Router#sh run Building configuration... Current configuration : 15054 bytes ! ! Last configuration change at 12:24:58 UTC Tue Jan 12 2021 by XYZnet ! NVRAM config last updated at 12:25:03 UTC Tue Jan 12 2021 by XYZnet ! version 16.6 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption platform qfp utilization monitor load 80 no platform punt-keepalive disable-kernel-core ! hostname Router ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 xgsagagd ! aaa new-model ! ! aaa authorization network XYZ-AAA local ! ! ! ! ! ! aaa session-id common ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! ! license udi pid ISR4331/K9 sn FDO24090FL2 license boot level appxk9 license boot level securityk9 diagnostic bootup level minimal spanning-tree extend system-id ! ! ! username XYZnet privilege 15 password 7 xysfasgsgdsg ! redundancy mode none ! crypto ikev2 authorization policy XYZ-AUTH-POLICY pool XYZ-Pool netmask 255.255.254.0 route set access-list XYZ-HQ-Subnets ! crypto ikev2 proposal XYZ-IkeV2-proposal encryption aes-cbc-192 integrity sha256 group 15 ! crypto ikev2 policy XYZ-IkeV2-POLICY match fvrf any proposal XYZ-IkeV2-proposal ! crypto ikev2 keyring XYZ-KRing peer XYZ-Keys description XYZ-Keyring-1 address 0.0.0.0 0.0.0.0 pre-shared-key local XYZ-pass-123 pre-shared-key remote XYZ-pass-213 ! ! ! crypto ikev2 profile XYZ-IkeyV2-profile description To_XYZ_Branch_Spokes match identity remote address 0.0.0.0 identity local fqdn hub.XYZ.local authentication remote pre-share authentication local pre-share keyring local XYZ-KRing dpd 30 2 on-demand aaa authorization group psk list XYZ-AAA XYZ-AUTH-POLICY virtual-template 1 ! ! ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 100 encr aes authentication pre-share group 2 crypto isakmp key ergyeryfdaff address 10.133.207.52 ! ! crypto ipsec transform-set XYZ-TSET esp-gcm mode tunnel crypto ipsec transform-set DR_TRANSFORM_SET esp-aes esp-sha-hmac mode tunnel ! crypto ipsec profile XYZ-IPSec-Prf set transform-set XYZ-TSET set ikev2-profile XYZ-IkeyV2-profile ! crypto ipsec profile DR_IPSEC_PROFILE set transform-set DR_TRANSFORM_SET ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 10.10.8.1 255.255.254.0 ip ospf shutdown ! interface Tunnel100 ip address 12.12.12.1 255.255.255.252 tunnel source 10.10.23.17 tunnel mode ipsec ipv4 tunnel destination 10.133.207.52 tunnel protection ipsec profile DR_IPSEC_PROFILE ! interface GigabitEthernet0/0/0 description To_XYZ_DC_GR_0/1 ip address 10.10.23.17 255.255.255.248 ip ospf shutdown negotiation auto ! interface GigabitEthernet0/0/1 description To_XYZ_DC_CoreVSS_G1/2/45 ip address 10.10.23.33 255.255.255.252 ip ospf message-digest-key 1 md5 7 004522273E4318115D62696A2A ip ospf priority 100 negotiation auto ! interface GigabitEthernet0/0/2 description To_XYZ_DC_EFW_1_Port1 ip address 10.10.23.25 255.255.255.252 ip ospf message-digest-key 1 md5 7 03456A2A3C17325B1C4A3C2134 ip ospf priority 100 negotiation auto ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! interface Virtual-Template1 type tunnel description To_XYZ_Branch_Spokes ip unnumbered Loopback0 ip mtu 1400 ip tcp adjust-mss 1360 tunnel source GigabitEthernet0/0/0 tunnel mode ipsec ipv4 tunnel protection ipsec profile XYZ-IPSec-Prf ! router ospf 1 router-id 8.8.8.8 priority 100 area 0 authentication message-digest redistribute static subnets redistribute bgp 100 subnets passive-interface GigabitEthernet0/0/0 passive-interface Loopback0 passive-interface Virtual-Template1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 100 bgp log-neighbor-changes bgp listen range 10.10.8.0/23 peer-group XYZ-spokes neighbor XYZ-spokes peer-group neighbor XYZ-spokes remote-as 100 ! address-family ipv4 bgp redistribute-internal network 0.0.0.0 network 10.0.0.0 redistribute ospf 1 neighbor XYZ-spokes activate default-information originate exit-address-family ! ip local pool XYZ-Pool 10.10.8.3 10.10.9.254 ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip tftp source-interface GigabitEthernet0 ip route 10.2.200.0 255.255.255.0 Tunnel100 ip route 10.2.200.0 255.255.255.0 10.10.23.20 ip route 10.10.50.0 255.255.255.0 10.10.23.20 ip route 10.10.51.0 255.255.255.0 10.10.23.20 ip route 10.10.52.0 255.255.255.0 10.10.23.20 ip route 10.10.53.0 255.255.255.0 10.10.23.20 ip route 10.10.54.0 255.255.255.0 10.10.23.20 ip route 10.10.55.0 255.255.255.0 10.10.23.20 ip route 10.10.56.0 255.255.255.0 10.10.23.20 ip route 10.10.57.0 255.255.255.0 10.10.23.20 ip route 10.10.58.0 255.255.255.0 10.10.23.20 ip route 10.10.59.0 255.255.255.0 10.10.23.20 ip route 10.10.60.0 255.255.255.0 10.10.23.20 ip route 10.10.61.0 255.255.255.0 10.10.23.20 ip route 10.10.62.0 255.255.255.0 10.10.23.20 ! ! ip access-list standard XYZ-HQ-Subnets deny 10.10.23.16 0.0.0.7 deny 10.10.8.0 0.0.1.255 permit 10.0.0.0 0.255.255.255 ip access-list standard Device-MGMT permit 10.10.1.0 0.0.0.255 permit 10.10.24.0 0.0.0.255 permit 10.10.20.0 0.0.0.255 ! ip access-list extended XYZ_HQ_To_DR_ACL permit ip 10.10.0.0 0.0.255.255 10.2.200.0 0.0.0.255 access-list 100 permit ip 10.10.1.0 0.0.0.255 any ! ! snmp-server community XYZP0rtnox RO ! ! ! ! control-plane ! line con 0 password 7 100F38383F0F011C5E470F0F07 transport input none stopbits 1 line aux 0 stopbits 1 line vty 0 4 access-class Device-MGMT in privilege level 15 password 7 1456232A361C393C766B161101 transport input ssh line vty 5 97 access-class Device-MGMT in privilege level 15 password 7 1258343628131F137868010C10 transport input ssh ! ntp authentication-key 1 md5 114828242D0A181B56690E000B 7 ntp authenticate ntp trusted-key 1 ntp server 10.10.1.3 prefer wsma agent exec ! wsma agent config ! wsma agent filesys ! wsma agent notify ! ! end XYZ_DC_WR_1#