SPE-H01-VG-01#sh run Building configuration... Current configuration : 15275 bytes ! version 15.3 service timestamps debug datetime localtime service timestamps log datetime msec service password-encryption ! hostname SPE-H01-VG-01 ! boot-start-marker boot-end-marker ! aqm-register-fnf ! card type t1 0 0 logging buffered 1000000 ! aaa new-model ! ! aaa authentication login default local aaa authentication login REVPN local aaa authorization exec default local aaa authorization network REVPNGR local ! ! ! ! ! aaa session-id common clock timezone EST -5 0 clock summer-time EDT recurring network-clock-participate wic 0 network-clock-select 1 T1 0/0/0 ! ! ! ! ! ! ! ip domain name spectrummfg.net ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! isdn switch-type primary-dms100 ! ! trunk group PSTN_Trunk_01 translation-profile incoming PSTN_IN ! ! key chain EI_KEY key 1 key-string 7 050A150B274D5D0D1F2246 ! crypto pki trustpoint TP-self-signed-2735274138 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2735274138 revocation-check none rsakeypair TP-self-signed-2735274138 ! ! crypto pki certificate chain TP-self-signed-2735274138 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32373335 32373431 3338301E 170D3133 31313231 30373039 33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37333532 37343133 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C3E2 BFE925CC D9B64132 77CB503C D40543F0 1E1AC853 840E58CC 3D562AF3 46752370 A76D6E72 D15C0144 66F380FE EE51AFBB F6E85BD2 560F7B74 F2C8397C F6AF9E05 7ED8CA11 F39926E8 B77242CE 3E914124 6A5F1CF7 DDC0AC80 51466D46 383106DB EF30229E 3D672457 040665F5 1C24B993 675F6F36 57386DB1 0778DBD4 224F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 14B83CEB 49660C91 7BCF0419 56F11F9C 774D8BD7 0E301D06 03551D0E 04160414 B83CEB49 660C917B CF041956 F11F9C77 4D8BD70E 300D0609 2A864886 F70D0101 05050003 8181007A 3DA7965B DB95357F CE63392C F48F65A5 730968AE 4556E993 6AE1ED94 61004108 9B7CE6DF F9724C70 AD0DA214 B5EF56C7 358384AD 4EA941B0 CDDAB775 5EE1704C 85B146F7 218AD893 916A207A 71B58432 7E2C089A 04D2B3C1 E75B772D F46C3F96 90B1FFA2 F529C9F3 886C6FBB CD07CBC4 029B6AB0 16E0596D 082FCB48 77473C quit voice-card 0 dspfarm dsp services dspfarm ! ! ! voice service voip ip address trusted list ipv4 192.168.1.0 255.255.255.0 ipv4 10.88.0.0 255.255.255.0 allow-connections sip to sip no supplementary-service sip refer signaling forward unconditional fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none sip bind control source-interface GigabitEthernet0/0 bind media source-interface GigabitEthernet0/0 ! ! voice class uri TORUCM sip host ipv4:10.88.0.12 voice class codec 1 codec preference 1 g711ulaw codec preference 2 g729r8 ! ! ! ! voice translation-rule 1 rule 1 /^416\([2-9]......\)/ /+1416\1/ rule 2 /^647\([2-9]......\)/ /+1647\1/ ! voice translation-rule 3 rule 1 /^\([2-9]..[2-9]......\)$/ /+1\1/ rule 2 /\.*/ /+\1/ ! voice translation-rule 10 rule 1 // // type any national plan any isdn ! ! voice translation-profile PSTN_IN translate calling 3 translate called 1 ! voice translation-profile TELUS-INT translate called 10 ! ! ! license udi pid CISCO2911/K9 sn FGL1747117B hw-module pvdm 0/0 ! hw-module pvdm 0/1 ! ! ! ! redundancy ! ! ! ! ! controller T1 0/0/0 shutdown cablelength long 0db pri-group timeslots 1-24 ! controller T1 0/0/1 cablelength long 0db pri-group timeslots 1-24 ! ! crypto keyring dmvpnspokes pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123 crypto keyring VPN-Meraki pre-shared-key address 184.94.68.98 key spectrum123 ! crypto isakmp policy 1 encr aes authentication pre-share group 2 ! crypto isakmp policy 2 encr aes authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 lifetime 28800 ! crypto isakmp client configuration group revpnclient key f3l1xst0w dns 10.88.0.10 domain spectrummfg.net pool REPOOL acl REVPN crypto isakmp profile VPNclient match identity group revpnclient client authentication list REVPN isakmp authorization list REVPNGR client configuration address respond crypto isakmp profile DMVPN keyring dmvpnspokes match identity address 0.0.0.0 crypto isakmp profile VPN_565-Meraki keyring VPN-Meraki match identity address 184.94.68.98 255.255.255.255 ! ! crypto ipsec transform-set RESET esp-aes esp-sha-hmac mode tunnel crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac mode transport crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac mode tunnel crypto ipsec transform-set VPN-MY-Meraki esp-aes 256 esp-sha-hmac mode tunnel ! ! crypto ipsec profile dmvpnprofile set security-association lifetime seconds 900 set transform-set ESP-AES256-SHA set isakmp-profile DMVPN ! ! crypto dynamic-map remap 10 set transform-set ESP-AES256-SHA set isakmp-profile VPNclient reverse-route ! ! ! crypto map remap 1 ipsec-isakmp set peer 184.94.68.98 set security-association lifetime seconds 28800 set transform-set VPN-MY-Meraki set isakmp-profile VPN_565-Meraki match address NETWORK_88-565 reverse-route crypto map remap 10 ipsec-isakmp dynamic remap ! ! ! ! ! interface Tunnel10 bandwidth 100000 ip address 192.168.253.1 255.255.255.0 no ip redirects ip mtu 1400 no ip next-hop-self eigrp 100 no ip split-horizon eigrp 100 ip nhrp authentication dmvpn ip nhrp map multicast dynamic ip nhrp network-id 254 ip nhrp holdtime 300 ip tcp adjust-mss 1360 delay 100 tunnel source GigabitEthernet0/1 tunnel mode gre multipoint tunnel key 254 tunnel protection ipsec profile dmvpnprofile ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$ ip address 10.88.0.254 255.255.255.0 ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 description OUTSIDE ip address 216.123.3.30 255.255.255.240 ip access-group OUTSIDE_IN in ip mtu 1492 ip virtual-reassembly in duplex auto speed auto no cdp enable crypto map remap ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! interface Serial0/0/0:23 no ip address encapsulation hdlc isdn switch-type primary-dms100 isdn incoming-voice voice isdn supp-service name calling isdn outgoing display-ie no cdp enable ! interface Serial0/0/1:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn supp-service name calling isdn outgoing display-ie trunk-group PSTN_Trunk_01 no cdp enable ! ! router eigrp 100 network 10.88.0.0 0.0.255.255 network 10.99.1.0 0.0.0.255 network 192.168.1.0 network 192.168.200.0 network 192.168.253.0 redistribute static route-map EI_RED passive-interface default no passive-interface Tunnel10 no passive-interface GigabitEthernet0/0 ! ip local pool REPOOL 192.168.200.10 192.168.200.100 ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip route 0.0.0.0 0.0.0.0 216.123.3.17 ip route 10.88.20.0 255.255.255.0 192.168.253.20 ip route 10.88.30.0 255.255.255.0 192.168.253.30 ip route 10.88.40.0 255.255.255.0 192.168.253.40 ip route 10.88.50.0 255.255.255.0 192.168.253.50 ip route 10.88.60.0 255.255.255.0 192.168.253.60 ip route 10.88.70.0 255.255.255.0 192.168.253.70 ip route 10.88.80.0 255.255.255.0 192.168.253.80 ip route 10.88.90.0 255.255.255.0 192.168.253.90 ip route 10.88.100.0 255.255.255.0 192.168.253.100 ip route 10.88.110.0 255.255.255.0 192.168.253.110 ip route 10.88.120.0 255.255.255.0 192.168.253.120 ip route 10.88.130.0 255.255.255.0 192.168.253.130 ip route 10.88.140.0 255.255.255.0 192.168.253.140 ip route 10.88.150.0 255.255.255.0 192.168.253.150 ip route 10.88.160.0 255.255.255.0 192.168.253.160 ip route 10.88.170.0 255.255.255.0 192.168.253.170 ip route 10.88.180.0 255.255.255.0 192.168.253.180 ip route 10.88.190.0 255.255.255.0 192.168.253.190 ip route 10.88.200.0 255.255.255.0 192.168.253.200 ! ip access-list standard EI_RED_STATIC permit 192.168.200.0 0.0.0.255 permit 10.88.30.0 0.0.0.255 permit 10.88.20.0 0.0.0.255 permit 10.88.40.0 0.0.0.255 permit 10.88.50.0 0.0.0.255 permit 10.88.60.0 0.0.0.255 permit 10.88.70.0 0.0.0.255 permit 10.88.80.0 0.0.0.255 permit 10.88.90.0 0.0.0.255 permit 10.88.100.0 0.0.0.255 permit 10.88.110.0 0.0.0.255 permit 10.88.120.0 0.0.0.255 permit 10.88.130.0 0.0.0.255 permit 10.88.140.0 0.0.0.255 permit 10.88.150.0 0.0.0.255 permit 10.88.160.0 0.0.0.255 permit 10.88.170.0 0.0.0.255 permit 10.88.180.0 0.0.0.255 permit 10.88.190.0 0.0.0.255 permit 10.88.200.0 0.0.0.255 permit 10.88.0.0 0.0.255.255 ! ip access-list extended NETWORK_88-565 permit ip 10.88.0.0 0.0.0.255 10.35.8.0 0.0.3.255 permit ip 10.88.0.0 0.0.0.255 10.35.0.0 0.0.3.255 permit ip 10.88.0.0 0.0.0.255 10.35.16.0 0.0.3.255 permit ip 10.88.0.0 0.0.0.255 10.35.40.0 0.0.3.255 permit ip 10.88.0.0 0.0.0.255 10.35.48.0 0.0.3.255 permit ip 10.88.0.0 0.0.0.255 10.35.64.0 0.0.3.255 permit ip 192.168.1.0 0.0.0.255 10.35.8.0 0.0.3.255 permit ip 192.168.1.0 0.0.0.255 10.35.0.0 0.0.3.255 permit ip 192.168.1.0 0.0.0.255 10.35.40.0 0.0.3.255 permit ip 192.168.1.0 0.0.0.255 10.35.48.0 0.0.3.255 permit ip 192.168.1.0 0.0.0.255 10.35.64.0 0.0.3.255 ip access-list extended OUTSIDE_IN permit tcp host 70.52.160.97 host 216.123.3.30 eq 22 deny tcp any any eq 5060 deny udp any any eq 5060 deny tcp any any eq 22 deny tcp any any eq www deny tcp any any eq 443 permit esp any any permit ahp any any permit udp any any eq isakmp permit udp any any eq non500-isakmp deny ip any any log ip access-list extended REVPN permit ip 10.88.0.0 0.0.0.255 any permit ip 192.168.1.0 0.0.0.255 any permit ip 10.88.11.0 0.0.0.255 any permit ip 10.99.1.0 0.0.0.255 any permit ip 10.88.20.0 0.0.0.255 any permit ip 10.88.30.0 0.0.0.255 any permit ip 10.88.40.0 0.0.0.255 any permit ip 10.88.50.0 0.0.0.255 any permit ip 10.88.60.0 0.0.0.255 any permit ip 10.88.70.0 0.0.0.255 any permit ip 10.88.80.0 0.0.0.255 any permit ip 10.88.90.0 0.0.0.255 any permit ip 10.88.100.0 0.0.0.255 any permit ip 10.88.110.0 0.0.0.255 any permit ip 10.88.120.0 0.0.0.255 any ! ! route-map EI_RED permit 10 match ip address EI_RED_STATIC ! ! ! ! ! control-plane ! ! voice-port 0/0/0:23 ! voice-port 0/1/0 ! voice-port 0/1/1 ! voice-port 0/1/2 ! voice-port 0/1/3 ! voice-port 0/0/1:23 ! ! ! ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! dial-peer voice 999 pots destination-pattern 6475373903 port 0/0/0:23 forward-digits all ! dial-peer voice 911 pots trunkgroup PSTN_Trunk_01 description ** Emergency Outbound to Telco-CUSP ** preference 1 destination-pattern 911$ forward-digits all ! dial-peer voice 1000 voip description ** Inbound from UCM ** session protocol sipv2 incoming uri via TORUCM voice-class codec 1 voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 dtmf-relay rtp-nte ip qos dscp cs3 signaling no vad ! dial-peer voice 1001 voip description Outbound to TOR UCM preference 1 destination-pattern +1416[2-9]......$ session protocol sipv2 session target ipv4:10.88.0.12 voice-class codec 1 voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 dtmf-relay rtp-nte ip qos dscp cs3 signaling no vad ! dial-peer voice 1002 voip description Outbound to TOR UCM preference 1 destination-pattern +1647[2-9]......$ session protocol sipv2 session target ipv4:10.88.0.12 voice-class codec 1 voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1003 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1004 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1005 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1006 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1007 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1008 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1009 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 1010 voip voice-class sip bind control source-interface GigabitEthernet0/0 voice-class sip bind media source-interface GigabitEthernet0/0 ! dial-peer voice 2001 pots trunkgroup PSTN_Trunk_01 description ***Local*** destination-pattern ^[2-9]..[2-9]......$ forward-digits 10 ! dial-peer voice 2002 pots trunkgroup PSTN_Trunk_01 description ***Long Distance*** destination-pattern ^1[2-9]..[2-9]......$ forward-digits 11 ! dial-peer voice 2003 pots trunkgroup PSTN_Trunk_01 description ***International*** translation-profile outgoing TELUS-INT destination-pattern ^011.T ! dial-peer voice 2004 pots trunkgroup PSTN_Trunk_01 description ***Service Numbers*** destination-pattern ^[2-8]11$ forward-digits all ! dial-peer voice 2005 pots ! dial-peer voice 2006 pots ! dial-peer voice 2007 pots ! dial-peer voice 2008 pots ! dial-peer voice 2009 pots ! ! ! ! gatekeeper shutdown ! ! ! line con 0 session-timeout 15 privilege level 15 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 session-timeout 15 privilege level 15 login authentication local transport input ssh line vty 5 15 session-timeout 15 privilege level 15 login authentication local transport input ssh ! scheduler allocate 20000 1000 ntp server 10.88.0.1 ! end