Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ip-10-11-27-119#sho conf
- Using 2575 out of 33554432 bytes
- !
- ! Last configuration change at 23:32:48 UTC Tue Jul 7 2015 by ec2-user
- !
- version 15.5
- service timestamps debug datetime msec
- service timestamps log datetime msec
- no platform punt-keepalive disable-kernel-core
- platform console virtual
- !
- hostname ip-10-11-27-119
- !
- boot-start-marker
- boot-end-marker
- !
- !
- !
- no aaa new-model
- subscriber templating
- !
- multilink bundle-name authenticated
- !
- !
- crypto pki trustpoint TP-self-signed-3206891870
- enrollment selfsigned
- subject-name cn=IOS-Self-Signed-Certificate-3206891870
- revocation-check none
- rsakeypair TP-self-signed-3206891870
- !
- !
- crypto pki certificate chain TP-self-signed-3206891870
- certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
- license udi pid CSR1000V sn 9MOG03EMB3Q
- spanning-tree extend system-id
- !
- username ec2-user privilege 15 secret 5 $1$7TWv$VIbeAC1UrzPLeISEG8IMq.
- !
- redundancy
- !
- crypto ikev2 proposal ikev2proposal
- encryption aes-cbc-256
- integrity sha1
- group 2
- !
- crypto ikev2 policy ikev2policy
- match fvrf any
- proposal ikev2proposal
- crypto ikev2 keyring keys
- peer strongswan
- address 54.187.159.46
- pre-shared-key local test
- pre-shared-key remote test
- !
- !
- !
- crypto ikev2 profile ikev2profile
- match identity remote address 54.187.159.46 255.255.255.255
- authentication remote pre-share
- authentication local pre-share
- keyring local keys
- !
- !
- !
- !
- ip ssh rsa keypair-name ssh-key
- ip ssh version 2
- ip ssh pubkey-chain
- username ec2-user
- key-hash ssh-rsa CCE3C94BF98C95D3376584DB3FF35FBB cisco-test
- crypto isakmp policy 10
- authentication pre-share
- group 2
- !
- !
- crypto ipsec transform-set TS esp-aes esp-sha-hmac
- mode tunnel
- !
- !
- !
- crypto map cmap 10 ipsec-isakmp
- set peer 54.187.159.46
- set transform-set TS
- set ikev2-profile ikev2profile
- match address cryptoacl
- interface GigabitEthernet1
- ip address dhcp
- ip nat outside
- negotiation auto
- crypto map cmap
- !
- interface GigabitEthernet2
- ip address 10.11.28.119 255.255.255.0
- ip nat inside
- negotiation auto
- !
- !
- virtual-service csr_mgmt
- ip shared host-interface GigabitEthernet1
- activate
- !
- ip nat inside source list NATList interface GigabitEthernet1 overload
- ip forward-protocol nd
- no ip http server
- ip http secure-server
- !
- ip access-list extended NATList
- deny ip 10.11.28.0 0.0.0.255 10.11.27.0 0.0.0.240 log
- permit ip 10.11.28.0 0.0.0.192 any log
- ip access-list extended cryptoacl
- permit ip host 10.11.28.119 host 10.11.27.5
- !
- logging trap debugging
- !
- !
- !
- control-plane
- !
- !
- line con 0
- stopbits 1
- line vty 0 4
- login local
- transport input ssh
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement