SchulenburgVPN#sh run Building configuration... Current configuration : 8284 bytes ! ! Last configuration change at 09:55:20 CDT Wed Jul 3 2024 ! version 17.3 service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service sequence-numbers no service dhcp service call-home platform qfp utilization monitor load 80 platform punt-keepalive disable-kernel-core platform hardware throughput crypto unthrottled ! hostname SchulenburgVPN ! boot-start-marker boot-end-marker ! ! enable secret 9 ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff no aaa new-model clock timezone CST -6 0 clock summer-time CDT recurring ! ! ! ! ! ! ! ip name-server 4.2.2.1 4.2.2.2 no ip domain lookup ip domain name sburg.kemlon.com ! ! ! login on-success log ! ! ! ! ! ! ! subscriber templating ! ! ! ! ! multilink bundle-name authenticated no device-tracking logging theft ! ! ! crypto pki trustpoint TP-self-signed-2016010698 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2016010698 revocation-check none rsakeypair TP-self-signed-2016010698 ! crypto pki trustpoint SLA-TrustPoint enrollment pkcs12 revocation-check crl ! ! crypto pki certificate chain TP-self-signed-2016010698 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32303136 30313036 3938301E 170D3234 30323139 32303233 30325A17 0D333430 32313832 30323330 325A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30313630 31303639 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100C577 2C90D09D E922C3E3 6536007F 0D7B3203 0935BE44 F6E95757 3ED7D215 D9D5AAD7 FFE1D42E 6C39F1BD E1724584 CD3CC04D 7E3882AA E2084F89 478E41C1 2DAFBF77 4FE349CD CDF91E2B 7D5D45B4 5FF1A107 727A6E99 F5FD6595 DD48DEEF 8C3E438D C56DB18A 68833A66 6BE3FCFA 5DA2BBEA E891E147 B0820809 6A0C90BF CDF2A3FC 4ADEFC95 5C2D2FD0 D9058106 FB6750C7 01286EBA CE03627D EA3B103C 23F20D18 447A4A52 6EEDA27D 582A21B2 5B44547F 9618796A 92FD4FEE FD3288CD D5936BB3 C958E886 CF5D68CD 449F7D9D 9839A03F 52077B8E 9B8F97C3 2EBE1ED4 D7DEEBF7 23DE68EC 41BBCA9F DED36DA4 A9FE7D0D 5E4F3ECE 60DCC2BB 57879229 C7070203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1433F528 D74912AF 33040F32 15F94EA6 FF1103E8 FF301D06 03551D0E 04160414 33F528D7 4912AF33 040F3215 F94EA6FF 1103E8FF 300D0609 2A864886 F70D0101 05050003 82010100 43AC7D81 311105AD 959FBBD9 C5447D57 21D1FC87 F4F0FBA6 236F58DB 323B9E19 33F3B270 F6BF10D6 A03160B4 2BA3C629 9DDAA02C F1BD8BDB CE4053EC 4B4E72DC A90493E2 5FEA23BC 07BDC6E7 AD87F794 2A2D1847 D57CAFB0 60AD2A83 B07F54F5 ABA11A5E 3BBDEB78 7946DD07 8F602E14 B30E05EC 635AB427 8CCC24B8 E978E505 21851A49 F85C9744 36D5B9B1 1871DDCF 5CE113F8 1D69D491 7B334EEC 79503016 B7F6C80A 197E2A52 2847689D 26C33C87 19796082 1A83215A 2465C6F2 C1843CC0 0A865A2E 70819C2C 4E1BA128 95971DD9 67C0D9ED 5D8BEFCD 1D8B5A7E C8429B3F 3E323D35 991E1566 2A2703A1 FA047B66 11177563 84310ED5 03FF3949 FB19DEAB quit crypto pki certificate chain SLA-TrustPoint certificate ca 01 30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934 3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720 526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520 1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE 4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC 7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188 68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7 C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191 C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44 DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85 4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500 03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905 604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8 467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C 7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B 5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678 80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB 418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0 D697DF7F 28 quit ! ! license feature hseck9 license udi pid C1101-4P sn XXXXXXXXXXXXXXX license boot level securityk9 memory free low-watermark processor 71801 ! diagnostic bootup level minimal ! spanning-tree extend system-id ! username schulciscoc1011 privilege 15 secret 9 EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE ! redundancy mode none ! ! ! ! ! vlan internal allocation policy ascending ! ! ! ! ! ! ! crypto isakmp policy 1 encryption aes 256 hash sha256 authentication pre-share group 14 lifetime 14400 crypto isakmp key ZZZZZZZZZZZZZZZ address xx.xx.xx.xx 255.255.255.192 no-xauth crypto isakmp keepalive 15 ! crypto ipsec security-association idle-time 14400 crypto ipsec security-association replay window-size 1024 ! crypto ipsec transform-set esp-aes256 esp-aes 256 esp-sha256-hmac mode tunnel ! ! ! crypto map Pearland 1 ipsec-isakmp description ipsec to Pearland set peer xx.xx.xx.xx default set security-association idle-time 120 default set transform-set esp-aes256 set pfs group14 match address 100 ! ! ! ! ! ! ! ! interface GigabitEthernet0/0/0 description Connection to fiber WAN ip address xx.xx.xx.xx 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp ip verify unicast reverse-path ip access-group 110 in negotiation auto snmp trap ip verify drop-rate crypto map Pearland crypto ipsec df-bit clear ! interface GigabitEthernet0/1/0 ! interface GigabitEthernet0/1/1 ! interface GigabitEthernet0/1/2 ! interface GigabitEthernet0/1/3 switchport access vlan 2 ! interface Vlan1 description Inside network connection ip address 192.168.200.250 255.255.255.0 no ip redirects no ip unreachables ip tcp adjust-mss 1438 ! interface Vlan2 description for testing ip address 192.168.122.253 255.255.255.0 ! router rip network 192.168.200.0 no auto-summary ! ip default-gateway xx.xx.xx.xx ip tcp synwait-time 10 ip http server ip http authentication local ip http secure-server ip forward-protocol nd ip default-network 0.0.0.0 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx ip route 192.168.200.0 255.255.255.0 Vlan1 ip ssh time-out 60 ip ssh authentication-retries 4 ! ! ! ip access-list extended 100 10 remark Pearland ipsec internal addresses 10 permit ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255 ip access-list extended 110 10 remark Pearland VPN access 10 permit ip host xx.xx.xx.xx host 66.220.129.43 20 permit esp host xx.xx.xx.xx any 30 permit udp host xx.xx.xx.xx any eq isakmp 40 permit udp host xx.xx.xx.xx any eq non500-isakmp ! ! ! control-plane ! banner login ^C Schulenburg VPN 192.168.200.250 connection to Pearland ^C ! line con 0 exec-timeout 240 0 stopbits 1 line vty 0 4 exec-timeout 240 0 password zzzzzzzzz login transport input telnet ssh transport output all ! call-home ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. contact-email-addr sch-smart-licensing@cisco.com profile "CiscoTAC-1" active destination transport-method http ! ! ! ! ! ! end SchulenburgVPN#