-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcsr1kv_2nd_config_template.txt
100 lines (84 loc) · 2.44 KB
/
csr1kv_2nd_config_template.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
crypto isakmp policy 200
encryption aes 128
authentication pre-share
group 2
lifetime 28800
hash sha
exit
crypto keyring keyring-vpn-3
local-address gig1
pre-shared-key address tun1address key awsamazon
exit
crypto isakmp profile isakmp-vpn-3
local-address gig 1
match identity address tun1address
keyring keyring-vpn-3
exit
crypto ipsec transform-set ipsec-prop-vpn-3 esp-aes 128 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile ipsec-vpn-3
set pfs group2
set security-association lifetime seconds 3600
set transform-set ipsec-prop-vpn-3
exit
crypto ipsec df-bit clear
crypto isakmp keepalive 10 10 on-demand
crypto ipsec security-association replay window-size 128
crypto ipsec fragmentation before-encryption
interface Tunnel3
ip address 169.254.12.2 255.255.255.252
ip virtual-reassembly
tunnel source gig1
tunnel destination tun1address
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec-vpn-3
ip tcp adjust-mss 1379
no shutdown
exit
router bgp 65001
neighbor 169.254.12.1 remote-as 65000
neighbor 169.254.12.1 activate
neighbor 169.254.12.1 timers 10 30 30
address-family ipv4 unicast
neighbor 169.254.12.1 remote-as 65000
neighbor 169.254.12.1 timers 10 30 30
neighbor 169.254.12.1 activate
neighbor 169.254.12.1 soft-reconfiguration inbound
crypto keyring keyring-vpn-4
local-address gig1
pre-shared-key address tun2address key awsamazon
exit
crypto isakmp profile isakmp-vpn-4
local-address gig 1
match identity address tun2address
keyring keyring-vpn-4
exit
crypto ipsec transform-set ipsec-prop-vpn-4 esp-aes 128 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile ipsec-vpn-4
set pfs group2
set security-association lifetime seconds 3600
set transform-set ipsec-prop-vpn-4
exit
interface Tunnel4
ip address 169.254.13.2 255.255.255.252
ip virtual-reassembly
tunnel source gig1
tunnel destination tun2address
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsec-vpn-4
ip tcp adjust-mss 1379
no shutdown
exit
router bgp 65001
neighbor 169.254.13.1 remote-as 65000
neighbor 169.254.13.1 activate
neighbor 169.254.13.1 timers 10 30 30
address-family ipv4 unicast
neighbor 169.254.13.1 remote-as 65000
neighbor 169.254.13.1 timers 10 30 30
neighbor 169.254.13.1 activate
neighbor 169.254.13.1 soft-reconfiguration inbound
exit