version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname ASR
!
boot-start-marker
boot system flash bootflash:asr1001-universalk9.03.13.00.S.154-3.S-ext.bin
boot-end-marker
!
aqm-register-fnf
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 xxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
!
!


ip domain name generic.domain

!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
crypto pki trustpoint xxxx
 enrollment terminal
 fqdn xxxx.generic.domain
 ip-address 71.xxx.xxx.xxx
 subject-name CN=xxxx.generic.domain,OU=xxxx,O=xxxx, C=US,ST=xxxx
 revocation-check none
 rsakeypair xxxx
 eku request server-auth client-auth
!
!
!
crypto pki certificate map win7_map 10
 subject-name co ou xxxx
!
crypto pki certificate chain xxxx
 certificate ca xxxx
        quit
license udi pid ASR1001 sn xxxx
license boot level advipservices
spanning-tree extend system-id
!
username user privilege 15 secret 5 xxxx
!
redundancy
 mode none
!
crypto ikev2 authorization policy xxxx
 pool xxxx_1
 dns 10.1.1.69 10.1.1.95
 netmask 255.255.255.0
 def-domain generic.domain
!
crypto ikev2 proposal win7
 encryption aes-cbc-256
 integrity sha1
 group 2
!
crypto ikev2 policy win7
 proposal win7
!
!
crypto ikev2 profile xxxx
 match certificate win7_map
 identity local fqdn xxxx
 authentication remote rsa-sig
 authentication remote eap query-identity
 authentication local rsa-sig
 pki trustpoint xxxx
 aaa authentication eap xxxx
 aaa authorization group eap list xxxx
 virtual-template 10
!
!
!
!
ip tftp source-interface GigabitEthernet0
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
!
!
!
!
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set aes256-sha1 esp-aes 256 esp-sha-hmac
 mode tunnel
!
crypto ipsec profile xxxx
 set transform-set aes256-sha1
 set ikev2-profile xxxx
!
!
!
!
!
!
!
!
!
interface Tunnel0
 bandwidth 10000000
 ip address 10.254.240.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip split-horizon eigrp 101
 ip nhrp authentication xxxx
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip tcp adjust-mss 1360
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 0
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/0.60
 encapsulation dot1Q 60
 ip address 10.60.1.5 255.255.255.0
!
interface GigabitEthernet0/0/0.901
 encapsulation dot1Q 901
 ip address 192.168.100.200 255.255.255.0
!
interface GigabitEthernet0/0/1
 ip address 71.xxx.xxx.xxx 255.xxx.xxx.xxx
 speed 1000
 no negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
interface Virtual-Template10 type tunnel
 ip unnumbered GigabitEthernet0/0/0.60
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile xxxx
!
!
router eigrp 101
 no default-information out
 network 10.254.240.0 0.0.0.255
 network 192.168.100.0
!
ip local pool xxxx_1 10.40.75.100 10.40.75.250
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!

!
!
!
!
control-plane
!
 !
 !
 !
 !
!
!
!
!
!
line con 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 logging synchronous
 transport input ssh
line vty 5 15
 logging synchronous
 transport input ssh
line vty 16 97
!
ntp server 107.150.21.225
ntp server 192.5.41.209
ntp server 198.30.92.2
!
end