. Current configuration : 12330 bytes ! ! version 17.3 service timestamps debug datetime msec service timestamps log datetime msec service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core platform hardware throughput crypto 50000 ! hostname Router ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log logging buffered 8192 enable secret 9 $9$wG5S.xDy6sfyfU$YiXSOH4y0Th9LLKUB1lI6tgWsprlKQDtLXw3COofbJY ! aaa new-model ! ! aaa authentication login default local aaa authorization console aaa authorization exec default local ! ! ! ! ! ! aaa session-id common clock timezone EST -5 0 clock summer-time summer recurring clock calendar-valid no ip gratuitous-arps ! ! ! ! ! ! ! ip name-server 8.8.8.8 no ip domain lookup ip domain name customerdomain.com ! ! ! login on-success log ipv6 unicast-routing ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated no device-tracking logging theft ! ! ! crypto pki trustpoint TP-self-signed-2115910046 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2115910046 revocation-check none rsakeypair TP-self-signed-2115910046 ! crypto pki trustpoint SLA-TrustPoint enrollment terminal revocation-check crl ! ! crypto pki certificate chain TP-self-signed-2115910046 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32313135 39313030 3436301E 170D3233 30363039 31323534 F70D0101 05050003 82010100 81EDE612 252176C8 13512811 448DC91C 5CA5EA3E 4AEBC5D6 F53E46E8 A6172818 572BAEBE 40F8388F 55DD6D99 B5A84505 E8E93A3B DC9DCEA0 19FC7275 996C36DD 8E7F93E1 1CB98899 936E709D 01FC5CED 78F4EDDF 1BA05832 86A09A04 5F83D5EC F01B696D FE1D050F 79837073 6EAB0512 81705990 99FAA682 2340157B 1CF3A2CD E36BCFBC 98B6A10B 2300BD4C BFB654CF 9B007440 F5754A8C 3CF7369D 3D975ADC 7870BEF5 533930F8 0D8A6C2C 75CA76D5 F9E978B9 846D01C4 E9DB8D64 0A9A9579 DEA63691 98AF59B6 E71A3F7D 90042B72 151430FD A391BA2B F2159935 75201AC9 9D6FD49A 15F578F5 112F5A16 CC026678 1A1A2321 22D4C880 AEDE6A56 B689BA31 quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! ! no license feature hseck9 license udi pid C1121-4P sn SN#XXXXXXX license boot level securityk9 license smart url https://smartreceiver.cisco.com/licservice/license license smart url smart https://smartreceiver.cisco.com/licservice/license license smart transport smart memory free low-watermark processor 71810 ! ! ! ! ! object-group service ProtocolInspect icmp tcp udp tcp eq www tcp-udp eq 443 tcp eq pop3 tcp eq smtp udp eq tftp tcp eq ftp tcp eq ftp-data tcp-udp eq 995 tcp eq 443 ! diagnostic bootup level minimal ! spanning-tree extend system-id ! username XXXXX privilege 15 secret 9 XXXX ! redundancy mode none ! ! ! ! ! vlan internal allocation policy ascending ! ! class-map type inspect match-any InsideToOutsideCMAP match access-group name InsideToOutsideACL class-map type inspect match-any OutsideToInsideCMAP match access-group name OutsideToInsideACL class-map type inspect match-any OutsideToSelfCMAP match access-group name OutsideToSelfACL class-map type inspect match-all SelfToOutsideCMAP match access-group name SelfToOutsideACL ! policy-map type inspect SelfToOutsidePMAP class type inspect SelfToOutsideCMAP inspect class class-default drop policy-map type inspect OutsideToSelfPMAP class type inspect OutsideToSelfCMAP inspect class class-default drop policy-map type inspect InsideToOutsidePMAP class type inspect InsideToOutsideCMAP inspect class class-default drop policy-map type inspect OutsideToInsidePMAP class type inspect OutsideToInsideCMAP inspect class class-default drop ! zone security inside zone security outside zone-pair security InsideToOutside source inside destination outside service-policy type inspect InsideToOutsidePMAP zone-pair security OutsideToInside source outside destination inside service-policy type inspect OutsideToInsidePMAP zone-pair security OutsideToSelf source outside destination self service-policy type inspect OutsideToSelfPMAP zone-pair security SelfToOutside source self destination outside service-policy type inspect SelfToOutsidePMAP ! ! ! ! ! ! crypto isakmp policy 5 hash md5 authentication pre-share group 2 crypto isakmp key ********(&dfgr address X.X.X.X no-xauth crypto isakmp invalid-spi-recovery ! ! crypto ipsec transform-set RTP-TRANSFORM esp-des esp-md5-hmac mode tunnel ! ! ! crypto map RTPCLIENT 5 ipsec-isakmp set peer Y.Y.Y.Y set transform-set RTP-TRANSFORM set pfs group2 match address Newhost crypto map RTPCLIENT 12 ipsec-isakmp set peer X.X.X.X set transform-set RTP-TRANSFORM set pfs group2 match address host ! ! ! ! ! ! ! ! interface Loopback1 ip address 10.10.10.1 255.255.255.0 ! interface Tunnel1 bandwidth 10 ip address 10.9.12.2 255.255.255.252 ip mtu 1006 zone-member security inside delay 1000 tunnel source WAN IP tunnel destination Y.Y.Y.Y ! interface Tunnel12 bandwidth 1000 ip address 10.11.12.2 255.255.255.252 ip mtu 1006 zone-member security inside delay 10 tunnel source WAN IP tunnel destination X.X.X.X ! interface GigabitEthernet0/0/0 description to Internet ip address WAN IP 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside zone-member security outside ip policy route-map nonat negotiation auto crypto map RTPCLIENT ip virtual-reassembly ! interface GigabitEthernet0/0/1 no ip address shutdown negotiation auto ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 ! interface Vlan1 description to local LAN ip address 172.22.12.1 255.255.255.0 ip nat inside zone-member security inside ip tcp adjust-mss 1452 ip virtual-reassembly ! ! router eigrp 100 network 10.9.12.0 0.0.0.3 network 10.10.12.0 0.0.0.3 network 10.11.12.0 0.0.0.3 network 172.22.12.0 0.0.0.255 ! no ip http server no ip http secure-server ip http client source-interface GigabitEthernet0/0/0 ip forward-protocol nd no ip nat service sip udp port 5060 ip nat inside source route-map NAT interface GigabitEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 GW IP ip ssh time-out 60 ip ssh version 2 ! ! ip access-list extended InsideToOutsideACL 10 permit object-group ProtocolInspect 172.22.12.0 0.0.0.255 any ip access-list extended Newhost 10 permit gre host WAN IP host Y.Y.Y.Y ip access-list extended OutsideToInsideACL 10 permit ip 172.22.11.0 0.0.0.255 172.22.12.0 0.0.0.255 ip access-list extended OutsideToSelfACL 10 permit icmp Headend Public IP 0.0.255.255 any 12 deny tcp any any eq domain 13 deny udp any any eq domain 20 permit udp any host WAN IP eq isakmp 30 permit udp any host WAN IP eq non500-isakmp 40 permit ahp any host WAN IP 50 permit esp any host WAN IP 60 permit gre any host WAN IP 80 permit tcp Headend Public IP 0.0.255.255 any eq 22 90 permit ip host Y.Y.Y.Y host WAN IP 100 permit ip host X.X.X.X host WAN IP 110 permit ip host 205.173.227.14 any 120 permit udp host NTP_Srv IP host WAN IP eq ntp ip access-list extended SelfToOutsideACL 10 permit icmp any any 20 permit udp any any eq isakmp 30 permit udp any any eq non500-isakmp 40 permit ahp any any 50 permit esp any any 60 permit gre any any 70 permit udp any any eq tftp ip access-list extended host 10 permit gre host WAN IP host X.X.X.X ip access-list extended nating 10 deny ip 172.22.12.0 0.0.0.255 172.22.11.0 0.0.0.255 20 permit ip 172.22.12.0 0.0.0.255 any ip access-list extended nonat 10 permit ip 172.22.12.0 0.0.0.255 172.22.11.0 0.0.0.255 ! ip access-list standard 10 10 remark VTY access 10 permit any log ! route-map NAT permit 5 match ip address nating ! route-map nonat permit 10 match ip address nonat set ip next-hop 10.10.10.2 ! ! ! ! ! control-plane ! banner exec ^CC ::::: Router ::::: ^C banner motd ^CC WARNING: Restricted and Authorized Access ONLY! If you are an unauthorized user of this system please exit immediately! All transactions are being logged for security purposes. ^C ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line vty 0 4 exec-timeout 20 0 logging synchronous transport input ssh ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ntp server NTP_Srv IP ! ! ! ! ! ! end Router#sh ver Cisco IOS XE Software, Version 17.03.04a Cisco IOS Software [Amsterdam], ISR Software (ARMV8EL_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.4a, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2021 by Cisco Systems, Inc. Compiled Tue 20-Jul-21 04:11 by mcpre Cisco IOS-XE software, Copyright (c) 2005-2021 by cisco Systems, Inc. All rights reserved. Certain components of Cisco IOS-XE software are licensed under the GNU General Public License ("GPL") Version 2.0. The software code licensed under GPL Version 2.0 is free software that comes with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such GPL code under the terms of GPL Version 2.0. For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. ROM: (c) Router uptime is 1 week, 5 days, 21 hours, 13 minutes Uptime for this control processor is 1 week, 5 days, 21 hours, 14 minutes System returned to ROM by PowerOn System restarted at 07:11:52 summer Mon Jun 19 2023 System image file is "bootflash:c1100-universalk9.17.03.04a.SPA.bin" Last reload reason: PowerOn This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Suite License Information for Module:'esg' -------------------------------------------------------------------------------- Suite Suite Current Type Suite Next reboot -------------------------------------------------------------------------------- FoundationSuiteK9 None Smart License None securityk9 appxk9 Technology Package License Information: ----------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------ appxk9 None Smart License None uck9 None Smart License None securityk9 securityk9 Smart License securityk9 ipbase ipbasek9 Smart License ipbasek9 The current throughput level is unthrottled Smart Licensing Status: Registration Not Applicable/Not Applicable cisco C1121-4P (1RU) processor with 1414423K/6147K bytes of memory. Processor board ID SN#XXXXXXX Router operating mode: Autonomous 1 Virtual Ethernet interface 6 Gigabit Ethernet interfaces 32768K bytes of non-volatile configuration memory. 4194304K bytes of physical memory. 2945023K bytes of flash memory at bootflash:. Configuration register is 0x2102 Router#sh lice all Smart Licensing Status ====================== Smart Licensing is ENABLED License Conversion: Automatic Conversion Enabled: False Status: Not started Export Authorization Key: Features Authorized: Utility: Status: DISABLED Smart Licensing Using Policy: Status: ENABLED Data Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLED Transport: Type: Smart URL: https://smartreceiver.cisco.com/licservice/license Proxy: Not Configured Miscellaneous: Custom Id: Policy: Policy in use: Merged from multiple sources. Reporting ACK required: yes (CISCO default) Unenforced/Non-Export Perpetual Attributes: First report requirement (days): 365 (CISCO default) Reporting frequency (days): 0 (CISCO default) Report on change (days): 90 (CISCO default) Unenforced/Non-Export Subscription Attributes: First report requirement (days): 90 (CISCO default) Reporting frequency (days): 90 (CISCO default) Report on change (days): 90 (CISCO default) Enforced (Perpetual/Subscription) License Attributes: First report requirement (days): 0 (CISCO default) Reporting frequency (days): 0 (CISCO default) Report on change (days): 0 (CISCO default) Export (Perpetual/Subscription) License Attributes: First report requirement (days): 0 (CISCO default) Reporting frequency (days): 0 (CISCO default) Report on change (days): 0 (CISCO default) Usage Reporting: Last ACK received: Jun 09 09:13:00 2023 summer Next ACK deadline: Reporting push interval: 0 (no reporting) Next ACK push check: Jun 09 09:12:59 2023 summer Next report push: Last report push: Jun 09 09:08:00 2023 summer Last report file write: Trust Code Installed: Jun 09 09:07:24 2023 summer License Usage ============= securityk9 (ISR_1100_4P_Security): Description: securityk9 Count: 1 Version: 1.0 Status: IN USE Export status: NOT RESTRICTED Feature Name: securityk9 Feature Description: securityk9 Enforcement type: NOT ENFORCED License type: Perpetual Product Information =================== UDI: PID:C1121-4P,SN:SN#XXXXXXX Agent Version ============= Smart Agent for Licensing: 5.0.9_rel/68 License Authorizations ====================== Overall status: Active: PID:C1121-4P,SN:SN#XXXXXXX Status: NOT INSTALLED Purchased Licenses: No Purchase Information Available Router#sh lice sum License Usage: License Entitlement Tag Count Status ----------------------------------------------------------------------------- securityk9 (ISR_1100_4P_Security) 1 IN USE