vEdgeBR1# sh runn system host-name vEdgeBR1 system-ip 4.4.4.4 site-id 2000 admin-tech-on-failure no route-consistency-check sp-organization-name sdwan-testlab-gl organization-name sdwan-testlab-gl vbond 192.168.110.31 aaa auth-order local radius tacacs usergroup basic task system read write task interface read write ! usergroup netadmin ! usergroup operator task system read task interface read task policy read task routing read task security read ! user admin password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1 ! ! logging disk enable ! ! ! omp no shutdown graceful-restart advertise connected advertise static ! security ipsec authentication-type sha1-hmac ah-sha1-hmac ! ! sslproxy no enable rsa-key-modulus 2048 certificate-lifetime 730 eckey-type P256 ca-tp-label PROXY-SIGNING-CA settings expired-certificate drop settings untrusted-certificate drop settings unknown-status drop settings unsupported-protocol-versions drop settings unsupported-cipher-suites drop settings failure-mode close settings minimum-tls-ver TLSv1 ! vpn 0 name biz-internet dns 192.168.101.12 secondary dns 192.168.110.15 primary interface ge0/0 ip address 192.168.110.34/24 nat no block-icmp-error respond-to-ping log-translations ! tunnel-interface encapsulation ipsec color public-internet no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun allow-service https ! no shutdown ! interface ge0/1 ip address 172.16.0.2/30 nat respond-to-ping ! tunnel-interface encapsulation ipsec color mpls no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun allow-service https ! no shutdown ! interface ge0/2 no shutdown ! ip route 0.0.0.0/0 172.16.0.1 ip route 0.0.0.0/0 192.168.110.1 ! vpn 10 interface ge0/2.10 ip address 10.0.10.1/24 mtu 1400 tcp-mss-adjust 1360 no shutdown dhcp-server address-pool 10.0.10.0/24 exclude 10.0.10.1-10.0.10.10 offer-time 600 lease-time 86400 admin-state up options default-gateway 10.0.10.1 dns-servers 192.168.110.15 192.168.101.12 domain-name demo.local ! ! ! interface ge0/2.20 ip address 10.0.20.1/24 mtu 1400 tcp-mss-adjust 1360 no shutdown dhcp-server address-pool 10.0.20.0/24 exclude 10.0.20.1-10.0.20.10 offer-time 600 lease-time 86400 admin-state up options default-gateway 10.0.20.1 dns-servers 192.168.110.15 192.168.101.12 domain-name demo.local ! ! ! ip route 0.0.0.0/0 vpn 0 omp advertise connected advertise static ! ! vpn 512 interface eth0 ip dhcp-client no shutdown ! !