Current configuration : 5230 bytes ! ! Last configuration change at 15:42:56 UTC Fri Feb 25 2022 ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SERVER ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! aaa authorization network default local ! ! ! ! ! aaa session-id common ethernet lmi ce ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! redundancy ! ! ! ! crypto ikev2 authorization policy FlexVPNIKEPOL pool FlexVPNPool route set access-list ServerNetwork ! ! ! crypto ikev2 keyring KR peer client1 identity fqdn client1.domain.com pre-shared-key local ServerToClient1Key pre-shared-key remote Client1Key ! peer client2 identity fqdn client2.domain.com pre-shared-key local ServerToClient2Key pre-shared-key remote Client2Key ! ! ! crypto ikev2 profile ikev2-profile match identity remote fqdn client1.domain.com authentication local pre-share authentication remote pre-share keyring local KR aaa authorization group psk list default FlexVPNIKEPOL virtual-template 1 ! crypto ikev2 profile ikev2-profile-client2 match identity remote fqdn client2.domain.com authentication local pre-share authentication remote pre-share keyring local KR aaa authorization group psk list default FlexVPNIKEPOL virtual-template 2 ! ! ! crypto ipsec transform-set transform1 esp-aes mode tunnel ! ! crypto ipsec profile ipsec-profile set transform-set transform1 set ikev2-profile ikev2-profile ! crypto ipsec profile ipsec-profile-client2 set transform-set transform1 set ikev2-profile ikev2-profile-client2 ! ! ! ! ! ! interface Loopback0 ip address 10.10.11.1 255.255.255.255 ! interface GigabitEthernet0/0 ip address 172.16.0.3 255.255.255.0 duplex full speed 100 media-type rj45 ! interface GigabitEthernet0/1 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/3 no ip address shutdown duplex auto speed auto media-type rj45 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 ip access-group Client1-ACL out tunnel mode ipsec ipv4 tunnel destination dynamic tunnel protection ipsec profile ipsec-profile ! interface Virtual-Template2 type tunnel ip unnumbered Loopback0 ip access-group Client2-ACL out tunnel mode ipsec ipv4 tunnel destination dynamic tunnel protection ipsec profile ipsec-profile-client2 ! ip local pool FlexVPNPool 10.10.10.1 10.10.10.254 recycle delay 60 ip forward-protocol nd ! ! no ip http server no ip http secure-server ! ip access-list standard ServerNetwork permit 10.0.0.0 0.0.0.255 ! ip access-list extended Client1-ACL permit icmp host 10.0.0.3 192.168.1.0 0.0.0.255 echo permit icmp host 192.168.1.0 0.0.0.252 10.0.0.3 echo-reply permit tcp host 10.0.0.3 192.168.1.0 0.0.0.255 eq 22 deny ip any any ip access-list extended Client2-ACL permit icmp host 10.0.0.3 192.168.2.0 0.0.0.255 echo permit icmp host 192.168.2.0 0.0.0.252 10.0.0.3 echo-reply permit tcp host 10.0.0.3 192.168.2.0 0.0.0.255 eq 22 deny ip any any ! ! ! ! ! ! control-plane ! banner exec ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner incoming ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C banner login ^C ************************************************************************** * IOSv is strictly limited to use for evaluation, demonstration and IOS * * education. IOSv is provided as-is and is not supported by Cisco's * * Technical Advisory Center. Any use or disclosure, in whole or in part, * * of the IOSv Software or Documentation to any third party for any * * purposes is expressly prohibited except as otherwise authorized by * * Cisco in writing. * **************************************************************************^C ! line con 0 line aux 0 line vty 0 4 transport input none ! no scheduler allocate ! end