hostname SPOKE2 ! aaa new-model ! aaa authorization network FLEXVPN_LOCAL local ! aaa session-id common ! ip vrf COE rd 1:1 route-target export 1:1 route-target import 1:1 ! no ip domain lookup ip domain name FLEXVPN.LAB ! subscriber templating ! crypto ikev2 authorization policy IKEV2_AUTHORIZATION route set interface ! crypto ikev2 keyring IKEV2_KEYRING peer SPOKE_ROUTERS address 0.0.0.0 0.0.0.0 pre-shared-key local CISCO pre-shared-key remote CISCO ! ! crypto ikev2 profile IKEV2_PROFILE match identity remote fqdn domain FLEXVPN.LAB identity local fqdn SPOKE2.FLEXVPN.LAB authentication remote pre-share authentication local pre-share keyring local IKEV2_KEYRING aaa authorization group psk list FLEXVPN_LOCAL IKEV2_AUTHORIZATION ! crypto ipsec profile IPSEC_PROFILE set ikev2-profile IKEV2_PROFILE ! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ! interface Loopback202 ip vrf forwarding COE ip address 10.55.1.1 255.255.255.255 ! interface Tunnel0 ip address negotiated ip nhrp network-id 1 ip nhrp shortcut virtual-template 1 ip nhrp redirect mpls nhrp mpls bgp forwarding tunnel source GigabitEthernet1 tunnel destination 192.168.1.254 tunnel protection ipsec profile IPSEC_PROFILE ! interface GigabitEthernet1 ip address 192.168.1.2 255.255.255.0 negotiation auto ! interface Virtual-Template1 type tunnel ip unnumbered Tunnel0 ip nhrp network-id 1 ip nhrp shortcut virtual-template 1 ip nhrp redirect mpls nhrp tunnel source GigabitEthernet1 tunnel protection ipsec profile IPSEC_PROFILE ! router bgp 1 bgp router-id 2.2.2.2 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor HUB peer-group neighbor HUB remote-as 1 neighbor HUB update-source Tunnel0 neighbor 172.16.0.1 peer-group HUB ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor HUB send-community extended neighbor 172.16.0.1 activate exit-address-family ! address-family ipv4 vrf COE redistribute connected exit-address-family ! route-map CONNECTED_to_OSPF permit 10 match interface Loopback1 set metric 1 set metric-type type-1 ! end