Building configuration...

Current configuration : 5609 bytes
!
! Last configuration change at 00:00:01 UTC Thu Jun 9 2022 by admin
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service unsupported-transceiver
!
hostname IR829
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 
enable password 7 
!
aaa new-model
!
!
aaa authorization network FLEXVPN_LOCAL local
!
!
!
!
!
aaa session-id common
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 11 000
!
no ignition enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 172.16.6.2
!
ip dhcp pool TABS
 network 172.16.6.0 255.255.255.0
 default-router 172.16.6.1
 dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool ENGINEERING
 network 172.16.5.0 255.255.255.0
 default-router 172.16.5.1
 dns-server 8.8.8.8 8.8.4.4
!
!
!
ip domain name ir829.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
license udi pid 
!
!
username admin password 7 
!
redundancy

!
crypto ikev2 authorization policy IKEV2_AUTHORIZATION
 route set interface
 route set access-list FLEXVPN_ROUTES
!
!
!
crypto ikev2 keyring IKEV2_KEYRING
 peer HUB
  address [PUBLIC IP]
  pre-shared-key local XXXXXXXXXXXXXXXX
  pre-shared-key remote XXXXXXXXXXXXXXXX
 !
!
!
crypto ikev2 profile IKEV2_PROFILE
 match identity remote fqdn HUB.FLEXVPN.LAB
 identity local fqdn SPOKE.FLEXVPN.LAB
 authentication remote pre-share
 authentication local pre-share
 keyring local IKEV2_KEYRING
!
!
!
controller Cellular 0
 lte sim data-profile 2 attach-profile 2 slot 0
 lte sim fast-switchover enable
 no lte gps enable
 lte modem link-recovery disable
!
!
!
!
!
crypto ipsec profile IPSEC_PROFILE
 set ikev2-profile IKEV2_PROFILE
!
!
!
!
!
!
!
interface Tunnel0
 ip address 192.168.1.1 255.255.255.0
 tunnel source GigabitEthernet0
 tunnel destination [PUBLIC IP]
 tunnel protection ipsec profile IPSEC_PROFILE
!
interface GigabitEthernet0
 mac-address 00f9.74a9.395e
 ip address dhcp client-id GigabitEthernet0
 ip nat outside
 ip virtual-reassembly in
 no ip route-cache
 no autonegotiate
!
interface GigabitEthernet1
 switchport access vlan 10
 switchport mode access
 no ip address
 no mop enabled
 spanning-tree portfast
!
interface GigabitEthernet2
 switchport access vlan 10
 switchport mode access
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet3
 switchport access vlan 10
 switchport mode access
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet4
 switchport access vlan 10
 switchport mode access
 no ip address
 spanning-tree portfast
!
interface Wlan-GigabitEthernet0
 description uplink to access point
 switchport mode trunk
 no ip address
!
interface GigabitEthernet5
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation slip
 load-interval 60
 dialer in-band
 dialer idle-timeout 300
 dialer string lte
 dialer-group 1
 ipv6 address autoconfig
 async mode interactive
 routing dynamic
!
interface Cellular1
 no ip address
 encapsulation slip
 shutdown
!
interface wlan-ap0
 ip address 1.1.1.1 255.255.255.255
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description ENGIEERING
 ip address 172.16.5.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map NAT_CELL
!
interface Vlan20
 description TABLETS
 ip address 172.16.6.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip policy route-map NAT_WAN
!
interface Async0
 no ip address
 encapsulation scada
!
interface Async1
 no ip address
 encapsulation scada
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT_CELL interface Cellular0 overload
ip nat inside source route-map NAT_WAN interface GigabitEthernet0 overload
ip route 172.16.11.0 255.255.255.0 Tunnel0
ip ssh version 2
!
ip access-list standard FLEXVPN_ROUTES
 permit 172.16.5.0
 permit 172.16.6.0
!
ip access-list extended LIST_CELL
 deny   ip 172.16.6.0 0.0.0.255 any
 deny   ip 172.16.5.0 0.0.0.255 172.16.11.0 0.0.0.255
 permit ip 172.16.5.0 0.0.0.255 any
ip access-list extended LIST_WAN
 deny   ip 172.16.5.0 0.0.0.255 any
 deny   ip 172.16.6.0 0.0.0.255 172.16.11.0 0.0.0.255
 permit ip 172.16.6.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
route-map NAT_CELL permit 10
 match ip address LIST_CELL
 match interface Cellular0
!
route-map NAT_WAN permit 10
 match ip address LIST_WAN
 set ip next-hop dynamic dhcp
 set interface GigabitEthernet0
!
!
snmp-server community hm RO
snmp-server enable traps wpan
!
!
!
control-plane
!
!
!
line con 0
 stopbits 1
line 1 2
 stopbits 1
line 3
 script dialer lte
 modem InOut
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 4
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 8
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 1/3 1/6
 transport preferred none
 transport output none
 stopbits 1
line vty 0 4
 password 7 
 transport input ssh
!
no scheduler max-task-time
no iox hdm-enable
iox client enable interface GigabitEthernet5
no iox recovery-enable
!
!
!
!
!
!
!
end