! ! Last configuration change at 13:58:01 EDT Mon Dec 21 2020 by administrator ! NVRAM config last updated at 13:58:01 EDT Mon Dec 21 2020 by administrator ! NVRAM config last updated at 13:58:01 EDT Mon Dec 21 2020 by administrator version 15.2 service timestamps debug datetime msec service timestamps log datetime msec localtime show-timezone no service password-encryption ! hostname BranchRouter ! boot-start-marker boot-end-marker ! ! ! no aaa new-model clock timezone EDT -5 0 clock summer-time EDT recurring ! ! ip cef ! ! ! ! no ip bootp server no ip domain lookup no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! license udi pid CISCO891-K9 sn FTX174481A1 ! ! ! redundancy ! ! ! ! ! ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh rsa keypair-name sshkeys2048 ip ssh version 2 ! track 2 ip sla 1 reachability delay down 10 up 7 ! track 11 list boolean and object 2 not delay down 3 up 10 ! track 13 interface FastEthernet8 line-protocol delay down 3 up 10 ! track 201 ip sla 101 reachability delay down 45 up 45 ! class-map match-any 3cxVoIP description Class for dscp 46 3cx phone traffic match dscp ef match protocol rtcp match protocol rtp audio ! policy-map child-3 class 3cxVoIP bandwidth 372 set dscp ef policy-map parent-2 class class-default shape average 1660000 service-policy child-3 ! ! ! crypto isakmp policy 1 encr aes 256 authentication pre-share crypto isakmp key $key address 0.0.0.0 crypto isakmp keepalive 60 10 ! ! crypto ipsec transform-set AES-Set esp-aes 256 esp-sha-hmac mode tunnel crypto ipsec transform-set AES-Set-2 esp-aes 256 esp-sha-hmac mode tunnel ! ! crypto ipsec profile protect-gre set security-association lifetime seconds 86400 set transform-set AES-Set ! crypto ipsec profile protect-gre-2 set security-association lifetime seconds 86400 set transform-set AES-Set-2 ! ! ! ! ! ! interface Tunnel0 description Loc02 Spoke Main (mGRE) DMVPN to Corp Hub Main ip address 192.168.255.15 255.255.255.0 no ip redirects ip mtu 1400 ip nbar protocol-discovery ip nhrp authentication $key ip nhrp group BRANCH8PHONE ip nhrp map multicast dynamic ip nhrp map 192.168.255.1 70.63.17.71 ip nhrp map multicast 70.63.17.71 ip nhrp network-id 1 ip nhrp holdtime 600 ip nhrp nhs 192.168.255.1 ip tcp adjust-mss 1360 delay 1000 qos pre-classify tunnel source GigabitEthernet0 tunnel mode gre multipoint tunnel key $key tunnel protection ipsec profile protect-gre shared ! interface Tunnel1 description Loc02 Spoke (mGRE) DMVPN to Corp Hub (Backup Cellular) bandwidth 512 ip address 192.168.254.15 255.255.255.0 ip access-group 199 out no ip redirects ip mtu 1400 ip nbar protocol-discovery ip nhrp authentication $key ip nhrp map multicast 70.63.17.71 ip nhrp map 192.168.254.1 70.63.17.71 ip nhrp network-id 2 ip nhrp holdtime 600 ip nhrp nhs 192.168.254.1 ip tcp adjust-mss 1360 delay 1500 qos pre-classify tunnel source FastEthernet8 tunnel destination 70.63.17.71 tunnel key $key tunnel protection ipsec profile protect-gre-2 shared ! interface Tunnel2 description Loc01 Spoke (mGRE) DMVPN to Corp Hub (Main-Backup) bandwidth 1750 ip address 192.168.253.15 255.255.255.0 no ip redirects ip mtu 1400 ip nbar protocol-discovery ip nhrp authentication $key ip nhrp map 192.168.253.1 216.201.26.121 ip nhrp map multicast 216.201.26.121 ip nhrp network-id 3 ip nhrp holdtime 600 ip nhrp nhs 192.168.253.1 ip tcp adjust-mss 1360 delay 1600 tunnel source GigabitEthernet0 tunnel destination 216.201.26.121 tunnel key $key tunnel protection ipsec profile protect-gre shared ! interface Tunnel3 description Loc01 Spoke (mGRE) DMVPN to Corp Hub (Backup-Backup) bandwidth 384 ip address 192.168.252.15 255.255.255.0 ip access-group 199 out no ip redirects ip mtu 1400 ip nbar protocol-discovery ip nhrp authentication $key ip nhrp map 192.168.252.1 216.201.26.121 ip nhrp map multicast 216.201.26.121 ip nhrp network-id 4 ip nhrp holdtime 600 ip nhrp nhs 192.168.252.1 ip tcp adjust-mss 1360 delay 1800 tunnel source FastEthernet8 tunnel destination 216.201.26.121 tunnel key $key tunnel protection ipsec profile protect-gre-2 shared ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface FastEthernet4 no ip address ! interface FastEthernet5 no ip address ! interface FastEthernet6 no ip address ! interface FastEthernet7 no ip address ! interface FastEthernet8 description Outside WAN Interface (Backup) bandwidth 512 ip address 192.168.0.2 255.255.255.0 secondary ip address 166.165.218.239 255.255.255.224 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip nat outside ip virtual-reassembly in shutdown duplex auto speed auto ! interface GigabitEthernet0 description Outside WAN (Internet) Interface bandwidth 4000 ip address 96.11.19.35 255.255.255.248 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip verify unicast reverse-path ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in duplex full speed 1000 ! interface Vlan1 description VLAN Interface ip address 10.73.15.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Async1 no ip address encapsulation slip ! ! router eigrp 12 network 10.73.15.0 0.0.0.255 network 192.168.254.0 passive-interface default no passive-interface Tunnel1 ! ! router eigrp 10 network 10.73.15.0 0.0.0.255 network 192.168.255.0 passive-interface default no passive-interface Tunnel0 ! ! router eigrp 14 network 10.73.15.0 0.0.0.255 network 192.168.253.0 passive-interface default no passive-interface Tunnel2 ! ! router eigrp 16 network 10.73.15.0 0.0.0.255 network 192.168.252.0 passive-interface default no passive-interface Tunnel3 ! ip forward-protocol nd no ip http server no ip http secure-server ! ip flow-export version 9 ip flow-export destination 10.73.0.44 9915 ip flow-top-talkers top 100 sort-by bytes ! ip nat inside source route-map NAT_Access interface GigabitEthernet0 overload ip nat inside source route-map NAT_Access_Backup interface FastEthernet8 overload ip route 0.0.0.0 0.0.0.0 96.11.19.33 track 2 ip route 0.0.0.0 0.0.0.0 166.165.218.240 4 ip route 0.0.0.0 0.0.0.0 96.11.19.33 25 permanent ip route 10.73.255.0 255.255.255.0 10.73.0.2 ip route 70.63.17.49 255.255.255.255 96.11.19.33 ! ip sla auto discovery ip sla 1 icmp-echo 70.63.17.49 source-interface GigabitEthernet0 threshold 2000 timeout 2000 frequency 3 ip sla schedule 1 life forever start-time now ip sla 101 icmp-echo 192.168.253.1 source-interface Tunnel2 threshold 2000 timeout 2000 frequency 10 ip sla schedule 101 life forever start-time now logging trap notifications logging host 10.73.0.37 access-list 1 permit 10.73.15.0 0.0.0.255 access-list 2 permit 209.143.6.213 access-list 2 permit 10.73.0.0 0.0.255.255 access-list 2 permit 70.63.17.48 0.0.0.3 access-list 2 permit 70.63.17.64 0.0.0.15 access-list 2 permit 192.168.255.0 0.0.0.255 access-list 2 permit 192.168.254.0 0.0.0.255 access-list 2 permit 192.168.253.0 0.0.0.255 access-list 2 permit 192.168.252.0 0.0.0.255 access-list 2 permit 216.201.26.112 0.0.0.15 access-list 100 permit ip any any access-list 100 permit udp any any eq bootpc access-list 100 permit udp any any eq bootps access-list 103 permit ip 10.73.15.0 0.0.0.255 any no cdp run ! route-map NAT_Access permit 1 match ip address 103 match interface GigabitEthernet0 ! route-map NAT_Access_Backup permit 1 match ip address 103 match interface FastEthernet8 ! snmp-server ifindex persist ! ! control-plane ! ! ! ! mgcp profile default ! ! ! ! ! line con 0 line 1 modem InOut speed 115200 flowcontrol hardware line aux 0 login local modem InOut transport output telnet ssh autoselect ppp speed 115200 flowcontrol hardware line vty 0 4 access-class 2 in exec-timeout 15 0 privilege level 15 logging synchronous login local history size 29 transport input telnet ssh transport output telnet ssh ! scheduler allocate 20000 1000 ntp server 10.73.0.15 source Tunnel0 event manager applet MAIN_INTERNET_DOWN event track 11 state up action 1.0 cli command "enable" action 2.0 cli command "clear ip nat trans *" action 3.0 cli command "clear dmvpn ses interface tun 0 static" action 4.0 cli command "configure terminal" action 5.0 cli command "interf FastEthernet 8" action 6.0 cli command "no shutdown" action 7.0 syslog msg "EEM has enabled Backup Interface (NAT cleared)" event manager applet MAIN_INTERNET_UP event track 2 state up action 1.0 cli command "enable" action 2.0 cli command "clear ip nat trans *" action 3.0 cli command "configure terminal" action 4.0 cli command "interface FastEthernet 8" action 5.0 cli command "shutdown" action 6.0 syslog msg "EEM has enabled Backup Interface (NAT cleared)" ! end