! Last configuration change at 17:30:22 UTC Fri Nov 11 2022 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DMVPN-SPOKE-TEST
!
boot-start-marker
boot-end-marker
!
!
vrf definition FVRF
 !
 address-family ipv4
 exit-address-family
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FGL164325TY
!
!
object-group network OUTSIDE
 host 1.1.1.1
!
!
redundancy
crypto ikev2 proposal DMVPN-IKE-PROPOSAL
 encryption aes-cbc-256
 integrity sha384
 group 14
!
crypto ikev2 policy DMVPN-IKE-POLICY
 match fvrf FVRF
 proposal DMVPN-IKE-PROPOSAL
!
crypto ikev2 keyring DMVPN-IKE-KEYRING
 peer ALL-SPOKES
  description DMVPN-KEYRING
  address 0.0.0.0 0.0.0.0
  pre-shared-key kcB/"9mc7a[&9Y%
 !
!
!
crypto ikev2 profile DMVPN-IKE-PROFILE
 match fvrf FVRF
 match identity remote address 0.0.0.0
 authentication local pre-share
 authentication remote pre-share
 keyring DMVPN-IKE-KEYRING
!
!
!
!
!
!
crypto ipsec transform-set DMVPN-IPSEC-TSET esp-aes 256 esp-sha256-hmac
 mode transport
!
crypto ipsec profile DMVPN-IPSEC-PROFILE
 set transform-set DMVPN-IPSEC-TSET
 set ikev2-profile DMVPN-IKE-PROFILE
!
!
!
!
!
!
interface Tunnel0
 ip address 10.214.0.10 255.255.254.0
 no ip redirects
 ip mtu 1400
 ip nhrp map 10.214.0.2 1.2.3.4
 ip nhrp map multicast 1.2.3.4
 ip nhrp network-id 2
 ip nhrp nhs 10.214.0.1 priority 1 cluster 1
 ip nhrp nhs 10.214.0.2 priority 2 cluster 1
 ip nhrp nhs cluster 1 max-connections 2
 ip nhrp nhs fallback 5
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 2
 tunnel vrf FVRF
 tunnel protection ipsec profile DMVPN-IPSEC-PROFILE
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 192.168.10.186 255.255.255.0
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 vrf forwarding FVRF
 ip address 1.1.1.1 255.255.255.248
 ip access-group permit_vpn in
 duplex auto
 speed auto
!
!
router eigrp 1000
 network 10.0.0.0
 redistribute connected
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1
ip route vrf FVRF 0.0.0.0 0.0.0.0 1.1.1.2
!
ip access-list extended permit_vpn
 permit esp any object-group OUTSIDE
 permit gre any object-group OUTSIDE
 permit udp any object-group OUTSIDE eq isakmp
 permit udp any object-group OUTSIDE eq non500-isakmp
 permit icmp any object-group OUTSIDE
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
end