Topology
IP addressing
Configurations
HQ Site
vEdgeBranch-HQ-1# show running-config
system
host-name vEdgeBranch-HQ-1
system-ip 200.1.1.1
site-id 200
no route-consistency-check
sp-organization-name MEDHY-B
organization-name MEDHY-B
vbond 192.100.1.2
aaa
auth-order local radius tacacs
usergroup basic
task system read write
task interface read write
!
usergroup netadmin
!
usergroup operator
task system read
task interface read
task policy read
task routing read
task security read
!
user admin
password $6$siwKBQ==$wT2lUa9BSreDPI6gB8sl4E6PAJoVXgMbgv/whJ8F1C6sWdRazdxorYYTLrL6syiG6qnLABTnrE96HJiKF6QRq1
!
!
logging
disk
enable
!
server 172.122.1.150
vpn 10
source-interface ge0/2
exit
!
ntp
server 172.111.1.100
source-interface ge0/2
vpn 10
version 4
prefer
exit
!
archive
path /home/admin/Config_Archive
vpn 10
!
!
omp
no shutdown
graceful-restart
advertise connected
advertise static
!
security
ipsec
authentication-type sha1-hmac ah-sha1-hmac
!
!
snmp
no shutdown
contact Medhy_LAB
name vEdgeBranch-HQ-1
location “San Francisco”
view OID1.3.*
oid 1.3.*
!
community cisco
view OID1.3.*
authorization read-only
!
trap target vpn 10 172.111.1.150 161
group-name ALL
community-name cisco
!
trap group ALL
all
level critical major minor
exit
exit
!
banner
login #####LOGIN######
motd #####MOTD######
!
vpn 0
name TRANSPORT INTERNET VPN
interface ge0/0
description TRANSPORT INTERNET INTERFACE
ip address 192.100.1.210/24
tunnel-interface
encapsulation ipsec
color public-internet
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
!
no shutdown
!
interface ge0/3
description TLOC PLACE HOLDER
no shutdown
!
interface ge0/3.5
description TLOC_EXT _MAP
ip address 215.215.215.1/30
mtu 1496
tloc-extension ge0/0
no shutdown
!
interface ge0/3.6
description TLOC_EXT_TUNNEL
ip address 216.216.216.1/30
tunnel-interface
encapsulation ipsec
color mpls
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
no allow-service sshd
no allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
!
pmtu
mtu 1496
no shutdown
!
ip route 0.0.0.0/0 192.100.1.100
ip route 0.0.0.0/0 216.216.216.2
!
vpn 10
name SERVICE VPN 10
router
multicast-replicator local
pim
auto-rp
interface ge0/2
exit
exit
igmp
interface ge0/2
exit
exit
!
cloudexpress
node-type client
allow-local-exit
applications amazon_aws google_apps
!
interface ge0/2
description SERVICE VPN_10 INTERFACE
ip address 172.210.1.1/24
no shutdown
vrrp 10
priority 105
track-omp
ipv4 172.210.1.200
!
!
ip route 172.210.1.0/24 172.210.1.80
ip route 172.210.1.0/24 172.210.1.100
tcp-optimization
!
vpn 512
name MANAGEMENT VPN 512
interface eth0
description MANAGEMENT INTERFACE
ip address 172.16.1.210/24
no shutdown
!
!
policy
app-visibility
lists
prefix-list PFX_MPLS_LPK
ip-prefix 172.0.0.0/24 le 32
!
!
route-policy BGP_FROM_MPLS
default-action reject
!
route-policy BGP_TO_MPLS
sequence 1
match
address PFX_MPLS_LPK
action accept
set
community 1:65000
default-action reject
access-list ACL_FROM_TLOCEX
default-action accept
vEdgeBranch-HQ-1#