Current configuration : 11639 bytes
!
! Last configuration change at 15:57:12 UTC Mon Apr 3 2023
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname ip-172-31-8-207
!
boot-start-marker
boot-end-marker
!
!
vrf definition GS
 rd 100:100
 !
 address-family ipv4
 exit-address-family
!
logging persistent size 1000000 filesize 8192 immediate
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-349439753
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-349439753
 revocation-check none
 rsakeypair TP-self-signed-349439753
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-349439753
 certificate self-signed 01
  3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33343934 33393735 33301E17 0D323330 33303231 35333233
  305A170D 33333033 30313135 33323330 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3334 39343339
  37353330 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
  82010100 92DED38D DB7950DE 3DF20CE8 B69AA25C DE7216BA EE981D34 89711E9A
  DD35253B B4ABF9B6 6D6D26D8 5E0F93C9 864432C9 63B099F3 6B38B460 FC547E8B
  4A98840B C2E8AC90 9D79DA88 1CE38268 ADA12718 C509B89C EC08F33C 5BD33FB3
  7CE6E73F 9540C8D5 64D45D86 5EA2744C 86C19AC9 248A408F 3C72FE1E 472C9BAF
  537308A3 DA595FD1 6994E25A B8321E84 5CA68089 10F902E9 76F89FAC 4B3917F2
  D8B3D8E4 A3BB6A89 937BC442 4D24E7E7 98D0CDF4 E5191E27 F78AEEA3 CEACFA5B
  ACD0BA2D E8390ABA A127130C EE22FC7B 39179B18 0039CDD5 2437D76B 9F41C624
  7A2F6BC3 4BFEF749 6F56CD66 C5D3FBDF E108C5EA A7F7D94E 0FBB6D4E 0B36C712
  3E4C3091 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
  0603551D 23041830 168014D5 A34F84C1 722528B3 37AB7BAE 6FD8D48A 4E47C230
  1D060355 1D0E0416 0414D5A3 4F84C172 2528B337 AB7BAE6F D8D48A4E 47C2300D
  06092A86 4886F70D 01010505 00038201 010049FF 3532DB29 BBCD057B 6369A8FD
  047FFBA6 4ECF6ECE 588328BC B074D075 6AD1B96F E37482BC 1562D506 64CA2E87
  FEF9AB4A 5117C1DE 787F6367 5692FDC0 0ED80A47 9B9EA2EB 2B8A5E0B 1F8E7CBF
  2FBD5686 24A607F1 8141DD79 9D975814 F78C2834 7723D769 AD51DDAC 7A126C5D
  5C46F736 BD69557A 2A74624D 57881764 A7A8C759 8D7C7B39 07832EEA E041AAD7
  F412716B 8571DC52 685B4AA4 A55083C2 1100ED61 E6E2F053 7413E739 D5654A17
  922D209D 63974960 D4EDB898 E0FDF773 4B25B339 496384FA 668D7E28 3F587C34
  C03E4C1F 700CE030 04239A6A 3D490059 B86DE295 24541874 29DCF38D C15FDAEA
  2F93A03B 617AB752 70671CDC 7676ABE1 7C9A
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
  D697DF7F 28
        quit
!
license udi pid CSR1000V sn 9POSTEE9LDG
diagnostic bootup level minimal
memory free low-watermark processor 71465
!
!
spanning-tree extend system-id
!
username ec2-user privilege 15
!
redundancy
!
!
!
!
!
!
!
!
crypto keyring 3.12.79.152-44.211.111.125
  pre-shared-key address 44.211.111.125 key KKoFRVeiIfwGanyCgvA2OIJHiC5pFbGA7rYheybo
crypto keyring 3.12.79.152-54.211.236.62
  pre-shared-key address 54.211.236.62 key YjuFwGLZHtVundgEbmBcsNTAhB6HCL9W0UjJr3xr
crypto keyring 3.133.193.97-44.211.111.125
  pre-shared-key address 44.211.111.125 key 3RQmQ82z9ENdkdJlgYhOSZ4uQsJnwp51yQZTEx5g
crypto keyring 3.133.193.97-54.211.236.62
  pre-shared-key address 54.211.236.62 key 6dNd0BcfV29tZvzH3T4v6Z2YYHMW2n3v9AnOVgxk
!
!
!
!
!
!
!
crypto isakmp policy 1
 encryption aes 256
 hash sha256
 authentication pre-share
 group 14
 lifetime 28800
!
crypto isakmp policy 2
 encryption aes 256
 hash sha256
 authentication pre-share
 group 14
 lifetime 28800
crypto isakmp keepalive 10 3 periodic
crypto isakmp profile 3.12.79.152-44.211.111.125
   keyring 3.12.79.152-44.211.111.125
   self-identity address
   match identity address 44.211.111.125 255.255.255.255
crypto isakmp profile 3.12.79.152-54.211.236.62
   keyring 3.12.79.152-54.211.236.62
   self-identity address
   match identity address 54.211.236.62 255.255.255.255
crypto isakmp profile 3.133.193.97-44.211.111.125
   keyring 3.133.193.97-44.211.111.125
   self-identity address
   match identity address 44.211.111.125 255.255.255.255
crypto isakmp profile 3.133.193.97-54.211.236.62
   keyring 3.133.193.97-54.211.236.62
   self-identity address
   match identity address 54.211.236.62 255.255.255.255
!
!
crypto ipsec transform-set 3.12.79.152-44.211.111.125 esp-aes 256 esp-sha256-hmac
 mode tunnel
crypto ipsec transform-set 3.12.79.152-54.211.236.62 esp-aes 256 esp-sha256-hmac
 mode tunnel
crypto ipsec transform-set 3.133.193.97-44.211.111.125 esp-aes 256 esp-sha256-hmac
 mode tunnel
crypto ipsec transform-set 3.133.193.97-54.211.236.62 esp-aes 256 esp-sha256-hmac
 mode tunnel
crypto ipsec df-bit clear
!
crypto ipsec profile 3.12.79.152-44.211.111.125
 set security-association lifetime kilobytes disable
 set transform-set 3.12.79.152-44.211.111.125
 set pfs group14
 set isakmp-profile 3.12.79.152-44.211.111.125
!
crypto ipsec profile 3.12.79.152-54.211.236.62
 set security-association lifetime kilobytes disable
 set transform-set 3.12.79.152-54.211.236.62
 set pfs group14
 set isakmp-profile 3.12.79.152-54.211.236.62
!
crypto ipsec profile 3.133.193.97-44.211.111.125
 set security-association lifetime kilobytes disable
 set transform-set 3.133.193.97-44.211.111.125
 set pfs group14
 set isakmp-profile 3.133.193.97-44.211.111.125
!
crypto ipsec profile 3.133.193.97-54.211.236.62
 set security-association lifetime kilobytes disable
 set transform-set 3.133.193.97-54.211.236.62
 set pfs group14
 set isakmp-profile 3.133.193.97-54.211.236.62
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 192.168.88.88 255.255.255.0
!
interface Tunnel1
 ip address 169.254.87.137 255.255.255.252
 ip mtu 1436
 ip tcp adjust-mss 1387
 tunnel source 172.31.8.207
 tunnel mode ipsec ipv4
 tunnel destination 44.211.111.125
 tunnel protection ipsec profile 3.12.79.152-44.211.111.125
 ip virtual-reassembly
!
interface Tunnel2
 ip address 169.254.177.101 255.255.255.252
 ip mtu 1436
 ip tcp adjust-mss 1387
 tunnel source 172.31.8.207
 tunnel mode ipsec ipv4
 tunnel destination 54.211.236.62
 tunnel protection ipsec profile 3.12.79.152-54.211.236.62
 ip virtual-reassembly
!
interface Tunnel3
 ip address 169.254.39.157 255.255.255.252
 ip mtu 1436
 ip tcp adjust-mss 1387
 tunnel source 172.31.8.208
 tunnel mode ipsec ipv4
 tunnel destination 44.211.111.125
 tunnel protection ipsec profile 3.133.193.97-44.211.111.125
 ip virtual-reassembly
!
interface Tunnel4
 ip address 169.254.48.129 255.255.255.252
 ip mtu 1436
 ip tcp adjust-mss 1387
 tunnel source 172.31.8.208
 tunnel mode ipsec ipv4
 tunnel destination 54.211.236.62
 tunnel protection ipsec profile 3.133.193.97-54.211.236.62
 ip virtual-reassembly
!
interface VirtualPortGroup0
 vrf forwarding GS
 ip address 192.168.35.101 255.255.255.0
 ip nat inside
 no mop enabled
 no mop sysid
!
interface GigabitEthernet1
 ip address 172.31.8.208 255.255.0.0 secondary
 ip address 172.31.8.207 255.255.0.0
 ip nat outside
 negotiation auto
 no mop enabled
 no mop sysid
!
router bgp 65300
 bgp log-neighbor-changes
 neighbor 169.254.39.158 remote-as 65001
 neighbor 169.254.39.158 timers 60 180
 neighbor 169.254.48.130 remote-as 65001
 neighbor 169.254.48.130 timers 60 180
 neighbor 169.254.87.138 remote-as 65001
 neighbor 169.254.87.138 timers 60 180
 neighbor 169.254.177.102 remote-as 65001
 neighbor 169.254.177.102 timers 60 180
 !
 address-family ipv4
  redistribute connected
  neighbor 169.254.39.158 activate
  neighbor 169.254.39.158 soft-reconfiguration inbound
  neighbor 169.254.48.130 activate
  neighbor 169.254.48.130 soft-reconfiguration inbound
  neighbor 169.254.87.138 activate
  neighbor 169.254.87.138 soft-reconfiguration inbound
  neighbor 169.254.177.102 activate
  neighbor 169.254.177.102 soft-reconfiguration inbound
  maximum-paths 4
 exit-address-family
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.0.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.31.0.1 global
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
  username ec2-user
   key-hash ssh-rsa 20C9BED65AE747DCF528BBE6C77F2175 ec2-user
ip ssh server algorithm publickey ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-rsa x509v3-ecdsa-sha2-nistp256 x509v3-ecdsa-sha2-nistp384 x509v3-ecdsa-sha2-nistp521
ip scp server enable
!
ip access-list standard GS_NAT_ACL
 10 permit 192.168.35.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!