! Last configuration change at 01:07:04 UTC Fri Jul 6 2018 by admin
! NVRAM config last updated at 21:48:45 UTC Thu Jul 5 2018 by admin
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname est-test-4431
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging console notifications
enable password not4long
!
no aaa new-model
clock calendar-valid
!
crypto pki trustpoint TP-self-signed-1278651026
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1278651026
 revocation-check none
 rsakeypair TP-self-signed-1278651026
!
crypto pki trustpoint test-root-ca
 enrollment terminal pem
 revocation-check none
 rsakeypair test-root-ca
 storage nvram:
!
crypto pki trustpoint tp-rsa2048-est
 enrollment profile pf-rsa2048-est
 usage ike
 subject-name CN=TestingVPN,OU=Stuff
 chain-validation continue test-root-ca
 revocation-check none
 rsakeypair kp-rsa2048-est 2048
 storage nvram:
 eku request server-auth client-auth ipsec-tunnel
!
crypto pki profile enrollment pf-rsa2048-est
 method-est
 authentication url  https://192.168.35.80:443/
 enrollment url  https://ipSec:<password>@192.168.35.80:443/
!
crypto pki certificate map cert-map-rsa2048-est 10
 subject-name co ou = myOU
!
crypto pki certificate chain TP-self-signed
crypto pki certificate chain test-root-ca
 certificate ca 01
  3082037D 
	.
	.
	.
	(Certificate data)
	.
	.
	.
crypto pki certificate chain tp-rsa2048-est
 certificate 0832
  308204A3 
	.
	.
	.
	(Certificate data)
	.
	.
	.
        quit
 certificate ca 0591
  308204B8 
	.
	.
	.
	(Certificate data)
	.
	.
	.
	quit
!
crypto isakmp policy 10
 encr aes
 hash sha256
 group 14
crypto isakmp identity dn
crypto isakmp profile pf-isakmp-rsa2048-est
   self-identity address
   ca trust-point test-root-ca
   ca trust-point tp-rsa2048-est
   match certificate cert-map-rsa2048-est
!
!
crypto ipsec transform-set ts-rsa2048-est esp-aes esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile pf-ipsec-rsa2048-est
 set transform-set ts-rsa2048-est
 set isakmp-profile pf-isakmp-rsa2048-est
!
crypto map map-rsa2048-est 10 ipsec-isakmp
 set peer 192.168.81.134