Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- csr-flex#sh run
- aaa new-model
- aaa authentication login default local
- aaa authorization exec default local
- aaa authorization network default local
- ip domain name sclab.space
- username cisco privilege 15 password 0 cisco
- crypto ikev2 authorization policy default
- pool FlexSpokes
- netmask 255.255.255.0
- route set interface
- !
- crypto ikev2 keyring FlexKeys
- peer Spokes
- identity email domain sclab.space
- pre-shared-key csr-flex
- !
- crypto ikev2 profile Flex_IKEv2
- match fvrf any
- match identity remote email domain sclab.space
- identity local fqdn hub.sclab.space
- authentication remote pre-share
- authentication local pre-share
- keyring local FlexKeys
- dpd 300 10 on-demand
- aaa authorization group psk list default default
- virtual-template 100
- !
- !
- crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
- mode tunnel
- crypto ipsec profile default
- set security-association lifetime kilobytes disable
- set transform-set AES-SHA
- set ikev2-profile Flex_IKEv2
- !
- !
- interface Loopback101
- ip address 172.30.0.254 255.255.255.0
- !
- interface GigabitEthernet5
- description -- To strongswan box --
- ip address 172.16.63.63 255.255.255.0
- !
- interface GigabitEthernet6
- description -- to the externale network --
- ip address 192.168.77.1 255.255.255.0
- !
- interface Virtual-Template100 type tunnel
- ip unnumbered Loopback101
- tunnel source GigabitEthernet5
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile default
- !
- ip local pool FlexSpokes 172.30.0.1 172.30.0.199
- -- Routing done by BGP not shown but working --
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
