R1#show run Building configuration... Current configuration : 6787 bytes ! ! Last configuration change at 11:19:11 UTC Wed Jul 21 2021 ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ip vrf CUST-A ! ! ! ! ip domain name LAB.NET ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! crypto pki trustpoint RCA enrollment url http://2.2.2.2:80 subject-name cn=R1.LAB.NET revocation-check none ! ! ! crypto pki certificate map CERT 10 issuer-name co lab ! crypto pki certificate chain RCA certificate 04 3082028E 308201F7 A0030201 02020104 300D0609 2A864886 F70D0101 05050030 15311330 11060355 0403130A 52322E4C 41422E4E 4554301E 170D3231 30373231 31313032 35385A17 0D323230 37323131 31303235 385A3030 31133011 06035504 03130A52 312E4C41 422E4E45 54311930 1706092A 864886F7 0D010902 160A5231 2E4C4142 2E4E4554 30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 00CB6BE8 4552B5C1 194C08E9 347C355F 5D9D3E9D 8A070A03 24912908 A03B7AAA 41BB1575 3A5034B3 3F9D2622 099925AE EC65505A 61DF5D2D 0E8CF44A E27B39D4 E427E09E AAF0C71D ED261BAA C7BFDE64 E51A25CE F65CF53A 11F2544E DA029990 88ACB947 659813B5 EDD1B62B 2084EAD5 A7F378A1 1FC8BEE5 41CFDDC3 C3591F1A 65CD5E39 1FA6EA15 1FFC6097 7C139F2C B7A8EA9F 5A86813E B14BB22A 92F10850 DAAB84D9 FE1DDC60 E02BB8BE 6A7FA554 0F6D32D0 FFC342E6 B4E51EA9 69BDB953 4E215DE0 ABB687E7 64084A20 F5CCD546 24012A4C 5B39BB61 5C7BD5AB A0976B6D 0C405D52 BD09AC47 E8FD211C 3F63C7C3 A1523BF5 9A82D27D 419058E9 5A6FE6CD 7D020301 0001A34F 304D300B 0603551D 0F040403 0205A030 1F060355 1D230418 30168014 3537C805 A182D74D 98BE5EE5 448D396C A50B5478 301D0603 551D0E04 16041443 5EC256DD 576ED885 6B2EF6AC DD17AC59 A1200D30 0D06092A 864886F7 0D010105 05000381 81009607 4D1F5607 9DA626ED E27747F9 F5C30B3D AFFABA5A 31470801 E4E8B5A7 F19BAD9A 908DDF2F 03C93C01 84E9681B 63FE8D27 0B3C6003 2EE5FE1B 0D209871 5769CC73 30ABA21D 05D0501B 72CD8A2B 612C5373 CCF538E5 7AF1E422 7427CB43 EEEA89C8 EEBFD7D6 D8F6844D AC164A10 FA7841CD B6F2B5D5 F4DA4305 C6801D12 DEFA quit certificate ca 01 30820203 3082016C A0030201 02020101 300D0609 2A864886 F70D0101 04050030 15311330 11060355 0403130A 52322E4C 41422E4E 4554301E 170D3231 30373231 31313030 35385A17 0D323430 37323031 31303035 385A3015 31133011 06035504 03130A52 322E4C41 422E4E45 5430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100DC51 70649B8F 899354D0 9908B913 C02C8953 E9B48996 9EA6125D 9C589BF9 25431917 12EE9036 E2152ECA 9DADF88A 85A99CE8 A691CDB1 16453EDB B18D05FC 66AD80F7 02C7CB67 EA3E4FC9 538EA6B4 A2BFC409 4168633D 97AF9BF8 2F9AB148 994BF9EF 9B2320B7 C21C0C5B 2F2046A4 1A61682B B96E5763 96F66029 CE1FAD51 A6650203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D0F01 01FF0404 03020186 301F0603 551D2304 18301680 143537C8 05A182D7 4D98BE5E E5448D39 6CA50B54 78301D06 03551D0E 04160414 3537C805 A182D74D 98BE5EE5 448D396C A50B5478 300D0609 2A864886 F70D0101 04050003 81810038 4DEA02DC 0EE6C91E 4DF2BEF5 0BC81238 80D51111 DA3468B5 33F064D9 9ACF3DDA DA3ED2D4 D4A14F94 91F37377 B97DAD51 FD1168B0 460A75F3 1CDF8F2E 45250BE9 19D0D799 39C689CF 18BF3DF7 FF900A3F 418B4606 4DCE1201 069D9C89 C2A0E5F9 D6DF35CA 66481270 DAE73B7A 02B124D5 F3E2FE88 69A0C40B 35408B64 F8DC23 quit ! redundancy ! ! ! ! crypto ikev2 proposal PROP encryption 3des integrity sha1 group 2 ! crypto ikev2 policy POL match fvrf CUST-A proposal PROP ! ! crypto ikev2 profile PROF match fvrf CUST-A match certificate CERT identity local fqdn R1.LAB.NET authentication local rsa-sig authentication remote rsa-sig pki trustpoint RCA ! ! ! ! ! crypto gkm group GROUP identity number 1 server address ipv4 2.2.2.2 client protocol gikev2 PROF ! ! crypto map CMAP 1 gdoi set group GROUP ! ! ! ! ! interface Loopback1 ip address 10.10.1.1 255.255.255.0 ! interface GigabitEthernet0/0 ip address 2.2.2.1 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 ip vrf forwarding CUST-A ip address 3.3.3.1 255.255.255.0 duplex auto speed auto media-type rj45 crypto map CMAP ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/3 no ip address shutdown duplex auto speed auto media-type rj45 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip route 3.3.3.0 255.255.255.0 GigabitEthernet0/1 ip route vrf CUST-A 2.2.2.2 255.255.255.255 2.2.2.2 global ! ! ! ! control-plane ! banner exec ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner incoming ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner login ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login transport input none ! no scheduler allocate ntp authentication-key 1 md5 1511021F0725 7 ntp authenticate ntp trusted-key 1 ntp server 2.2.2.2 key 1 ! end R1#