Building configuration...

Current configuration : 4639 bytes
!
! Last configuration change at 23:56:21 UTC Wed Jun 8 2022 by azureuser
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname CISCOCloudRouter
!
boot-start-marker
boot-end-marker
!
!
vrf definition GS
 rd 100:100
 !
 address-family ipv4
 exit-address-family
!
logging persistent size 1000000 filesize 8192 immediate
!
aaa new-model
!
!
aaa authorization exec default local none
aaa authorization network FLEXVPN_LOCAL local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
ip domain name CISCOCloudRouter.cloudapp.net
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1929639342
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1929639342
 revocation-check none
 rsakeypair TP-self-signed-1929639342
!
!
crypto pki certificate chain TP-self-signed-1929639342
 certificate self-signed 01
  
         quit
!
license udi pid CSR1000V sn 
license boot level security
no license smart enable
diagnostic bootup level minimal
!
!
!
username azureuser privilege 15
!
redundancy
!
crypto ikev2 authorization policy IKEV2_AUTHORIZATION
 route set interface
 route set access-list FLEXVPN_ROUTES
!
!
!
crypto ikev2 keyring IKEV2_KEYRING
 peer SPOKE_ROUTER
  address 0.0.0.0 0.0.0.0
  pre-shared-key local XXXXXXXXXXXXXXXX
  pre-shared-key remote XXXXXXXXXXXXXXXX
 !
!
!
crypto ikev2 profile IKEV2_PROFILE
 match identity remote fqdn domain FLEXVPN.LAB
 identity local fqdn HUB.FLEXVPN.LAB
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEV2_KEYRING
 aaa authorization group psk list FLEXVPN_LOCAL IKEV2_AUTHORIZATION
 virtual-template 1
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto ipsec profile IPSEC_PROFILE
 set ikev2-profile IKEV2_PROFILE
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.1.254 255.255.255.255
!
interface Loopback2
 ip address 172.16.11.1 255.255.255.0
!
interface GigabitEthernet1
 ip address dhcp
 negotiation auto
!
interface Virtual-Template1 type tunnel
 ip unnumbered Loopback1
 tunnel protection ipsec profile IPSEC_PROFILE
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 172.16.5.0 255.255.255.0 Loopback1
!
ip ssh rsa keypair-name sshkeys
ip ssh pubkey-chain
  username azureuser
   key-hash ssh-rsa
ip scp server enable
!
!
ip access-list standard FLEXVPN_ROUTES
 permit any
!
!
!
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 1
 length 0
line vty 2 4
!
!
!
!
!
!
end