fgs_xyz_WR#sh run Building configuration... Current configuration : 11702 bytes ! ! Last configuration change at 10:01:39 UTC Fri May 6 2022 ! version 17.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core platform hardware throughput crypto 50000 ! hostname fgs_xyz_WR ! boot-start-marker boot-end-marker ! ! enable secret 9 $9$CecTIZYS/7B1k.$sje4yYH.p6wOrix6b31qxCQqUp4lxCxWZMEB/qlfteg ! aaa new-model ! ! aaa authorization network fgs-AAA local ! ! ! ! ! ! aaa session-id common ! ! ! ! ! ! ! ip name-server 8.8.8.8 ip domain lookup source-interface ATM0/3/0.1 ip dhcp excluded-address 10.10.126.1 10.10.126.254 ! ip dhcp pool fgs_xyz_Branch_DHCP network 10.10.126.0 255.255.255.0 default-router 10.10.126.1 dns-server 8.8.8.8 213.55.96.148 4.2.2.1 ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated no device-tracking logging theft ! ! ! ! no license feature hseck9 license udi pid C1117-4PLTEEA sn FCZ242291SH license boot level securityk9 memory free low-watermark processor 71868 ! diagnostic bootup level minimal ! spanning-tree extend system-id ! username fgsnet privilege 15 password 7 1dfggdfdfhhsfh ! redundancy mode none ! crypto ikev2 authorization policy fgs-AUTH-POLICY route set interface route set access-list fgs-xyz-Subnets ! crypto ikev2 proposal fgs-IkeV2-proposal encryption aes-cbc-192 integrity sha256 group 15 ! crypto ikev2 policy fgs-IkeV2-POLICY match fvrf any proposal fgs-IkeV2-proposal ! crypto ikev2 keyring fgs-KRing peer fgs-Keys description fgs-Keyring-1 address 0.0.0.0 0.0.0.0 pre-shared-key local fgs-pass-213 pre-shared-key remote fgs-pass-123 ! ! ! crypto ikev2 profile fgs-IkeyV2-profile description To_fgs_HQ_Hubs match identity remote fqdn hub.fgs.local identity local address 172.27.120.252 authentication remote pre-share authentication local pre-share keyring local fgs-KRing dpd 30 2 on-demand aaa authorization group psk list fgs-AAA fgs-AUTH-POLICY ! crypto ikev2 profile fgs-IkeyV2-profile-2 description To_fgs_HQ_Hubs match identity remote fqdn hub.fgs.local identity local address 10.130.253.68 authentication remote pre-share authentication local pre-share keyring local fgs-KRing dpd 30 2 on-demand aaa authorization group psk list fgs-AAA fgs-AUTH-POLICY ! crypto ikev2 client flexvpn fgs-FlexVPN-2 peer 1 10.10.23.17 track 1 peer 2 10.10.23.18 track 2 peer 3 10.133.207.50 track 3 peer reactivate client connect Tunnel2 ! crypto ikev2 client flexvpn fgs-FlexVPN peer 1 10.10.23.17 track 1 peer 2 10.10.23.18 track 2 peer 3 10.133.207.50 track 3 peer reactivate client connect Tunnel0 ! ! controller Cellular 0/2/0 lte modem link-recovery disable ! controller VDSL 0/3/0 ! ! vlan internal allocation policy ascending ! track 1 ip sla 1 reachability ! track 2 ip sla 2 reachability ! track 3 ip sla 3 reachability ! ! ! ! ! ! ! ! crypto ipsec transform-set fgs-TSET esp-gcm mode tunnel ! crypto ipsec profile fgs-IPSec-Prf set transform-set fgs-TSET set ikev2-profile fgs-IkeyV2-profile ! crypto ipsec profile fgs-IPSec-Prf-2 set transform-set fgs-TSET set ikev2-profile fgs-IkeyV2-profile-2 ! ! ! ! ! ! ! ! ! ! interface Tunnel0 description To_fgs_HQ_Hubs ip address negotiated ip mtu 1400 ip tcp adjust-mss 1360 tunnel source Cellular0/2/0 tunnel mode ipsec ipv4 tunnel destination dynamic tunnel protection ipsec profile fgs-IPSec-Prf ! interface Tunnel2 description To_fgs_HQ_Hubs ip address negotiated ip mtu 1400 ip tcp adjust-mss 1360 tunnel source ATM0/3/0.1 tunnel mode ipsec ipv4 tunnel destination dynamic tunnel protection ipsec profile fgs-IPSec-Prf-2 ! interface GigabitEthernet0/0/0 no ip address shutdown negotiation auto ! interface GigabitEthernet0/1/0 switchport access vlan 126 switchport mode access ! interface GigabitEthernet0/1/1 switchport access vlan 126 switchport mode access ! interface GigabitEthernet0/1/2 switchport access vlan 126 switchport mode access ! interface GigabitEthernet0/1/3 switchport access vlan 126 switchport mode access ! interface Cellular0/2/0 ip address negotiated ip tcp adjust-mss 1460 dialer in-band dialer idle-timeout 0 dialer watch-group 1 dialer-group 1 pulse-time 1 ! interface Cellular0/2/1 no ip address ! interface ATM0/3/0 mtu 1500 no ip address atm oversubscribe factor 2 ! interface ATM0/3/0.1 point-to-point description To_fgs_WAN mtu 1500 ip address 10.130.253.68 255.255.255.248 atm route-bridged ip pvc 8/81 encapsulation aal5snap ! ! interface Ethernet0/3/0 no ip address shutdown no negotiation auto ! interface Vlan1 no ip address ! interface Vlan126 ip address 10.10.126.1 255.255.255.0 ! router bgp 100 bgp log-neighbor-changes neighbor 10.10.8.1 remote-as 100 ! address-family ipv4 network 10.10.126.0 mask 255.255.255.0 neighbor 10.10.8.1 activate exit-address-family ! ip http server ip http authentication local ip http secure-server ip http secure-client-auth ip http client source-interface ATM0/3/0.1 ip forward-protocol nd ip nat inside source list 100 interface Cellular0/2/0 overload ip route 10.10.23.16 255.255.255.248 10.130.253.65 ip route 10.10.23.17 255.255.255.255 Cellular0/2/0 ip route 10.10.23.18 255.255.255.255 Cellular0/2/0 ip route 172.16.25.0 255.255.255.0 10.10.8.1 ! ! ip access-list standard fgs-xyz-Subnets 10 permit 10.10.126.0 0.0.0.255 ip access-list standard Device-MGMT 40 permit 10.10.126.30 10 permit 10.10.1.0 0.0.0.255 20 permit 10.10.24.0 0.0.0.255 30 permit 10.10.20.0 0.0.0.255 50 permit any ! ! ip sla 1 icmp-echo 10.10.23.17 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 10.10.23.18 ip sla schedule 2 life forever start-time now ip sla 3 icmp-echo 10.133.207.50 ip sla schedule 3 life forever start-time now ip access-list standard 1 10 permit 10.10.126.0 0.0.0.255 ip access-list extended 100 10 permit ip any any dialer-list 1 protocol ip permit ! snmp-server community fgsP0rtnox RO snmp-server enable traps snmp linkdown linkup snmp-server host 10.10.42.11 fgsP0rtnox snmp-server host 10.10.42.12 fgsP0rtnox snmp ifmib ifindex persist ! ! ! ! ! ! end