sh run Building configuration... Current configuration : 10990 bytes ! ! Last configuration change at 06:32:43 UTC Thu May 13 2021 ! version 17.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core platform hardware throughput crypto 50000 ! hostname XYZ_SHALLA_WR ! boot-start-marker boot system bootflash:c1100-universalk9_ias.17.03.02.SPA.bin boot-end-marker ! ! enable secret gadgdfgdfhgdsfg ! aaa new-model ! ! aaa authorization network XYZ-AAA local ! ! ! ! ! ! aaa session-id common ! ! ! ! ! ! ! ip name-server 8.8.8.8 ip domain lookup source-interface ATM0/3/0.1 ip dhcp excluded-address 10.10.117.1 10.10.117.254 ! ip dhcp pool XYZ_SHALLA_Branch_DHCP network 10.10.117.0 255.255.255.0 default-router 10.10.117.1 dns-server 8.8.8.8 213.55.96.148 4.2.2.1 ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated no device-tracking logging theft ! ! ! crypto pki trustpoint SLA-TrustPoint enrollment terminal revocation-check crl ! crypto pki trustpoint XYZ_TP enrollment selfsigned ip-address 10.10.117.1 revocation-check crl rsakeypair XYZ_RSA ! ! crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit crypto pki certificate chain XYZ_TP certificate self-signed 01 3082033E 30820226 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 38313630 1806092A 864886F7 0D010908 130B3130 2E31302E 3131372E 31301A06 092A8648 86F70D01 0902160D 4447425F 5348414C 4C415F57 52301E17 0D323130 35303830 38303433 335A170D 33313035 30383038 30343333 5A303831 36301806 092A8648 86F70D01 0908130B 31302E31 302E3131 372E3130 1A06092A 864886F7 0D010902 160D4447 425F5348 414C4C41 5F575230 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 B0484467 35D85BB5 574BAFA3 EF126DEF 2CB2744D F488CC76 CC84C642 6086C7D0 0AA1C8AD 0FE1A297 0F66F2F2 599C0947 D59CE698 FC5D1040 596C6F9C 5EF0C514 CEC8EABB 40915689 451617D4 26C105EC A029811E 51031444 BFFF639C A7A63086 5C591650 A99B405A 73F4698B 94064391 2B64FE78 820F648D C42B5DED D7171D94 3EB3A474 A4031EE2 B0E02EBB 77C384E8 F729E835 14AA9587 27F66D24 72007E96 EA0D555E 31F7AE45 911ABA82 189F82CF ECEF6EE3 2B76740D DEEB061E 2B18C54E F6C58418 CF91A17C D570FFB3 7FE8CBC9 907D34D0 023AB65A 2F13529B 17FF64EA 6DB3E347 6D47279C 4E1C98A3 67A6F946 8D8A3804 2C8096F6 BDD03DE6 0CDAC115 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 16801459 E2BBC66D 69383A3A 82AFF967 55206E2F 06167330 1D060355 1D0E0416 041459E2 BBC66D69 383A3A82 AFF96755 206E2F06 1673300D 06092A86 4886F70D 01010505 00038201 01004288 9A3D78F3 9E20021F 1ACF08E8 2516AF9F 9B5D788E 294CE7E4 B335BADB A3AAD6D8 B75B2CF8 558C0CFD 8A09D754 F69725E6 B94393B3 4AB13E13 2975E545 0BD9FBD2 4E7FD977 81A656B8 5F9DA3E7 9F7ABDB7 B4B6FCA1 C4A56D56 1458F6F7 A7F58AE8 24B90BA5 37B34553 92DFFA04 B98B691F 876B7A8A 5D168D61 01012BEE 8EAC4F16 A9504F51 71DFED61 7420A940 F45F26A3 883F4C4F 34313FFC A93A048C 6C8BF9C8 943B12B8 1BC1590A 4B5F3A6B 8DA31446 AED6FD50 58961156 4420181B 59045478 63D59582 901ADE5D 420D9F8A 86CC7CD0 CE47437F B7BAA675 3D68017A 9527EFBB C711F05F 5A048050 85543156 50228F2D FC10B3B8 81C10062 4C32262C D19A quit ! ! no license feature hseck9 license udi pid C1117-4PLTEEA sn FCZ2422920Y license boot level securityk9 license smart url https://smartreceiver.cisco.com/licservice/license license smart url smart https://smartreceiver.cisco.com/licservice/license license smart transport smart memory free low-watermark processor 71868 ! diagnostic bootup level minimal ! spanning-tree extend system-id ! username XYZnet privilege 15 password 7 131537564F1B4D382F ! redundancy mode none ! crypto ikev2 authorization policy XYZ-AUTH-POLICY route set interface route set access-list XYZ-SHALLA-Subnets ! crypto ikev2 proposal XYZ-IkeV2-proposal encryption aes-cbc-192 integrity sha256 group 15 ! crypto ikev2 policy XYZ-IkeV2-POLICY match fvrf any proposal XYZ-IkeV2-proposal ! crypto ikev2 keyring XYZ-KRing peer XYZ-Keys description XYZ-Keyring-1 address 0.0.0.0 0.0.0.0 pre-shared-key local XYZ-pass-213 pre-shared-key remote XYZ-pass-123 ! ! ! crypto ikev2 profile XYZ-IkeyV2-profile description To_XYZ_HQ_Hubs match identity remote fqdn hub.XYZ.local identity local address 10.130.213.180 authentication remote pre-share authentication local pre-share keyring local XYZ-KRing dpd 30 2 on-demand aaa authorization group psk list XYZ-AAA XYZ-AUTH-POLICY ! crypto ikev2 client flexvpn XYZ-FlexVPN peer 1 10.10.23.17 track 1 peer 2 10.10.23.18 track 2 peer 3 10.133.207.50 track 3 peer reactivate client connect Tunnel0 ! ! controller Cellular 0/2/0 lte modem link-recovery disable ! controller VDSL 0/3/0 ! ! vlan internal allocation policy ascending ! track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! track 3 ip sla 3 reachability ! ! ! ! ! ! ! ! crypto ipsec transform-set XYZ-TSET esp-gcm mode tunnel ! crypto ipsec profile XYZ-IPSec-Prf set transform-set XYZ-TSET set ikev2-profile XYZ-IkeyV2-profile ! ! ! ! ! ! ! ! ! ! interface Tunnel0 description To_XYZ_HQ_Hubs ip address negotiated ip mtu 1400 ip tcp adjust-mss 1360 tunnel source ATM0/3/0.1 tunnel mode ipsec ipv4 tunnel destination dynamic tunnel protection ipsec profile XYZ-IPSec-Prf ! interface GigabitEthernet0/0/0 no ip address shutdown negotiation auto ! interface GigabitEthernet0/1/0 switchport access vlan 117 switchport mode access ! interface GigabitEthernet0/1/1 switchport access vlan 117 switchport mode access ! interface GigabitEthernet0/1/2 switchport access vlan 117 switchport mode access ! interface GigabitEthernet0/1/3 switchport access vlan 117 switchport mode access ! interface Cellular0/2/0 ip address negotiated ip nat outside dialer in-band dialer idle-timeout 0 dialer watch-group 1 dialer-group 1 ipv6 enable pulse-time 1 ! interface Cellular0/2/1 no ip address ! interface ATM0/3/0 mtu 1500 no ip address atm oversubscribe factor 2 ! interface ATM0/3/0.1 point-to-point description To_XYZ_WAN mtu 1500 ip address 10.130.213.180 255.255.255.248 atm route-bridged ip pvc 8/81 encapsulation aal5snap ! ! interface Ethernet0/3/0 no ip address no negotiation auto ! interface Vlan1 no ip address ! interface Vlan117 ip address 10.10.117.1 255.255.255.0 ip nat inside ! router bgp 100 bgp log-neighbor-changes neighbor 10.10.8.1 remote-as 100 ! address-family ipv4 network 10.10.117.0 mask 255.255.255.0 neighbor 10.10.8.1 activate exit-address-family ! ip http server ip http authentication local ip http secure-server ip http secure-trustpoint XYZ_TP ip http client source-interface ATM0/3/0.1 ip forward-protocol nd ip nat inside source list 100 interface Cellular0/2/0 overload ip route 0.0.0.0 0.0.0.0 10.130.213.178 ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 10 ! ! ip access-list standard XYZ-SHALLA-Subnets 10 permit 10.10.117.0 0.0.0.255 ip access-list standard Device-MGMT 10 permit 10.10.1.0 0.0.0.255 20 permit 10.10.24.0 0.0.0.255 30 permit 10.10.20.0 0.0.0.255 40 permit any ! ! ip sla 1 icmp-echo 10.10.23.17 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 10.10.23.18 ip sla schedule 2 life forever start-time now ip sla 3 icmp-echo 10.133.207.50 ip sla schedule 3 life forever start-time now ip access-list standard 1 10 permit 10.10.117.0 0.0.0.255 ip access-list extended 100 10 permit ip any any dialer-list 1 protocol ip permit ! snmp-server community XYZP0rtnox RO snmp-server enable traps snmp linkdown linkup snmp-server host 10.10.42.11 XYZP0rtnox snmp-server host 10.10.42.12 XYZP0rtnox snmp ifmib ifindex persist ! ! ! ! control-plane ! line con 0 password 7 131537564F1B4D382F transport input none stopbits 1 line vty 0 4 access-class Device-MGMT in privilege level 15 password 7 131537564F1B4D382F transport input ssh line vty 5 15 access-class Device-MGMT in privilege level 15 password 7 131537564F1B4D382F transport input ssh transport output ssh line vty 16 30 transport input ssh transport output ssh ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp authentication-key 1 md5 054A372E1B545D1E4B46323628 7 ntp authenticate ntp trusted-key 1 ntp server 10.10.1.3 prefer ! ! ! ! ! ! end