-Internal permit 10
 match ip address 100
 set ip default next-hop 192.168.100.97 1.1.1.1
!
!
!
!
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
 !
 !
 !
 !
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 logging synchronous
 transport input all
!
!
end