version 15.5 service timestamps debug datetime msec service timestamps log datetime msec no platform punt-keepalive disable-kernel-core ! hostname HUB1 ! boot-start-marker boot system flash bootflash:asr1001-universalk9.03.16.02.S.155-3.S2-ext.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! aaa new-model ! ! aaa authorization network FLEXVPN_LOCAL local ! ! ! ! ! aaa session-id common ! ip vrf COE rd 1:1 route-target export 1:1 route-target import 1:1 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! subscriber templating ! mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! license udi pid ASR1001 sn JAE17110A5M ! spanning-tree extend system-id ! ! redundancy mode none ! crypto ikev2 authorization policy IKEV2_AUTHORIZATION pool FLEXVPN_POOL route set interface ! ! ! crypto ikev2 keyring IKEV2_KEYRING peer SPOKE_ROUTERS address 0.0.0.0 0.0.0.0 pre-shared-key local CISCO pre-shared-key remote CISCO ! ! ! crypto ikev2 profile IKEV2_PROFILE match identity remote fqdn domain FLEXVPN.LAB identity local fqdn HUB.FLEXVPN.LAB authentication local pre-share authentication remote pre-share keyring local IKEV2_KEYRING aaa authorization group psk list FLEXVPN_LOCAL IKEV2_AUTHORIZATION virtual-template 1 ! ! ! ! ! ! ! ! ! ! ! ! ! crypto ipsec profile IPSEC_PROFILE set ikev2-profile IKEV2_PROFILE ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback1 ip address 11.11.11.11 255.255.255.255 ! interface Loopback202 ip vrf forwarding COE ip address 10.33.1.1 255.255.255.255 ! interface Port-channel1 no ip address load-interval 30 no negotiation auto load-balancing vlan ! interface Port-channel1.601 encapsulation dot1Q 601 ip address 192.168.1.254 255.255.255.0 ! interface Tunnel0 ip address 172.16.1.254 255.255.255.255 no ip redirects ip nhrp network-id 1 ip nhrp redirect mpls nhrp tunnel source Port-channel1.601 tunnel mode gre multipoint tunnel protection ipsec profile IPSEC_PROFILE ! interface GigabitEthernet0/0/0 no ip address load-interval 30 negotiation auto cdp enable no cdp tlv app channel-group 1 ! interface GigabitEthernet0/0/1 no ip address load-interval 30 negotiation auto cdp enable no cdp tlv app channel-group 1 ! ! interface Virtual-Template1 type tunnel ip unnumbered Tunnel0 ip nhrp network-id 1 ip nhrp redirect mpls nhrp tunnel protection ipsec profile IPSEC_PROFILE ! router ospf 1 router-id 11.11.11.11 ispf log-adjacency-changes detail redistribute connected subnets route-map CONNECTED_to_OSPF network 172.16.1.0 0.0.0.255 area 1 ! router bgp 1 bgp router-id 11.11.11.11 bgp always-compare-med bgp log-neighbor-changes bgp deterministic-med no bgp default ipv4-unicast timers bgp 4 12 neighbor SPOKE peer-group neighbor SPOKE remote-as 1 neighbor SPOKE update-source Loopback1 neighbor 1.1.1.1 peer-group SPOKE neighbor 2.2.2.2 peer-group SPOKE ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor SPOKE send-community both neighbor SPOKE route-reflector-client neighbor 1.1.1.1 activate neighbor 2.2.2.2 activate exit-address-family ! address-family ipv4 vrf COE redistribute connected default-information originate exit-address-family ! ip local pool FLEXVPN_POOL 172.16.1.1 172.16.1.20 ! ip route vrf COE 0.0.0.0 0.0.0.0 Null0 ! ! route-map CONNECTED_to_OSPF permit 10 match interface Loopback1 set metric 1 set metric-type type-1 ! ! ! !