crypto ikev2 proposal ikev2-proposal
 encryption aes-cbc-256 aes-cbc-192 aes-cbc-128
 integrity sha1 sha256 sha384 sha512
 group 14 15 16 24
!
crypto ikev2 policy ikev2-policy
 proposal ikev2-proposal
!
crypto ikev2 keyring cisco-ikev2-keyring
 peer dmvpn-node
  description symmetric pre-shared key for the hub/spoke
  address 0.0.0.0 0.0.0.0
  pre-shared-key ***************************
 !
!
!
crypto ikev2 profile cisco-ikev2-profile-98
 match address local 97.65.11.154
 match identity remote address 0.0.0.0
 authentication remote pre-share key ***************************
 authentication local pre-share key ***************************
!
!
!
!

crypto ipsec transform-set strong-aes esp-aes 256 esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile cisco-ipsec-ikev2-98
 set transform-set strong-aes
 set ikev2-profile cisco-ikev2-profile-98
!
!
!
!
!
!
!
!
!
!
interface Tunnel98
 description << GRE Multipoint >>
 bandwidth 100000
 ip flow monitor flowmon input
 ip address 10.0.98.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication ********
 ip nhrp network-id 98
 ip nhrp redirect
 ip tcp adjust-mss 1360
 qos pre-classify
 bfd interval 999 min_rx 999 multiplier 3
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel protection ipsec profile cisco-ipsec-ikev2-98
!
interface GigabitEthernet0/0/0
 description << INSIDE >>
 ip flow monitor flowmon input
 ip address 10.x.x.x 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip pim sparse-dense-mode
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/0/1
 description << OUTSIDE >>
 ip flow monitor flowmon input
 ip address 97.65.11.154 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 media-type rj45
 negotiation auto
!

router eigrp 845
 network 10.0.0.0
 redistribute bgp 1000 metric 10000 10000 255 1 1500
 redistribute eigrp 100
 distance eigrp 90 210
 passive-interface GigabitEthernet0/0/1
 passive-interface Tunnel98
!
!
router eigrp 100
 network 10.0.0.0
 distance 100 10.225.180.0 0.0.0.255
 passive-interface GigabitEthernet0/0/1
 passive-interface GigabitEthernet0/0/0
!
router bgp 1000
 bgp log-neighbor-changes
 bgp listen range 10.0.98.0/24 peer-group SPOKES
 bgp redistribute-internal
 timers bgp 10 30
 neighbor SPOKES peer-group
 neighbor SPOKES remote-as 1000
 neighbor SPOKES fall-over bfd
 neighbor SPOKES default-originate
!