MPLS Layer 3 (VPRN) Model P, PE and CE Routers ...€¦ · Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, ... peer-to-peer model using Multi Protocol-

[MPLS DOCUMENT VER.2.0 BY WAQAS BUTT CCIE (R&S)] November 16, 2013

MPLS Layer 3 (VPRN) Model P, PE and CE Routers Configuration

Distributed Protocols – BGP/OSPF/EIGRP/RIP/STATIC Routes Definition:

Layer 3 VPN (VPRN), or VPRN (virtual private routed network), utilizes layer 3 VRF (VPN/virtual routing and forwarding) to segment routing tables for each “customer” utilizing the service. The customer peers with the service provider router and the two exchange routes, which are placed into a routing table specific to the customer. Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, which increases complexity of design and implementation. L3 VPNs are typically not deployed on utility networks due to their complexity; however a L3 VPN could be used to route traffic between corporate or datacenter locations. MPLS Layer 3 VPRN - peer-to-peer model using Multi Protocol- Border Gateway Protocol (iBGP) to redistribute VPN(VRF) information and transport using (eBGP), Customers use various transport protocols to establish connectivity to their respective Branch offices.

Scenario: Summary Details of Configurations lies within this document:

All “P” Routers exchange routes using OSPF inter area (Backbone Area).

All “PE” Routers exchange internal routes using OSPF inter area, moreover using “IBGP” to exchange vpnv4 community routes.

All “CE” Routers exchange routes (unicast traffic) using “eBGP” protocol ipv4 configuration within “PE” Routers.

All “CE” Routers will be considered as VRF Customers and connected to MPLS VPN Super Backbone.

All routes will be isolated for VRF traffic within PE Routers.

Few Commands to verify configurations on “PE” Routers:

show ip bgp vpnv4 all

show vrf

show ip bgp ipv4 unicast summary

show ip route vrf “Customer3_Site1”

show mpls ldp neighbor

show mpls ldp bindings detail


PE1#show ip bgp vpnv4 all BGP table version is 17, local router ID is 4.4.4.4 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf Customer1_Site1) *> 101.101.101.0/24 172.10.10.1 65 32768 ? *>i102.102.102.0/24 6.6.6.6 65 100 0 ? *> 172.10.10.0/30 0.0.0.0 0 32768 ? *>i172.10.20.0/30 6.6.6.6 0 100 0 ? Route Distinguisher: 300:1 (default for vrf Customer3_Site1) *>i38.38.38.0/24 9.9.9.9 2297856 100 0 ? *> 108.108.108.0/24 172.10.50.1 2297856 32768 ? *> 172.10.50.0/30 0.0.0.0 0 32768 ? *>i172.10.60.0/30 9.9.9.9 0 100 0 ? PE1#show vrf Name Default RD Protocols Interfaces Customer1_Site1 100:1 ipv4 Se5/0 Customer3_Site1 300:1 ipv4 Se5/1 PE1#show ip route vrf Customer1_Site1 Routing Table: Customer1_Site1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 102.0.0.0/24 is subnetted, 1 subnets B 102.102.102.0 [200/65] via 6.6.6.6, 00:06:14 101.0.0.0/24 is subnetted, 1 subnets O 101.101.101.0 [110/65] via 172.10.10.1, 00:07:46, Serial5/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.10.0 is directly connected, Serial5/0 B 172.10.20.0 [200/0] via 6.6.6.6, 00:06:29


PE1#show mpls ldp neighbor Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 4.4.4.4:0 TCP connection: 1.1.1.1.646 - 4.4.4.4.61215 State: Oper; Msgs sent/rcvd: 290/289; Downstream Up time: 03:50:17 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.10.30.2 Addresses bound to peer LDP Ident: 10.10.10.1 1.1.1.1 10.10.30.2 10.10.40.2 10.10.90.1 10.10.104.1 Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.4.4:0 TCP connection: 3.3.3.3.646 - 4.4.4.4.55394 State: Oper; Msgs sent/rcvd: 290/286; Downstream Up time: 03:50:06 LDP discovery sources: GigabitEthernet2/0, Src IP addr: 10.10.103.2 Addresses bound to peer LDP Ident: 10.10.20.1 3.3.3.3 10.10.70.2 10.10.80.2 10.10.102.1 10.10.103.2 PE1#show ip bgp ipv4 unicast summary BGP router identifier 4.4.4.4, local AS number 1 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 5.5.5.5 4 1 231 239 1 0 0 03:50:58 0 6.6.6.6 4 1 234 238 1 0 0 03:50:56 0 7.7.7.7 4 1 230 238 1 0 0 03:50:17 0 8.8.8.8 4 1 230 238 1 0 0 03:50:06 0 9.9.9.9 4 1 233 238 1 0 0 03:50:07 0


Details: P1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.10.1 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.30.2 YES NVRAM up up GigabitEthernet3/0 10.10.40.2 YES NVRAM up up GigabitEthernet4/0 10.10.90.1 YES NVRAM up up GigabitEthernet5/0 10.10.104.1 YES NVRAM up up SSLVPN-VIF0 unassigned NO unset up up Loopback0 1.1.1.1 YES NVRAM up up

P1#show running-config Building configuration... Current configuration : 4388 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$Fu1r$YKF4ryo0r8QHyAl9tJUi71 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !


! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 30303236 33385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AA3D E4DA5C63 895E1438 B234C5D6 9ECA09EE EBC957C0 E9F0C900 E5E0797A F2B84A57 B1FE9846 62724507 38FECF54 88560D70 9C0BA6B5 2B8DB19A 185776C7 CA86C14A A34FBC24 89DCFA72 516BE1C9 4A7A23E2 A99F9CEB 1F54BC76 0E56BA4F 97DCBD27 A0E2D6F4 838707AE 76D29620 30D9FD81 64FEF88B E9E6A8E5 1DF3D296 D40F0203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02503130 1F060355 1D230418 30168014 2DB1D334 210C77CA 4FCEE1C2 89DE7A82 50831A59 301D0603 551D0E04 1604142D B1D33421 0C77CA4F CEE1C289 DE7A8250 831A5930 0D06092A 864886F7 0D010104 05000381 81006F3D EC500573 39A9DC4D C1050DB3 7FD09EC9 8E01E7E6 C7E35F9E DAE15617 7CB29679 212B6521 A0661FCD CFC3C989 030C60D3 F76F402F 3E6256FC 0ADDA15E D11B693A 7862726E 8FE09AAF 6079DB2C B3C3E4F7 995CC5A1 9F0BF423 0F765E27 0595D2E3 DB9389B5 F9A52068 94168552 7E48BC4B BD17CF4D CB83CCBC 2F12467E 3FCB quit username waqas privilege 15 secret 5 $1$7F2.$SK64hyy8pLlLk0zfUVzAH0 archive log config hidekeys ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0


no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.10.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface GigabitEthernet2/0 description Connected to PE1 ip address 10.10.30.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE2 ip address 10.10.40.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE3 ip address 10.10.90.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE6-Backup Link ip address 10.10.104.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco


ip ospf network point-to-point negotiation auto mpls ip ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 1.1.1.0 0.0.0.255 area 0 network 10.10.10.0 0.0.0.255 area 0 network 10.10.30.0 0.0.0.255 area 0 network 10.10.40.0 0.0.0.255 area 0 network 10.10.90.0 0.0.0.255 area 0 network 10.10.104.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end P1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route


o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/3] via 10.10.104.2, 03:28:28, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/2] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/2] via 10.10.40.1, 03:29:27, GigabitEthernet3/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/2] via 10.10.90.2, 03:29:27, GigabitEthernet4/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/3] via 10.10.10.2, 03:28:49, GigabitEthernet0/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/3] via 10.10.10.2, 03:28:39, GigabitEthernet0/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/2] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 10.0.0.0/30 is subnetted, 14 subnets C 10.10.10.0 is directly connected, GigabitEthernet0/0 O 10.10.20.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 C 10.10.30.0 is directly connected, GigabitEthernet2/0 C 10.10.40.0 is directly connected, GigabitEthernet3/0 O 10.10.50.0 [110/2] via 10.10.90.2, 03:29:27, GigabitEthernet4/0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.60.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.70.0 [110/3] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:37, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:28:29, GigabitEthernet0/0 O 10.10.80.0 [110/2] via 10.10.104.2, 03:28:29, GigabitEthernet5/0 C 10.10.90.0 is directly connected, GigabitEthernet4/0 O 10.10.100.0 [110/2] via 10.10.40.1, 03:29:27, GigabitEthernet3/0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.101.0 [110/2] via 10.10.10.2, 03:29:37, GigabitEthernet0/0 O 10.10.102.0 [110/3] via 10.10.104.2, 03:28:30, GigabitEthernet5/0 [110/3] via 10.10.30.1, 03:29:39, GigabitEthernet2/0 [110/3] via 10.10.10.2, 03:28:30, GigabitEthernet0/0 O 10.10.103.0 [110/2] via 10.10.30.1, 03:29:39, GigabitEthernet2/0 C 10.10.104.0 is directly connected, GigabitEthernet5/0 P1#


Details: P2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.10.2 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.20.2 YES NVRAM up up GigabitEthernet3/0 10.10.50.2 YES NVRAM up up GigabitEthernet4/0 10.10.60.2 YES NVRAM up up GigabitEthernet5/0 10.10.101.1 YES NVRAM up up GigabitEthernet6/0 10.10.100.1 YES NVRAM up up SSLVPN-VIF0 unassigned NO unset up up Loopback0 2.2.2.2 YES NVRAM up up

P2#show running-config Building configuration... Current configuration : 4613 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$R5V7$Cu6bO11GXhS.Yt2iox81X/ ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !


! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 30303236 33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D756 E3FD5872 4C9DD872 A94AF5E8 01BF3DD8 35D059B5 A400F053 8B02A4A3 CC41E533 AFC11737 8A954340 45422AF7 A3798A9D 75435C5C 28A0D965 F709C24B ED63EC0A 9818F8D8 E992FA6D 6A450586 2FED9C7E 57EC7124 5AD0DB27 B924EE87 83AC632A 58088332 D3CB79A0 C0E9BB4A A26C5CDB 369C705D A196BAF6 B174E667 53710203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02503230 1F060355 1D230418 30168014 0A397C90 4584993B 9726A89F 6C1256C9 51992BEC 301D0603 551D0E04 1604140A 397C9045 84993B97 26A89F6C 1256C951 992BEC30 0D06092A 864886F7 0D010104 05000381 810097AB 17829B85 88F4C602 FED60322 CDE24BBC 823B2E9E 7C4D8978 A5C14768 A4BCC319 07501EBB 6A526B1E DBA0CF42 7801EDA9 B6F87418 3E31A0E2 8B52525E 713879C0 A677C542 A5E16130 730BB070 CAD7F8E8 483A83DC 5C59E8A6 D1560F88 171E07B1 C4A72632 B5EDE7E7 D5D9C109 03E83AFB 2C412714 EF51BE90 D5FDED7A 2D3A quit username waqas privilege 15 secret 5 $1$Wpg/$9Re3SAUzgjsR7RPEs0FRT1 archive log config hidekeys ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address


shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P1 ip address 10.10.10.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface GigabitEthernet2/0 description Connected to P3 ip address 10.10.20.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE3 ip address 10.10.50.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE4 ip address 10.10.60.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE5 ip address 10.10.101.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point


negotiation auto mpls ip ! interface GigabitEthernet6/0 description Connected to PE2 ip address 10.10.100.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 2.2.2.0 0.0.0.255 area 0 network 10.10.10.0 0.0.0.255 area 0 network 10.10.20.0 0.0.0.255 area 0 network 10.10.50.0 0.0.0.255 area 0 network 10.10.60.0 0.0.0.255 area 0 network 10.10.100.0 0.0.0.255 area 0 network 10.10.101.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end


P2# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets O 1.1.1.0 [110/2] via 10.10.10.1, 03:31:12, GigabitEthernet0/0 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/2] via 10.10.20.1, 03:31:12, GigabitEthernet2/0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/3] via 10.10.20.1, 03:31:12, GigabitEthernet2/0 [110/3] via 10.10.10.1, 03:31:12, GigabitEthernet0/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/2] via 10.10.100.2, 03:31:12, GigabitEthernet6/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/2] via 10.10.50.1, 03:31:02, GigabitEthernet3/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/2] via 10.10.60.1, 03:30:26, GigabitEthernet4/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/2] via 10.10.101.2, 03:30:16, GigabitEthernet5/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/3] via 10.10.20.1, 03:30:16, GigabitEthernet2/0 [110/3] via 10.10.10.1, 03:30:06, GigabitEthernet0/0 10.0.0.0/30 is subnetted, 14 subnets C 10.10.10.0 is directly connected, GigabitEthernet0/0 C 10.10.20.0 is directly connected, GigabitEthernet2/0 O 10.10.30.0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 O 10.10.40.0 [110/2] via 10.10.100.2, 03:31:13, GigabitEthernet6/0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 C 10.10.50.0 is directly connected, GigabitEthernet3/0 C 10.10.60.0 is directly connected, GigabitEthernet4/0 O 10.10.70.0 [110/2] via 10.10.101.2, 03:30:16, GigabitEthernet5/0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0 O 10.10.80.0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0 O 10.10.90.0 [110/2] via 10.10.50.1, 03:31:03, GigabitEthernet3/0 [110/2] via 10.10.10.1, 03:31:13, GigabitEthernet0/0 C 10.10.100.0 is directly connected, GigabitEthernet6/0 C 10.10.101.0 is directly connected, GigabitEthernet5/0 O 10.10.102.0 [110/2] via 10.10.60.1, 03:30:26, GigabitEthernet4/0 [110/2] via 10.10.20.1, 03:31:13, GigabitEthernet2/0


O 10.10.103.0 [110/2] via 10.10.20.1, 03:31:14, GigabitEthernet2/0 O 10.10.104.0 [110/2] via 10.10.10.1, 03:31:14, GigabitEthernet0/0 P2#

Details: P3 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.20.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.70.2 YES NVRAM up up GigabitEthernet3/0 10.10.80.2 YES NVRAM up up GigabitEthernet4/0 10.10.102.1 YES NVRAM up up GigabitEthernet5/0 10.10.103.2 YES NVRAM up up GigabitEthernet6/0 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 3.3.3.3 YES NVRAM up up

P3#show running-config Building configuration... Current configuration : 4546 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname P3 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$ByfJ$V8hy8JTK.MgR5t3noFnx91 ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated


aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 30303236 34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81008A3D 25302AFF 4E69FF50 CC6E31EC F631A10E 621BA905 21DEA7B4 34A715C6 C26828E9 9B4B2A76 47340E46 D5713899 D4C656C4 751209AA E24A5C25 C3FCAC56 2611E9F0 D6678821 7E0D513C 86DDFDFF 081AD4E0 324422BA BCAE894D B14798E8 BAB64ACC 2B899786 787B874D 97ADD691 ED4E1AF4 3FFF150B 238CD1AB D0F9C1A4 1C7D0203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603 551D1104 06300482 02503330 1F060355 1D230418 30168014 6586DCBB B6B75F9D C1087C19 213D7D43 D6F47CA2 301D0603 551D0E04 16041465 86DCBBB6 B75F9DC1 087C1921 3D7D43D6 F47CA230 0D06092A 864886F7 0D010104 05000381 8100272A C95197CD 369EE2F1 7095025C FE055675 F61FA3DE 3F8816A9 C20B7C94 ED5B1DDD 4934140D 4EDBA1F5 B9519E11 13A0B37F 887D20C1 BD2110D6 901F5171 E51B172D 7BF5A651 902D7FDB 95D5FFB3 2BD5422E 9AAE87EB 66085E38 59D62A33 3616F562 37BA8FA9 6FC49E03 F1DD1005 F29DA1ED 34117299 3540513D E606BB57 43F6 quit username waqas privilege 15 secret 5 $1$38UC$Hl2UM1JTgvkVqFVEXIAKZ1 archive log config hidekeys ! interface Loopback0 ip address 3.3.3.3 255.255.255.0 ip ospf network point-to-point


! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.20.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to PE5 ip address 10.10.70.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 description Connected to PE6 ip address 10.10.80.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet4/0 description Connected to PE4 ip address 10.10.102.1 255.255.255.252


ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet5/0 description Connected to PE1-Backup Link ip address 10.10.103.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet6/0 no ip address shutdown negotiation auto ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 3.3.3.0 0.0.0.255 area 0 network 10.10.20.0 0.0.0.255 area 0 network 10.10.70.0 0.0.0.255 area 0 network 10.10.80.0 0.0.0.255 area 0 network 10.10.102.0 0.0.0.255 area 0 network 10.10.103.0 0.0.0.255 area 0 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0


stopbits 1 line vty 0 4 ! End P3# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets O 1.1.1.0 [110/3] via 10.10.103.1, 03:31:56, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:51, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 2.0.0.0/24 is subnetted, 1 subnets O 2.2.2.0 [110/2] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 3.0.0.0/24 is subnetted, 1 subnets C 3.3.3.0 is directly connected, Loopback0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/2] via 10.10.103.1, 03:31:56, GigabitEthernet5/0 5.0.0.0/24 is subnetted, 1 subnets O 5.5.5.0 [110/3] via 10.10.20.2, 03:31:56, GigabitEthernet0/0 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/3] via 10.10.20.2, 03:31:47, GigabitEthernet0/0 7.0.0.0/24 is subnetted, 1 subnets O 7.7.7.0 [110/2] via 10.10.102.2, 03:31:12, GigabitEthernet4/0 8.0.0.0/24 is subnetted, 1 subnets O 8.8.8.0 [110/2] via 10.10.70.1, 03:31:02, GigabitEthernet2/0 9.0.0.0/24 is subnetted, 1 subnets O 9.9.9.0 [110/2] via 10.10.80.1, 03:31:02, GigabitEthernet3/0 10.0.0.0/30 is subnetted, 14 subnets O 10.10.10.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.20.0 is directly connected, GigabitEthernet0/0 O 10.10.30.0 [110/2] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 O 10.10.40.0 [110/3] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:52, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:30:52, GigabitEthernet0/0 O 10.10.50.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 O 10.10.60.0 [110/2] via 10.10.102.2, 03:31:12, GigabitEthernet4/0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.70.0 is directly connected, GigabitEthernet2/0 C 10.10.80.0 is directly connected, GigabitEthernet3/0


O 10.10.90.0 [110/3] via 10.10.103.1, 03:31:57, GigabitEthernet5/0 [110/3] via 10.10.80.1, 03:30:52, GigabitEthernet3/0 [110/3] via 10.10.20.2, 03:30:52, GigabitEthernet0/0 O 10.10.100.0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 O 10.10.101.0 [110/2] via 10.10.70.1, 03:31:02, GigabitEthernet2/0 [110/2] via 10.10.20.2, 03:31:57, GigabitEthernet0/0 C 10.10.102.0 is directly connected, GigabitEthernet4/0 C 10.10.103.0 is directly connected, GigabitEthernet5/0 O 10.10.104.0 [110/2] via 10.10.80.1, 03:31:02, GigabitEthernet3/0 P3#

Details: PE1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.30.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.103.1 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.10.2 YES NVRAM up down Serial5/1 172.10.50.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 4.4.4.4 YES NVRAM up up

PE1#show running-config Building configuration... Current configuration : 6243 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE1 ! boot-start-marker boot-end-marker !


logging message-counter syslog enable secret 5 $1$HJLI$n9c9aM5clZRy6XDRX0TgC. ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup ip vrf Customer1_Site1 rd 100:1 route-target export 1:100 route-target import 1:100 ! ip vrf Customer3_Site1 rd 300:1 route-target export 1:300 route-target import 1:300 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333434 33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009734 E9ECD5C8 6FC982A2 330598E1 01F001F5 D345CE59 27D2BF2C 1469750E 3875BCBE 066B37ED DD8F8279 A995566F 0482708B FA4F25D5 8794756F E5C4C987 8FC3CF09 02C24B07 ECA191CF 5AEB2675 1A6CEEF3 B13266D2 6EA8BA13 C2B0CD32


37C7ABBF 96FF0413 0F68BE55 D77CCBDF 6356E6F0 E368409B 85AA1582 D284A3F0 0B4D0203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504531 301F0603 551D2304 18301680 141BDF76 6B5AADE4 7E84D5BE 092D1AB2 BA74A8D0 64301D06 03551D0E 04160414 1BDF766B 5AADE47E 84D5BE09 2D1AB2BA 74A8D064 300D0609 2A864886 F70D0101 04050003 8181005C AC5345D6 AD8B14B2 7484CFE8 55BDACA4 EC05D669 AB1E54AC C28057DE 0A3FE5B6 C6952086 1F106364 681B86C0 CC22C8CA DAA98C2B 16261869 DDEA696A 7ED8EB87 FC4A231A 29D782BC DDAC3D3F E91A7D7E 26DDA1A9 1958D2C5 09C35831 3E89F570 2B5B06A1 91FD4D57 D0B2F25C 9EE51F65 B7264983 93D52834 A8FC2593 480EC9 quit username waqas privilege 15 secret 5 $1$020K$9bcv1bB.92N7BLb3/CDSg1 archive log config hidekeys ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 4.4.4.4 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P1 ip address 10.10.30.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address


shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P3-Backup-Link ip address 10.10.103.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer1_Site1 ip vrf forwarding Customer1_Site1 ip address 172.10.10.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer3_Site1 ip vrf forwarding Customer3_Site1 ip address 172.10.50.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown


serial restart-delay 0 ! router eigrp 100 auto-summary ! address-family ipv4 vrf Customer3_Site1 redistribute bgp 1 metric 10000 300 255 200 1500 network 108.0.0.0 network 172.10.0.0 no auto-summary autonomous-system 100 exit-address-family ! router ospf 100 vrf Customer1_Site1 log-adjacency-changes redistribute bgp 1 metric-type 1 subnets network 101.101.101.0 0.0.0.255 area 1 network 172.10.10.0 0.0.0.255 area 1 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 4.4.4.0 0.0.0.255 area 0 network 10.10.30.0 0.0.0.255 area 0 network 10.10.103.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate


neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer3_Site1 redistribute eigrp 100 no synchronization exit-address-family ! address-family ipv4 vrf Customer1_Site1 redistribute connected redistribute ospf 100 vrf Customer1_Site1 match internal external 1 external 2 no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! end PE1#


Details: PE2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.40.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.100.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.30.2 YES NVRAM up down Serial5/1 unassigned YES NVRAM administratively down down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 5.5.5.5 YES NVRAM up up

PE2#show running-config Building configuration... Current configuration : 5489 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$PAHX$m2dAuLIKSr/Jb.k3114av0 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! !


aaa session-id common ip source-route ip cef ! ! no ip domain lookup ip vrf Customer2_Site1 rd 200:1 route-target export 1:200 route-target import 1:200 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333434 33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CAD6 4462FB24 E1857296 69EC9661 7753F3B1 E5A3E2C2 A39FB89E 5842FF8E D7C0EBD4 4F404FC0 9EA94413 9BFE4400 A3879EAD 87A99E82 10A2362F E4157DF7 5117696E 23E7119E CBF4D215 19D6B924 644A6ED8 29C26DC6 5B812205 9D200587 A9FFB026 C2962C45 46766022 6505F494 967F75E7 2C94942F 2A1D1072 02A00A4C 728D0203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504532 301F0603 551D2304 18301680 14D4C1F1 41078BFC 628D0CFD 5E9EDA6F 61B757E7 50301D06 03551D0E 04160414 D4C1F141 078BFC62 8D0CFD5E 9EDA6F61 B757E750 300D0609 2A864886 F70D0101 04050003 81810024 B87ED5EF BE0F9BD1 1D2C46C0 99CAB4F5 7F346D91 F81C1AA6 635487DF DF06348B F5530ADD 7B4C13FD 8BA8DE92 EF41CC79 FCF74128 122D2D58 DDC1EC44 E0E0279A 3AC9B94D CB54ECB2 E4781FDB 7493EB41 9BEB24A2 A7F1443F A2AB8126 C6D48B8A 8CE6004B 3B4D373C 8BA00D47 00617CAD 770CAA62 ABCF8FE4 9BCE1370 F62981 quit username waqas privilege 15 secret 5 $1$PI3v$q5QbwtIHjoJPIY2dHm3yj0 archive log config


hidekeys ! interface Loopback0 ip address 5.5.5.5 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P1 ip address 10.10.40.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P2 ip address 10.10.100.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0


no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer2_Site1 ip vrf forwarding Customer2_Site1 ip address 172.10.30.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 no ip address shutdown serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 5.5.5.0 0.0.0.255 area 0 network 10.10.40.0 0.0.0.255 area 0 network 10.10.100.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary !


address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer2_Site1 redistribute connected neighbor 172.10.30.1 remote-as 65000 neighbor 172.10.30.1 activate neighbor 172.10.30.1 as-override neighbor 172.10.30.1 advertisement-interval 5 no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE2#



PE3#show running-config Building configuration... Current configuration : 6124 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE3 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$SpQm$7oMjWIsigrdCrhjrwoGIT1 ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! !


aaa session-id common ip source-route ip cef ! no ip domain lookup ip vrf Customer1_Site2 rd 100:1 route-target export 1:100 route-target import 1:100 ! ip vrf Customer5_Site1 rd 500:1 route-target export 1:500 route-target import 1:500 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333434 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D4C3 D8509C70 DA7EDE54 09EB9557 572F3AF6 7DB9181C C9AD278E A64D6068 681C1498 12D15118 761182DF 2FDD2876 13641949 ECDD96E8 71A71957 96723347 BE50794D 7BDAB278 D4D59890 00A1C911 D1EA87D0 A8775514 8C796699 15E6E21B FC4B0AE4 A8E3C33D 292606F6 31BB6476 845E7172 D491C208 2AE46CAF B5B38786 91270203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504533 301F0603 551D2304 18301680 14ED027D B76ACF1B 51D484FF 25D3864B 95D45A84 F8301D06 03551D0E 04160414 ED027DB7 6ACF1B51 D484FF25 D3864B95 D45A84F8 300D0609 2A864886 F70D0101 04050003 81810010 C5827E76 7EF35670 9F6E80C9 3519CB99 8A82927D 9EB455ED EEFB9B71 3A09001B 37B635BC 13F54F7B 4DD7D074 47984574 5B241C83 598CDCC2 E52051F7 D55387FE 3025475B C72E1EC5 C9503D9D 9292E7D6 7DDA9745 F1C4FC95 1EBB79F0 EEB038D1 A9195D90 6BE67F24 01738D98 FEC75CFB 96F132A7 A3CFE96B 7F8E5E43 D880AE quit


username waqas privilege 15 secret 5 $1$zLOm$XHWI/HQ9Ghp9SdU8qdqaL. archive log config hidekeys ! interface Loopback0 ip address 6.6.6.6 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.50.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P1 ip address 10.10.90.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown


negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer1_Site2 ip vrf forwarding Customer1_Site2 ip address 172.10.20.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer5_Site1 ip vrf forwarding Customer5_Site1 ip address 172.10.70.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 vrf Customer1_Site2 log-adjacency-changes redistribute bgp 1 metric-type 1 subnets network 102.102.102.0 0.0.0.255 area 1 network 172.10.20.0 0.0.0.255 area 1 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 6.6.6.0 0.0.0.255 area 0 network 10.10.50.0 0.0.0.255 area 0 network 10.10.90.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router rip version 2 timers basic 20 40 40 80 ! address-family ipv4 vrf Customer5_Site1


redistribute bgp 1 metric transparent network 172.10.0.0 distribute-list 20 in no auto-summary exit-address-family ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer5_Site1 redistribute connected redistribute rip no synchronization exit-address-family ! address-family ipv4 vrf Customer1_Site2 redistribute connected redistribute ospf 100 vrf Customer1_Site2 match internal external 1 external 2 no synchronization exit-address-family ! ip forward-protocol nd ip http server


ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE3#


PE4#show running-config Building configuration... Current configuration : 5969 bytes


! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE4 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$IPqX$YBoudhBEhD4NvQ9McbTZ3/ ! aaa new-model ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup ip vrf Customer2_Site2 rd 200:1 route-target export 1:200 route-target import 1:200 ! ip vrf Customer4_Site1 rd 400:1 route-target export 1:400 route-target import 1:400 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! !


crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333435 32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D440 E499DE11 CB730406 3B52BCEF E987B78C 45E347CD F909ED6C 8591FE4E 29BD08E3 7DFB8E96 5C1002A3 DB27BF5B 4D46ECBB C2AEA2B5 38773EF1 F3808CE7 0DEB6600 FD3043CE 7C193FF9 61BAB571 A7E186E8 B883ABB9 15E80FB6 59BF87FE 2AA99758 CADDBF25 B5D62E7E 5E8F89F4 63F0F812 3FF95CCC C5E124AD 7BA25FF0 66230203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504534 301F0603 551D2304 18301680 14487A9F F5A589F1 F71DC01F A6592CAD EA395A63 91301D06 03551D0E 04160414 487A9FF5 A589F1F7 1DC01FA6 592CADEA 395A6391 300D0609 2A864886 F70D0101 04050003 8181008C 17B2FD6D 90859D63 3E396641 88EA6584 A61AEFC9 CD85A906 DF8435CC 26AB2AC8 216D997F D645B0B3 82F3132B F15CC544 E73B74BD 406B4E85 FACAEB49 6CB63107 1F02EA94 D91A61C0 43E26051 9A2F43DE 693EB719 AF33FD26 5BDEA62E 66C2E09E 412FB8DB 7B3F3A24 393391F0 6868417C 95DE769F EDE4D030 79165817 4760D4 quit username waqas privilege 15 secret 5 $1$AED0$qTIHiZBPrHUN5z5JpnD9n1 archive log config hidekeys ! interface Loopback0 ip address 7.7.7.7 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P2 ip address 10.10.60.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full


speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P3 ip address 10.10.102.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer2_Site2 ip vrf forwarding Customer2_Site2 ip address 172.10.40.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Connected to Customer4_Site1 ip vrf forwarding Customer4_Site1 ip address 172.10.100.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2


no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 7.7.7.0 0.0.0.255 area 0 network 10.10.60.0 0.0.0.255 area 0 network 10.10.102.0 0.0.0.255 area 0 network 0.0.0.0 255.255.255.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer4_Site1 redistribute connected redistribute static


no synchronization exit-address-family ! address-family ipv4 vrf Customer2_Site2 redistribute connected neighbor 172.10.40.1 remote-as 65000 neighbor 172.10.40.1 activate neighbor 172.10.40.1 as-override neighbor 172.10.40.1 advertisement-interval 5 no synchronization exit-address-family ! ip forward-protocol nd ip route vrf Customer4_Site1 55.55.55.55 255.255.255.255 Serial5/1 172.10.100.1 3 ip route vrf Customer4_Site1 172.10.100.0 255.255.255.252 Serial5/1 172.10.100.1 3 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE4#

Details: PE5 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400)


Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.70.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.101.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.110.2 YES NVRAM up down Serial5/1 unassigned YES NVRAM administratively down down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 8.8.8.8 YES NVRAM up up

PE5#show running-config Building configuration... Current configuration : 5483 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE5 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$.D25$Keymcc9BQAVlsbC4PN/EN. ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !


no ip domain lookup ip vrf Customer4_Site2 rd 400:1 route-target export 1:400 route-target import 1:400 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333435 32365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B2E5 F6F203B0 3F647F7B 03D0B8B8 13E85E55 9A0ECA38 4F403918 67F62578 FBBEB9E5 AF7EFEEE A7970C50 A9E92F16 86EAAAFF 07DD7971 038841E9 042E25A1 B46F9A8B C76F6B02 CB4C5BC7 9AF522A1 3629E982 CF03D84D AB7A90E2 78AF2B9A F0361C91 A323F276 5F832F26 33F45846 ADF89BD7 413A0E6A BCA16024 E8C15B7F 3A130203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504535 301F0603 551D2304 18301680 14EAC046 13918F7E BF5DC16E 4C403779 FF306042 4D301D06 03551D0E 04160414 EAC04613 918F7EBF 5DC16E4C 403779FF 3060424D 300D0609 2A864886 F70D0101 04050003 81810070 7F4143C6 FAFB2FD9 5B426700 714198E0 0E7B9F34 916DC4CB 2ACF1572 33A24206 B2BB2629 F01D7872 144FCE1B E58D622E 915A5E96 3B6B9473 75651D81 B25CAE9E 8D20CCE8 EE02041E D869479A 45632E14 69A67F20 C672021B D6DAB40C 08A54047 C96180D9 6C24AEF9 652BDA94 FFD397BB 6B1FB9A0 6D1CF7F3 E7917FCC 56E211 quit username waqas privilege 15 secret 5 $1$kyvZ$CmdJMwJfmoMufkFw/FzSn/ archive log config hidekeys ! ! ! interface Loopback0 ip address 8.8.8.8 255.255.255.0 ip ospf network point-to-point


! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P3 ip address 10.10.70.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P2 ip address 10.10.101.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0


description Connected to Customer4_Site2 ip vrf forwarding Customer4_Site2 ip address 172.10.110.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 no ip address shutdown serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 8.8.8.0 0.0.0.255 area 0 network 10.10.70.0 0.0.0.255 area 0 network 10.10.101.0 0.0.0.255 area 0 ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 9.9.9.9 remote-as 1 neighbor 9.9.9.9 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate


neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community both exit-address-family ! address-family ipv4 vrf Customer4_Site2 redistribute connected redistribute static no synchronization exit-address-family ! ip forward-protocol nd ip route vrf Customer4_Site2 66.66.66.66 255.255.255.255 Serial5/0 172.10.110.1 3 ip route vrf Customer4_Site2 172.10.110.0 255.255.255.252 Serial5/0 172.10.110.1 3 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE5#

Details: PE6 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400)


Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 10.10.80.1 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down GigabitEthernet2/0 10.10.104.2 YES NVRAM up up GigabitEthernet3/0 unassigned YES NVRAM administratively down down GigabitEthernet4/0 unassigned YES NVRAM administratively down down Serial5/0 172.10.60.2 YES NVRAM up down Serial5/1 172.10.80.2 YES NVRAM up down Serial5/2 unassigned YES NVRAM administratively down down Serial5/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 9.9.9.9 YES NVRAM up up

PE6#show running-config Building configuration... Current configuration : 6066 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname PE6 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$QrkO$Kf65QUsRKnoHUzX40WuEC. ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef !


! ! ! no ip domain lookup ip vrf Customer3_Site2 rd 300:1 route-target export 1:300 route-target import 1:300 ! ip vrf Customer5_Site2 rd 500:1 route-target export 1:500 route-target import 1:500 ! no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31333435 33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B7DA A302C47B 288BC0D5 A2CD7B26 8FA5E317 D99A0EFC 505665A7 3B722BBC 20DE84B8 7DE27BF7 3E936670 C35C7C96 59253F73 66BE3C8A 3162BD27 38D68EBD 85B5E284 92EF4616 6C1AFBEA 13BD9A88 59330611 D3ED245C 8ECC68F4 0A611C85 CD1C0964 A2B26645 93F7C0F0 E619A7A6 F215E7EF 33744BD1 51B36E42 2AFE31AE 07490203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603 551D1104 07300582 03504536 301F0603 551D2304 18301680 14081D8D E3023D6B F1A79CA6 8A896013 097D682A D8301D06 03551D0E 04160414 081D8DE3 023D6BF1 A79CA68A 89601309 7D682AD8 300D0609 2A864886 F70D0101 04050003 8181000D 862B58E9 5B971D21 9B8A8BDD 0F513AA2 63083FA4 785E4A65 D6112A07 EE5989DB 454AD4EE 44B9C9B8 D9E34014 B4CAECE5 FD4ACD7C CA39C53D 7FEC20A2 47580162 CEA89A00 6163489C 52BFCF86 371F0F17 5891A4B5 3018C0C1 552AF6B5 0E5304A5 5883AEE4 517CD911 B4C75468 A74887CC 939ADB3C 5008D9AA 84D5CFD7 4EA5A5 quit


username waqas privilege 15 secret 5 $1$F8Z7$6kkRJeSULFxPK/oO/He3M1 archive log config hidekeys ! ! interface Loopback0 ip address 9.9.9.9 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 description Connected to P3 ip address 10.10.80.1 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto mpls ip ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface GigabitEthernet2/0 description Connected to P1-Backup Link ip address 10.10.104.2 255.255.255.252 ip ospf message-digest-key 1 md5 cisco ip ospf network point-to-point negotiation auto mpls ip ! interface GigabitEthernet3/0 no ip address


shutdown negotiation auto ! interface GigabitEthernet4/0 no ip address shutdown negotiation auto ! interface Serial5/0 description Connected to Customer3_Site2 ip vrf forwarding Customer3_Site2 ip address 172.10.60.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/1 description Conected to Customer5_Site2 ip vrf forwarding Customer5_Site2 ip address 172.10.80.2 255.255.255.252 serial restart-delay 0 ! interface Serial5/2 no ip address shutdown serial restart-delay 0 ! interface Serial5/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 auto-summary ! address-family ipv4 vrf Customer3_Site2 redistribute bgp 1 metric 10000 300 255 200 1500 network 38.0.0.0 network 172.10.0.0 no auto-summary autonomous-system 100 exit-address-family ! router ospf 1 log-adjacency-changes area 0 authentication message-digest network 9.9.9.0 0.0.0.255 area 0 network 10.10.80.0 0.0.0.255 area 0 network 10.10.104.0 0.0.0.255 area 0 !


router rip version 2 timers basic 20 40 40 80 ! address-family ipv4 vrf Customer5_Site2 redistribute bgp 1 metric transparent network 172.10.0.0 distribute-list 20 in no auto-summary exit-address-family ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 1 neighbor 4.4.4.4 update-source Loopback0 neighbor 5.5.5.5 remote-as 1 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 1 neighbor 6.6.6.6 update-source Loopback0 neighbor 7.7.7.7 remote-as 1 neighbor 7.7.7.7 update-source Loopback0 neighbor 8.8.8.8 remote-as 1 neighbor 8.8.8.8 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 7.7.7.7 activate neighbor 7.7.7.7 send-community both neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both exit-address-family ! address-family ipv4 vrf Customer5_Site2 redistribute connected redistribute rip no synchronization exit-address-family ! address-family ipv4 vrf Customer3_Site2 redistribute eigrp 100 no synchronization


exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end PE6#


Details: Hostname: Customer1_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE1 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: OSPF Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 101.101.101.101YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.10.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up

Customer1_Site1#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 172.10.20.1 172.10.10.1 QM_IDLE 1001 0 ACTIVE

Customer1_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.20.1 port 500 IKE SA: local 172.10.10.1/500 remote 172.10.20.1/500 Active IPSEC FLOW: permit ip 101.101.101.0/255.255.255.0 102.102.102.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer1_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

102.0.0.0/24 is subnetted, 1 subnets O IA 102.102.102.0 [110/129] via 172.10.10.2, 00:16:00, Serial2/0 101.0.0.0/24 is subnetted, 1 subnets C 101.101.101.0 is directly connected, GigabitEthernet0/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.10.0 is directly connected, Serial2/0 O IA 172.10.20.0 [110/65] via 172.10.10.2, 00:16:15, Serial2/0


Customer1_Site1#show running-config Building configuration... Current configuration : 4013 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer1_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31373536 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281


8100D1EE 565A2F27 1972DE00 C3E74FAA 9959E01A F319615D 7CCDD4A6 6DAACDFE C995E125 05F8CB0E 35EEA71A 85E97393 7E1A3E24 EE8AFA2A B483EDE9 4E918E98 37D4717F F884FD91 BBFE1C5C ECB4A1C8 DB2310D1 920D323D A7383CE3 8B21E4B6 63D56BBB 7D149514 08B6A62D C3695A7A AF03F79D B34A450C E74C33EF 5E76189C 88D50203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72315F53 69746531 301F0603 551D2304 18301680 14063E49 15065A61 77F53DCF 1A365DD9 E37C3ED3 08301D06 03551D0E 04160414 063E4915 065A6177 F53DCF1A 365DD9E3 7C3ED308 300D0609 2A864886 F70D0101 04050003 818100C3 CDF56EA8 45CF01FE B67F63F0 123BF733 85C5ABCC A52D6F17 9A4FC05D C7EA3FF2 7B70EC25 990700EF 2E3FF766 85EE60AE 2A7D6D46 939E9B65 1D936812 028DB274 D0980864 C437030A A42E9FD6 DAD398B8 96961AA5 65821CC2 380EE6F6 19D19444 9BB88BBA C5AA8EAA 93DD0A29 DC5010F5 AF53E57A 98D6FFD9 61721BF1 49F642 quit username waqas privilege 15 secret 5 $1$PhfK$ekpHuBt1vvvQRsqK/3ewz1 archive log config hidekeys ! ! ! ! ! ! ! ! ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.20.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.20.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! !


interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 101.101.101.101 255.255.255.0 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE1 ip address 172.10.10.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 log-adjacency-changes


network 101.101.101.0 0.0.0.255 area 1 network 172.10.10.0 0.0.0.255 area 1 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! logging alarm informational access-list 101 permit ip 101.101.101.0 0.0.0.255 102.102.102.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! ! ! ! ! end


Details: Hostname: Customer1_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE3 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: OSPF Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 102.102.102.102 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.20.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Customer1_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.10.1 port 500 IKE SA: local 172.10.20.1/500 remote 172.10.10.1/500 Active IPSEC FLOW: permit ip 102.102.102.0/255.255.255.0 101.101.101.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer1_Site2#show running-config Building configuration... Current configuration : 3979 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer1_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route


ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31373536 34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A92E D36CBF90 B0E3CDB6 6B23CD51 705FBD05 4593ED2A 5F4878E6 F64DCB0E 52F59140 87E87A42 29326368 B143B6A5 156BC382 3693CB85 519EE04C 2EE6F8DC C6789452 A062C97A FE7DA543 0ED8A3DF 0DB14287 C172ED01 B3C36104 6D71C028 5A3E5A9C D5D8159C 78DF00F2 D4068024 C58F46E2 57ADC1DF 78D5DBA5 B0860F74 AB150203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72315F53 69746532 301F0603 551D2304 18301680 14CD4B25 176875E7 3AE379AD D317403A 67068E0E F4301D06 03551D0E 04160414 CD4B2517 6875E73A E379ADD3 17403A67 068E0EF4 300D0609 2A864886 F70D0101 04050003 81810012 92E82AC6 1ECC49D0 134EA828 86F1D184 3A60B808 EC673A17 775E683C FCD7A241 E413027D 32825158 C2B2F7BA 0BDBF236 BEAB2C08 20C8B757 9CFC55C8 56306D7C 1A92871F 46951644 2BBEFC13 B26ABE7B F16FB4B9 755DE3DF 85C53A45 59C63516 1FD0087A 5E471E19 DB66AA26 31AF6948 7AE31ECB B94B5F3A 55B48243 8F9C68 quit username waqas privilege 15 secret 5 $1$MEtu$TxtnZgdUZ8MU0Vo8akkPj. archive log config hidekeys ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.10.1 !


crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.10.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 102.102.102.102 255.255.255.0 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 ip address 172.10.20.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address


shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router ospf 100 log-adjacency-changes network 102.102.102.0 0.0.0.255 area 1 network 172.10.20.0 0.0.0.255 area 1 ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ! logging alarm informational access-list 101 permit ip 102.102.102.0 0.0.0.255 101.101.101.0 0.0.0.255 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! end Customer1_Site2#


Details: Hostname: Customer2_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE2 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: BGP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 105.105.105.105 YES NVRAM up up FastEthernet1/0 10.10.10.20 YES NVRAM up up FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.30.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down

Customer2_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.40.1 port 500 IKE SA: local 172.10.30.1/500 remote 172.10.40.1/500 Active IPSEC FLOW: permit ip 105.105.105.0/255.255.255.0 106.106.106.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer2_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set

172.10.0.0/30 is subnetted, 2 subnets B 172.10.40.0 [20/0] via 172.10.30.2, 00:15:04 C 172.10.30.0 is directly connected, Serial2/0 10.0.0.0/24 is subnetted, 1 subnets C 10.10.10.0 is directly connected, FastEthernet1/0 106.0.0.0/24 is subnetted, 1 subnets B 106.106.106.0 [20/0] via 172.10.30.2, 00:15:04 105.0.0.0/24 is subnetted, 1 subnets C 105.105.105.0 is directly connected, GigabitEthernet0/0


Customer2_Site1#show running-config Building configuration... Current configuration : 4250 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer2_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none


rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313136 31383238 34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AF66 A87936C9 AE5A66DA 516AE204 5D34C383 68A65AC0 9C91CE5E 51C57A61 2D187C17 B3A3D940 12E526A7 9EF77B1A 3A370803 9EBADBD6 26E12064 44A771DC C07AC8CC B2D90950 08B7EC78 58993A04 AD638302 0AF843DC 2D6AF886 E42BE52B 5747A300 5DDC7BB3 167B2B28 4F26B638 12EA93CB 27514D59 0309CEAD AA66267D F1A30203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72325F53 69746531 301F0603 551D2304 18301680 141FC1DA 9289E828 D176E8F5 1268186C C7A34521 68301D06 03551D0E 04160414 1FC1DA92 89E828D1 76E8F512 68186CC7 A3452168 300D0609 2A864886 F70D0101 04050003 8181003D 50625F2E 0751D97B 390AD9E8 25C99F76 6DB33A97 53C14650 52E52125 6D739328 2DFF02D1 BCED18D6 A1FDF70C FDB65885 C42033C5 468D9FA2 AF8067B7 F858C4B3 B6CB7E3C 48F8CB15 3BACE5A5 A4BBF210 A9FFE392 EE4F546F B969C315 B7EEC531 7D75E6DE 1A07288D F435E9DE 4AE99A69 ECA573F2 104CF92B 0AF1A4D6 DD4433 quit username waqas privilege 15 secret 5 $1$IIBO$FpXy5Tt8Dfc2VyxrbGEjv0 archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key linux123 address 172.10.40.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.40.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101


! ! ! ! ! ! ! interface Loopback0 no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 105.105.105.105 255.255.255.0 duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 ip address 10.10.10.20 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE2 ip address 172.10.30.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address


shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router bgp 65000 bgp log-neighbor-changes neighbor 172.10.30.2 remote-as 1 ! address-family ipv4 redistribute connected neighbor 172.10.30.2 activate neighbor 172.10.30.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 105.105.105.0 0.0.0.255 106.106.106.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! gatekeeper shutdown ! ! line con 0


exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input telnet ssh line vty 5 15 privilege level 15 login local transport input telnet ssh ! end Customer2_Site1#

Details: Hostname: Customer2_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE4 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: BGP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 106.106.106.106 YES NVRAM up up FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.40.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down GigabitEthernet3/0 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down

Customer2_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.30.1 port 500 IKE SA: local 172.10.40.1/500 remote 172.10.30.1/500 Active IPSEC FLOW: permit ip 106.106.106.0/255.255.255.0 105.105.105.0/255.255.255.0 Active SAs: 2, origin: crypto map


Customer2_Site2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 172.10.0.0/30 is subnetted, 2 subnets C 172.10.40.0 is directly connected, Serial2/0 B 172.10.30.0 [20/0] via 172.10.40.2, 00:16:58 10.0.0.0/24 is subnetted, 1 subnets B 10.10.10.0 [20/0] via 172.10.40.2, 00:16:58 106.0.0.0/24 is subnetted, 1 subnets C 106.106.106.0 is directly connected, GigabitEthernet0/0 105.0.0.0/24 is subnetted, 1 subnets B 105.105.105.0 [20/0] via 172.10.40.2, 00:16:58 Customer2_Site2#show running-config Building configuration... Current configuration : 2376 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer2_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! ! ! ! no ip domain lookup


no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key linux123 address 172.10.30.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.30.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! ! interface Loopback0 no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown


duplex auto ! interface GigabitEthernet0/0 ip address 106.106.106.106 255.255.255.0 duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE4 ip address 172.10.40.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! interface GigabitEthernet3/0 no ip address shutdown negotiation auto ! router bgp 65000


bgp log-neighbor-changes neighbor 172.10.40.2 remote-as 1 ! address-family ipv4 redistribute connected neighbor 172.10.40.2 activate neighbor 172.10.40.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 106.106.106.0 0.0.0.255 105.105.105.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Customer2_Site2#


Details: Hostname: Customer3_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE1 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: EIGRP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.50.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 108.108.108.108 YES NVRAM up up

Customer3_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.60.1 port 500 IKE SA: local 172.10.50.1/500 remote 172.10.60.1/500 Active IPSEC FLOW: permit ip 108.108.108.0/255.255.255.0 38.38.38.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer3_Site1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets D 38.38.38.0 [90/2809856] via 172.10.50.2, 00:05:46, Serial2/0 172.10.0.0/30 is subnetted, 2 subnets C 172.10.50.0 is directly connected, Serial2/0 D 172.10.60.0 [90/2681856] via 172.10.50.2, 00:05:46, Serial2/0 108.0.0.0/24 is subnetted, 1 subnets C 108.108.108.0 is directly connected, Loopback0


Customer3_Site1#show running-config Building configuration... Current configuration : 2246 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer3_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! aaa new-model ! ! aaa authentication login default local ! aaa session-id common ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! username waqas password 0 cisco archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key technology111 address 172.10.60.1 ! crypto ipsec security-association lifetime seconds 1800 !


crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.60.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 108.108.108.108 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE1 ip address 172.10.50.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0


! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 network 108.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 108.108.108.0 0.0.0.255 38.38.38.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 password cisco logging synchronous login authentication local stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer3_Site1#


Details: Hostname: Customer3_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE6 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: EIGRP Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.60.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 38.38.38.38 YES NVRAM up up

Customer3_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.50.1 port 500 IKE SA: local 172.10.60.1/500 remote 172.10.50.1/500 Active IPSEC FLOW: permit ip 38.38.38.0/255.255.255.0 108.108.108.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer3_Site2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 38.0.0.0/24 is subnetted, 1 subnets C 38.38.38.0 is directly connected, Loopback0 172.10.0.0/30 is subnetted, 2 subnets D 172.10.50.0 [90/2681856] via 172.10.60.2, 00:09:39, Serial2/0 C 172.10.60.0 is directly connected, Serial2/0 108.0.0.0/24 is subnetted, 1 subnets D 108.108.108.0 [90/2809856] via 172.10.60.2, 00:09:39, Serial2/0


Customer3_Site2#show running-config Building configuration... Current configuration : 2106 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer3_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key technology111 address 172.10.50.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.50.1 set security-association lifetime seconds 900 set transform-set 50


set pfs group5 match address 101 ! interface Loopback0 ip address 38.38.38.38 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto ! interface Serial2/0 description Connected to ISP-PE6 ip address 172.10.60.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 !


interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router eigrp 100 network 38.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd no ip http server no ip http secure-server ! logging alarm informational access-list 101 permit ip 38.38.38.0 0.0.0.255 108.108.108.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login ! end Customer3_Site2#


Details: Hostname: Customer4_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE4 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: Static Route Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.100.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 55.55.55.55 YES NVRAM up up

Customer4_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.110.1 port 500 IKE SA: local 172.10.100.1/500 remote 172.10.110.1/500 Active IPSEC FLOW: permit ip 55.55.55.0/255.255.255.0 66.66.66.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer4_Site1#show running-config Building configuration... Current configuration : 4161 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer4_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$fa8R$L9ulv/zldcPAu11DGqMUF0 ! aaa new-model !


aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313330 30313039 31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B808 AD6F8F56 886C98E4 AF9115F4 AF1A5DFE 0ADBF80D 683C1982 85FDC90D 35CA545F D4CFA42B F1FA582B DDC26D03 26CB601A 0009155A 2D57C195 CCD73460 3C663AB8 59647421 EF43A1F1 EA546A85 2A959E47 8125E84B 5E2E7101 B0D889F7 689EFF22 45A6E5AE 28717578 999912BF 141C08B1 FA2C5418 BD2C6C6F 3D9F1BF0 24730203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72345F53 69746531 301F0603 551D2304 18301680 14348181 3981322D DD9E972D 59E0A1AD 6B16A6F1 A8301D06 03551D0E 04160414 34818139 81322DDD 9E972D59 E0A1AD6B 16A6F1A8 300D0609 2A864886 F70D0101 04050003 81810040 C1EFEC79 1888702E 981BE7C5 81E0F8AE 6B0B061E 991B8109 5CA2FCEE 2CAECD11 3B8A0AD3 E59F2D35 0A16CA38 09D9227F A011AF73 7D4437B0 2ECA96AB BA70D70C 0BCED100 3E4B0282 A42B4C2F C6B1E6E7 77CF385A 94B79C18 0BD7652E 3D9335D8 CFC8AEC6 17E40F9E A784A647 FABF66C3 0263C65B 9C0FC6D0 3491BA9E 0DDAB6 quit username waqas privilege 15 secret 5 $1$WPx/$CSKF0Wvo45U.hQCqeXyTU0 archive log config hidekeys


! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.110.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.110.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 55.55.55.55 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto !


interface Serial2/0 description Connected to ISP-PE4 ip address 172.10.100.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.10.100.2 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational access-list 101 permit ip 55.55.55.0 0.0.0.255 66.66.66.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer4_Site1#


Details: Hostname: Customer4_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE5 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: Static Route Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 unassigned YES NVRAM administratively down down FastEthernet1/0 unassigned YES NVRAM administratively down down FastEthernet1/1 unassigned YES NVRAM administratively down down Serial2/0 172.10.110.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 66.66.66.66 YES NVRAM up up

Customer4_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.100.1 port 500 IKE SA: local 172.10.110.1/500 remote 172.10.100.1/500 Active IPSEC FLOW: permit ip 66.66.66.0/255.255.255.0 55.55.55.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer4_Site2#show running-config Building configuration... Current configuration : 4161 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer4_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$.cOD$76pyQ37vIlKH1IMbILOF3/ ! aaa new-model !


aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! aaa session-id common ip source-route ip cef ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313330 30313133 32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BA99 73CC3EAF 7E55D6E9 8CF8BC65 B75411B0 57803226 BDADCDCC 9BE5CA8F 47AC8A1D C1D384D4 E02672EA E68F9136 44A3293E 6DDF6FE3 93D95045 1507B137 F375607D 06372FE8 18269A42 54FD0274 8D17359B A2190B01 2635CF0D A9576315 B1FEC410 45A814AC E3057488 AD3FF790 2740D6E4 F96C6534 60578B08 F69EE04F 507D0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72345F53 69746532 301F0603 551D2304 18301680 143C6BA0 F97A6701 841AC540 6EC3284A CA7AC87A AD301D06 03551D0E 04160414 3C6BA0F9 7A670184 1AC5406E C3284ACA 7AC87AAD 300D0609 2A864886 F70D0101 04050003 8181003E 6F9C25A3 CC93C24B 1ED8A652 298F654D 0A279837 CC66A1F4 32BAC6BE 32BA9FDA FCE259AB DBA5BD1F E22F10C6 00CB93C8 D93A591B 2C90B5C8 327F5C88 31491F12 B1D39C43 E9894524 9C7AF7DB EE95DF60 0F0E75C7 C597EE16 3F135146 5CE47FCD 5453A617 4232811F 96D42F87 6145043B 79A6DD33 2C0D2397 81BC9C2E E2037F quit username waqas privilege 15 secret 5 $1$m.2P$rsfCShbn7Lh1mFLMfCXzT0 archive log config hidekeys


! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco123 address 172.10.100.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.100.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! interface Loopback0 ip address 66.66.66.66 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 no ip address shutdown duplex full speed 1000 media-type gbic negotiation auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/1 no ip address shutdown duplex auto speed auto !


interface Serial2/0 description Connected to ISP-PE5 ip address 172.10.110.1 255.255.255.252 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 172.10.110.2 ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! logging alarm informational access-list 101 permit ip 66.66.66.0 0.0.0.255 55.55.55.0 0.0.0.255 ! mpls ldp router-id Loopback0 ! control-plane ! gatekeeper shutdown ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer4_Site2#


Details: Hostname: Customer5_Site1 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE3 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: RIP Version 2 Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 40.40.40.40 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down Serial2/0 172.10.70.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down

Customer5_Site1#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.80.1 port 500 IKE SA: local 172.10.70.1/500 remote 172.10.80.1/500 Active IPSEC FLOW: permit ip 40.40.40.0/255.255.255.0 41.41.41.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer5_Site1#show running-config Building configuration... Current configuration : 4241 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer5_Site1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$yti5$4DyRv.Fq2uT4ArW/LOA.p1 ! aaa new-model


! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313330 30303538 35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649


4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100AC8A 612005D7 AF2A072C 8BEFDB71 89A35BAF 41FAE45E AED64296 DB08B1D0 471B7A31 35F9E32E 05DBCC5F BE759487 611D7D43 9657E385 D5579169 FDFDDBCA 16631BA9 72892143 2E87A78D 5191FB38 0CC9B2D8 0F0997D8 94143F43 075F2E0E C5E9E885 52AED9E9 E9143747 6B90E374 8E198596 6322B9EB 6033BFE3 7DD42C28 A18B0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72355F53 69746531 301F0603 551D2304 18301680 14FA86CF 84A0F465 06D94C7D 9A4E3AC3 E85FC22D EF301D06 03551D0E 04160414 FA86CF84 A0F46506 D94C7D9A 4E3AC3E8 5FC22DEF 300D0609 2A864886 F70D0101 04050003 81810088 9812CE9F DFA41A8E 403BEAC8 BBA045E7 CCEBA28F BF9746F1 6F741514 8B72F6FD 994E1243 7DEB861D E143AD38 58CD48DE E22849D3 9D2B6EF2 ADC17FA4 E1FCF874 86D4BCE9 B6192A05 9403BE57 0E156230 50D8F13F 7C2B0A5B 5F63311E 9F723FE5 183A391F 4382AFE7 22BD5973 D8DC3076 2880AC69 AB8C4FF1 F2342275 70957B quit username waqas privilege 15 secret 5 $1$HsZK$f6RRnxXCjOqxn3fdLyiYg. archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco786 address 172.10.80.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.80.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! ! ! ! ! ! ! interface Loopback0 no ip address


ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 40.40.40.40 255.255.255.0 ip rip advertise 20 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface Serial2/0 description Connected to ISP-PE3 ip address 172.10.70.1 255.255.255.252 ip rip advertise 20 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 timers basic 20 40 40 80 redistribute connected


network 40.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 40.40.40.0 0.0.0.255 41.41.41.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer5_Site1#


Customer 5 – Site 1 Cisco ASA 5520 Appliance Configuration ASA-Site2# show failover Failover On Failover unit Primary Failover LAN Interface: failover GigabitEthernet3 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 60 maximum Version: Ours 8.4(2), Mate 8.4(2) Last Failover at: 22:27:30 UTC Nov 29 2013 This host: Primary - Active Active time: 391 (sec) Interface outside (41.41.41.42): Normal (Waiting) Interface management (10.10.10.1): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (137.100.20.1): Normal (Not-Monitored) Interface SubnetTwenty (138.200.40.1): Normal (Not-Monitored) Other host: Secondary - Standby Ready Active time: 0 (sec) Interface outside (0.0.0.0): Normal (Waiting) Interface management (0.0.0.0): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (0.0.0.0): Normal (Not-Monitored) Interface SubnetTwenty (0.0.0.0): Normal (Not-Monitored) Stateful Failover Logical Update Statistics Link : state GigabitEthernet4 (up) Stateful Obj xmit xerr rcv rerr General 41 0 40 0 sys cmd 40 0 40 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 0 0 0 0 UDP conn 0 0 0 0 ARP tbl 0 0 0 0 Xlate_Timeout 0 0 0 0 IPv6 ND tbl 0 0 0 0 VPN IKEv1 SA 0 0 0 0 VPN IKEv1 P2 0 0 0 0 VPN IKEv2 SA 0 0 0 0 VPN IKEv2 P2 0 0 0 0 VPN CTCP upd 0 0 0 0 VPN SDI upd 0 0 0 0


VPN DHCP upd 0 0 0 0 SIP Session 0 0 0 0 Route Session 0 0 0 0 User-Identity 1 0 0 0 Logical Update Queue Information Cur Max Total Recv Q: 0 12 343 Xmit Q: 0 30 423 ASA-Site2# show running-config : Saved : ASA Version 8.4(2) ! hostname ASA-Site2 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0 nameif outside security-level 0 ip address 41.41.41.42 255.255.255.0 ! interface GigabitEthernet1 nameif management security-level 0 ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet2 nameif inside security-level 100 no ip address ! interface GigabitEthernet2.10 vlan 10 nameif SubnetTen security-level 100 ip address 137.100.20.1 255.255.255.0 ! interface GigabitEthernet2.20 vlan 20 nameif SubnetTwenty security-level 100 ip address 138.200.40.1 255.255.255.0 !


interface GigabitEthernet3 description LAN Failover Interface ! interface GigabitEthernet4 description STATE Failover Interface ! interface GigabitEthernet5 shutdown no nameif no security-level no ip address ! ftp mode passive same-security-traffic permit intra-interface object network Remote_Network subnet 198.168.10.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 137.100.0.0 255.255.0.0 network-object 138.200.40.0 255.255.255.0 access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object Remote_Network access-list outside_cryptomap extended permit ip 137.100.0.0 255.255.255.0 object Remote_Network pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu management 1500 mtu inside 1500 mtu SubnetTen 1500 mtu SubnetTwenty 1500 failover failover lan unit primary failover lan interface failover GigabitEthernet3 failover key ***** failover link state GigabitEthernet4 failover interface ip failover 172.16.1.1 255.255.255.252 standby 172.16.1.2 failover interface ip state 172.16.2.1 255.255.255.252 standby 172.16.2.2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-649-103.bin no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 41.41.41.41 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00


timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 10.10.10.10 255.255.255.255 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto map outside_map 1 match address outside_cryptomap crypto map outside_map 1 set pfs group5 crypto map outside_map 1 set peer 40.40.40.41 crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map interface outside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b


13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420 68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329 3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365 63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597 a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10 9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc 7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b 15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845 63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced 4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f 81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201 db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101 ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8 45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406 03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973 69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969 6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973 69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30 1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603 551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a 6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc 481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16 b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0 5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8 6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 6c2527b9 deb78458 c61f381e a4c4cb66 quit crypto ikev2 policy 1 encryption aes-256


integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400


crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400


crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 ! tls-proxy maximum-session 11000 ! threat-detection basic-threat threat-detection scanning-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn group-policy GroupPolicy_40.40.40.41 internal group-policy GroupPolicy_40.40.40.41 attributes vpn-tunnel-protocol ikev1 ikev2 username waqas password 2kOl6/jI/9uq79KY encrypted privilege 15 tunnel-group 40.40.40.41 type ipsec-l2l tunnel-group 40.40.40.41 general-attributes default-group-policy GroupPolicy_40.40.40.41 tunnel-group 40.40.40.41 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! !


! policy-map global-policy class class-default user-statistics accounting ! service-policy global-policy global prompt hostname context call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable crashinfo save disable Cryptochecksum:e3a7f2ef8e58bae0f978f5cb20364b6e : end


Details: Hostname: Customer5_Site2 (Router) IOS: Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(20) T Hardware: Cisco 7206VXR (NPE400) Connected to: PE6 Cryptography: ISAKMP-SA: IPSec -Site to Site VPN Routing Protocol: RIP Version 2 Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 41.41.41.41 YES NVRAM up up GigabitEthernet1/0 unassigned YES NVRAM administratively down down Serial2/0 172.10.80.1 YES NVRAM up up Serial2/1 unassigned YES NVRAM administratively down down Serial2/2 unassigned YES NVRAM administratively down down Serial2/3 unassigned YES NVRAM administratively down down SSLVPN-VIF0 unassigned NO unset up up Loopback0 unassigned YES NVRAM administratively down down

Customer5_Site2#show crypto session Crypto session current status Interface: Serial2/0 Session status: UP-ACTIVE Peer: 172.10.70.1 port 500 IKE SA: local 172.10.80.1/500 remote 172.10.70.1/500 Active IPSEC FLOW: permit ip 41.41.41.0/255.255.255.0 40.40.40.0/255.255.255.0 Active SAs: 2, origin: crypto map Customer5_Site2#show running-config Building configuration... Current configuration : 4241 bytes ! upgrade fpd auto version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Customer5_Site2 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$MKo/$jnuFWWc2eeFbVWfrCvMxL0 !


aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization console aaa authorization exec default local if-authenticated aaa authorization commands 15 default local if-authenticated ! ! aaa session-id common ip source-route ip cef ! ! ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated mpls label protocol ldp ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-4279256517 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4279256517 revocation-check none rsakeypair TP-self-signed-4279256517 ! ! crypto pki certificate chain TP-self-signed-4279256517 certificate self-signed 01 30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323739 32353635 3137301E 170D3133 31313330 30303539


30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932 35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100ADD8 CFDC166F C18B031B CB8F1764 67CA9F1D D8C1D0B6 8B4DBAB6 D543D28F C916449C 8598D2D5 6723F19B 50977703 4785242E B73C427C B5C122DF 4040A27D 259A7EDF 56D02EA1 2BBBD1C2 9C82DCFF 7AF4496E 9B814D63 EDCD9F45 6A085F7B C9CD9439 F8CB88D5 FDF30480 731768BD 19FE3056 10DC661A 3E1EC06B 40741D88 8A010203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 551D1104 13301182 0F437573 746F6D65 72355F53 69746532 301F0603 551D2304 18301680 14186C76 473F60BA 5115AC7E 817F21ED 71EC695E BE301D06 03551D0E 04160414 186C7647 3F60BA51 15AC7E81 7F21ED71 EC695EBE 300D0609 2A864886 F70D0101 04050003 81810027 B7C12A63 E05ACCED F6F12CF5 833D8E41 BCD39BEB C1EC7115 A60454BF 4D5C4237 86C93BD2 92C6FE77 AA2AA894 02DADF46 BEFDE37C 508DE3BF 13FD2153 8E801F51 90EF4DBD C697ADC0 FA8A5D4D 15A96BE0 9AF81871 F07FA68B 2376D857 86F8CF05 19E88541 93146AC4 EB3CD042 CECAFAE1 AB3DEFB6 0CF7043B 588B2192 631275 quit username waqas privilege 15 secret 5 $1$CL6T$qiM2n/XDgMnEZA.OzaT5l1 archive log config hidekeys ! ! crypto isakmp policy 10 encr aes 256 authentication pre-share group 5 lifetime 3600 crypto isakmp key cisco786 address 172.10.70.1 ! crypto ipsec security-association lifetime seconds 1800 ! crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac ! crypto map CMAP 10 ipsec-isakmp set peer 172.10.70.1 set security-association lifetime seconds 900 set transform-set 50 set pfs group5 match address 101 ! ! ! ! ! ! ! interface Loopback0


no ip address ip ospf network point-to-point shutdown ! interface Ethernet0/0 no ip address shutdown duplex auto ! interface GigabitEthernet0/0 ip address 41.41.41.41 255.255.255.0 ip rip advertise 20 ip ospf network point-to-point duplex full speed 1000 media-type gbic negotiation auto ! interface GigabitEthernet1/0 no ip address shutdown negotiation auto ! interface Serial2/0 description Connected to ISP-PE6 ip address 172.10.80.1 255.255.255.252 ip rip advertise 20 serial restart-delay 0 crypto map CMAP ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! router rip version 2 timers basic 20 40 40 80


redistribute connected network 41.0.0.0 network 172.10.0.0 no auto-summary ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 1000 ! ! ! logging alarm informational access-list 101 permit ip 41.41.41.0 0.0.0.255 40.40.40.0 0.0.0.255 ! ! ! ! ! ! mpls ldp router-id Loopback0 ! control-plane ! ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 ! end Customer5_Site2#


Customer 5 – Site 2 Cisco ASA 5520 Appliance Configuration ASA-Site2# show failover Failover On Failover unit Secondary Failover LAN Interface: failover GigabitEthernet3 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 3 of 60 maximum Version: Ours 8.4(2), Mate 8.4(2) Last Failover at: 22:28:09 UTC Nov 29 2013 This host: Secondary - Standby Ready Active time: 0 (sec) Interface outside (0.0.0.0): Normal (Waiting) Interface management (0.0.0.0): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (0.0.0.0): Normal (Not-Monitored) Interface SubnetTwenty (0.0.0.0): Normal (Not-Monitored) Other host: Primary - Active Active time: 859 (sec) Interface outside (41.41.41.42): Normal (Waiting) Interface management (10.10.10.1): Normal (Waiting) Interface inside (0.0.0.0): Normal (Waiting) Interface SubnetTen (137.100.20.1): Normal (Not-Monitored) Interface SubnetTwenty (138.200.40.1): Normal (Not-Monitored) Stateful Failover Logical Update Statistics Link : state GigabitEthernet4 (up) Stateful Obj xmit xerr rcv rerr General 102 0 103 0 sys cmd 102 0 102 0 up time 0 0 0 0 RPC services 0 0 0 0 TCP conn 0 0 0 0 UDP conn 0 0 0 0 ARP tbl 0 0 0 0 Xlate_Timeout 0 0 0 0 IPv6 ND tbl 0 0 0 0 VPN IKEv1 SA 0 0 0 0 VPN IKEv1 P2 0 0 0 0 VPN IKEv2 SA 0 0 0 0 VPN IKEv2 P2 0 0 0 0 VPN CTCP upd 0 0 0 0 VPN SDI upd 0 0 0 0


VPN DHCP upd 0 0 0 0 SIP Session 0 0 0 0 Route Session 0 0 0 0 User-Identity 0 0 1 0 Logical Update Queue Information Cur Max Total Recv Q: 0 19 1803 Xmit Q: 0 1 102 ASA-Site2# show running-config : Saved : ASA Version 8.4(2) ! hostname ASA-Site2 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface GigabitEthernet0 nameif outside security-level 0 ip address 41.41.41.42 255.255.255.0 ! interface GigabitEthernet1 nameif management security-level 0 ip address 10.10.10.1 255.255.255.0 ! interface GigabitEthernet2 nameif inside security-level 100 no ip address ! interface GigabitEthernet2.10 vlan 10 nameif SubnetTen security-level 100 ip address 137.100.20.1 255.255.255.0 ! interface GigabitEthernet2.20 vlan 20 nameif SubnetTwenty security-level 100 ip address 138.200.40.1 255.255.255.0 !


interface GigabitEthernet3 description LAN Failover Interface ! interface GigabitEthernet4 description STATE Failover Interface ! interface GigabitEthernet5 shutdown no nameif no security-level no ip address ! ftp mode passive same-security-traffic permit intra-interface object network Remote_Network subnet 198.168.10.0 255.255.255.0 object-group network DM_INLINE_NETWORK_1 network-object 137.100.0.0 255.255.0.0 network-object 138.200.40.0 255.255.255.0 access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object Remote_Network access-list outside_cryptomap extended permit ip 137.100.0.0 255.255.255.0 object Remote_Network pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu management 1500 mtu inside 1500 mtu SubnetTen 1500 mtu SubnetTwenty 1500 failover failover lan unit secondary failover lan interface failover GigabitEthernet3 failover key ***** failover link state GigabitEthernet4 failover interface ip failover 172.16.1.1 255.255.255.252 standby 172.16.1.2 failover interface ip state 172.16.2.1 255.255.255.252 standby 172.16.2.2 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-649-103.bin no asdm history enable arp timeout 14400 route outside 0.0.0.0 0.0.0.0 41.41.41.41 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00


timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 10.10.10.10 255.255.255.255 management no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec ikev2 ipsec-proposal AES256 protocol esp encryption aes-256 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES192 protocol esp encryption aes-192 protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal AES protocol esp encryption aes protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal 3DES protocol esp encryption 3des protocol esp integrity sha-1 md5 crypto ipsec ikev2 ipsec-proposal DES protocol esp encryption des protocol esp integrity sha-1 md5 crypto map outside_map 1 match address outside_cryptomap crypto map outside_map 1 set pfs group5 crypto map outside_map 1 set peer 40.40.40.41 crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES crypto map outside_map interface outside crypto ca trustpoint _SmartCallHome_ServerCA crl configure crypto ca certificate chain _SmartCallHome_ServerCA certificate ca 6ecc7aa5a7032009b8cebcf4e952d491 308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b


13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b 30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420 68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329 3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365 63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597 a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10 9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc 7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b 15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845 63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced 4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f 81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201 db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101 ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8 45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a 1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406 03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973 69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969 6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973 69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30 1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603 551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a 6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc 481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16 b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0 5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8 6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 6c2527b9 deb78458 c61f381e a4c4cb66 quit crypto ikev2 policy 1 encryption aes-256


integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 10 encryption aes-192 integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 20 encryption aes integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 30 encryption 3des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 policy 40 encryption des integrity sha group 5 2 prf sha lifetime seconds 86400 crypto ikev2 enable outside crypto ikev1 enable outside crypto ikev1 policy 10 authentication crack encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 20 authentication rsa-sig encryption aes-256 hash sha group 2 lifetime 86400 crypto ikev1 policy 30 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400


crypto ikev1 policy 40 authentication crack encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 50 authentication rsa-sig encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 60 authentication pre-share encryption aes-192 hash sha group 2 lifetime 86400 crypto ikev1 policy 70 authentication crack encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 80 authentication rsa-sig encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 90 authentication pre-share encryption aes hash sha group 2 lifetime 86400 crypto ikev1 policy 100 authentication crack encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 110 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400


crypto ikev1 policy 120 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto ikev1 policy 130 authentication crack encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 140 authentication rsa-sig encryption des hash sha group 2 lifetime 86400 crypto ikev1 policy 150 authentication pre-share encryption des hash sha group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 ! tls-proxy maximum-session 11000 ! threat-detection basic-threat threat-detection scanning-threat threat-detection statistics threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn group-policy GroupPolicy_40.40.40.41 internal group-policy GroupPolicy_40.40.40.41 attributes vpn-tunnel-protocol ikev1 ikev2 username waqas password 2kOl6/jI/9uq79KY encrypted privilege 15 tunnel-group 40.40.40.41 type ipsec-l2l tunnel-group 40.40.40.41 general-attributes default-group-policy GroupPolicy_40.40.40.41 tunnel-group 40.40.40.41 ipsec-attributes ikev1 pre-shared-key ***** ikev2 remote-authentication pre-shared-key ***** ikev2 local-authentication pre-shared-key ***** ! !


! policy-map global-policy class class-default user-statistics accounting ! service-policy global-policy global prompt hostname context call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily hpm topN enable crashinfo save disable Cryptochecksum:58a80fb8060d6e9597dc92b87585c2e0 : end ASA-Site2#

Documents

MPLS Layer 3 (VPRN) Model P, PE and CE Routers ...€¦ · Multiprotocol BGP (MP-BGP) is required in the cloud to utilize the service, ... peer-to-peer model using Multi Protocol-