RepCZ-LR01#sh run
Building configuration...
Current configuration : 6355 bytes
!
! Last configuration change at 08:13:16 UTC Thu Jul 13 2017 by cisco
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RepCZ-LR01
!
boot-start-marker
boot-end-marker
!
!
vrf definition ITW
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
!
aaa new-model
aaa local authentication attempts max-fail 3
!
!
aaa authentication login default local
aaa authorization exec default local if-authenticated
!
!
!
!
!
aaa session-id common
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name xxxx
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
ip tftp source-interface Loopback0
ip ssh version 2
ip scp server enable
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 16
!
crypto isakmp policy 21
encr aes 256
authentication pre-share
group 5
crypto isakmp key yyyy address 10.11.1.5
crypto isakmp key xxxx address 52.202.207.191
!
!
crypto ipsec transform-set infor_tset esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec df-bit clear
!
!
crypto gdoi group V4GROUP-0001
identity number 10001
server address ipv4 10.11.1.5
client registration interface Loopback0
!
!
crypto map EDI1_MAP 21 ipsec-isakmp
set peer 52.202.207.191
set security-association lifetime seconds 28800
set transform-set infor_tset
match address InforPROD_Endpoint_List
!
crypto map MAP-V4-0001 10 gdoi
set group V4GROUP-0001
!
!
!
!
!
interface Loopback0
ip address 10.11.3.106 255.255.255.255
!
interface Loopback1
vrf forwarding ITW
ip address 10.11.3.108 255.255.255.255
!
interface LISP0
!
interface LISP0.1
ip mtu 1456
ip tcp adjust-mss 1380
crypto map MAP-V4-0001
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.898
description ***Interface ISP2***
encapsulation dot1Q 898
ip address 78.110.209.130 255.255.255.248
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/0.899
description ***Interface_ISP1***
encapsulation dot1Q 899
ip address 213.168.177.231 255.255.255.240
ip nat outside
ip virtual-reassembly in
crypto map EDI1_MAP
!
interface Ethernet0/1
no ip address
!
interface Ethernet0/1.894
description ***Inside Interface LISP Router to Outside Interface FW01***
encapsulation dot1Q 894
vrf forwarding ITW
ip address 10.11.3.10 255.255.255.248
!
interface Ethernet0/1.895
description ***Inside Interface LISP Router to Outside Interface FW01***
encapsulation dot1Q 895
ip address 10.11.3.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
!
router lisp
locator-set 3-Repov
IPv4-interface Ethernet0/0.899 priority 1 weight 1
auto-discover-rlocs
exit
!
eid-table default instance-id 0
database-mapping 10.11.3.0/29 locator-set 3-Repov
database-mapping 10.11.3.8/29 locator-set 3-Repov
database-mapping 10.11.3.40/29 locator-set 3-Repov
database-mapping 10.11.3.106/32 locator-set 3-Repov
exit
!
eid-table vrf ITW instance-id 1
database-mapping 10.11.3.8/29 locator-set 3-Repov
database-mapping 10.11.3.32/29 locator-set 3-Repov
database-mapping 10.11.3.108/32 locator-set 3-Repov
database-mapping 10.213.15.0/24 locator-set 3-Repov
database-mapping 10.219.4.12/32 locator-set 3-Repov
database-mapping 140.171.6.128/27 locator-set 3-Repov
database-mapping 140.171.143.0/25 locator-set 3-Repov
database-mapping 140.171.186.0/24 locator-set 3-Repov
exit
!
loc-reach-algorithm rloc-probing
ipv4 itr map-resolver 185.119.33.180
ipv4 itr
ipv4 etr map-server 185.119.33.180 key zzzz
ipv4 etr
exit
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map ISP1 interface Ethernet0/0.899 overload
ip nat outside source static 10.10.103.1 10.213.15.1
ip route 0.0.0.0 0.0.0.0 213.168.177.225
ip route 0.0.0.0 0.0.0.0 78.110.209.129 2
ip route 10.11.3.40 255.255.255.248 10.11.3.3
ip route 10.213.15.0 255.255.255.0 10.11.3.3
ip route 140.171.6.128 255.255.255.224 10.11.3.3
ip route 140.171.143.0 255.255.255.128 10.11.3.3
ip route 140.171.186.0 255.255.255.0 10.11.3.3
ip route vrf ITW 10.11.3.32 255.255.255.248 10.11.3.12
ip route vrf ITW 10.213.15.0 255.255.255.0 10.11.3.12
ip route vrf ITW 10.219.4.12 255.255.255.255 10.11.3.12
ip route vrf ITW 140.171.6.128 255.255.255.224 10.11.3.12
ip route vrf ITW 140.171.143.0 255.255.255.128 10.11.3.12
ip route vrf ITW 140.171.186.0 255.255.255.0 10.11.3.12
!
ip access-list extended InforPROD_Endpoint_List
permit ip 10.213.0.0 0.0.255.255 10.20.0.0 0.0.255.255
permit ip 10.10.103.0 0.0.0.255 10.20.0.0 0.0.255.255
ip access-list extended nonat_ITW_EDI_CRYPTO
deny ip any host 10.20.10.32
deny ip any host 10.10.103.1
permit ip 10.0.0.0 0.255.255.255 any
permit ip 10.213.15.0 0.0.0.255 any
!
logging source-interface Loopback1 vrf ITW
logging host 140.171.149.235 vrf ITW
!
route-map ISP2 permit 10
match ip address 10
!
route-map ISP1 permit 10
match ip address nonat_ITW_EDI_CRYPTO
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
transport input none
!
!
end
RepCZ-LR01#
Infor#sh run
Building configuration...
Current configuration : 2477 bytes
!
! Last configuration change at 08:08:58 UTC Thu Jul 13 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Infor
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 5
crypto isakmp key xxxxx address 213.168.177.231
!
!
crypto ipsec transform-set infor_tset esp-aes 256 esp-sha-hmac
mode tunnel
!
!
!
crypto map EDI1_MAP 21 ipsec-isakmp
set peer 213.168.177.231
set security-association lifetime seconds 28800
set transform-set infor_tset
match address InforPROD_Endpoint_List
!
!
!
!
!
interface Loopback0
ip address 10.20.10.32 255.255.255.0
!
interface Ethernet0/1
ip address 52.202.207.191 255.255.255.0
crypto map EDI1_MAP
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 52.202.207.1
!
ip access-list extended InforPROD_Endpoint_List
permit ip 10.20.0.0 0.0.255.255 10.213.0.0 0.0.255.255
permit ip 10.20.0.0 0.0.255.255 10.10.103.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
!
end
Infor#
Hope anyone can help me….
Regards,
Lorenz