!
! Last configuration change at 00:29:49 UTC Wed Oct 9 2013 by sysadmin
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname oni819
!
boot-start-marker
boot system flash c800-universalk9-mz.SPA.153-2.T.bin
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local 
aaa authorization network default local 
aaa authorization network aaa-author-net local 
!
!
!
!
!
aaa session-id common
!
crypto pki trustpoint ontp
 enrollment terminal
 serial-number
 subject-name C=US,ST=TX,O=Oceus,CN=10.17.1.55
 crl cache none
 revocation-check none
 eckeypair ontp
 hash sha256
!
!
!
crypto pki certificate map certmap-c2s 10
 subject-name co 10
!
crypto pki certificate chain ontp
 certificate 03
  30820219 3082019E A0030201 02020103 300A0608 2A8648CE 3D040303 304F310B 
  30090603 55040613 02555331 0B300906 03550408 0C025458 310E300C 06035504 
  070C0550 6C616E6F 310E300C 06035504 0A0C054F 63657573 31133011 06035504 
  030C0A31 302E3137 2E312E35 31301E17 0D313331 30303332 33333835 315A170D 
  32333130 30313233 33383531 5A303F31 0B300906 03550406 13025553 310B3009 
  06035504 08130254 58310E30 0C060355 040A1305 4F636575 73311330 11060355 
  0403130A 31302E31 372E312E 35353059 30130607 2A8648CE 3D020106 082A8648 
  CE3D0301 07034200 04250F03 EDF16CEE C003A1F7 AB69E784 08345FF0 AF23B740 
  4D7880E4 4575B315 B78062D4 F8DD9648 E54038CB EF510DDC A7E0B950 8DE65038 
  F1762FBA 28DEFE32 79A37B30 79300906 03551D13 04023000 302C0609 60864801 
  86F84201 0D041F16 1D4F7065 6E53534C 2047656E 65726174 65642043 65727469 
  66696361 7465301D 0603551D 0E041604 143B8087 4FC7987C EC3BE0F5 DE6A7B4C 
  5EED5171 78301F06 03551D23 04183016 80147DE3 09BFBA5B 4C8647E1 ACD976F5 
  D2D443EA F60D300A 06082A86 48CE3D04 03030369 00306602 31009C65 76E3DB6A 
  621DC1AE 778B6CCA A73BD218 74EC8FDE 28922905 922A7481 85807D69 E99B9ECA 
  6B21569E 64B5E3E7 11640231 00F1377D D013B95F 0CCBD3C4 4BD7F193 F118AFBC 
  309579B6 07D43393 87C2AD26 4B556B79 8EEB42D9 0DC52597 F7084318 7B
  	quit
 certificate ca 00901332DEC64CD623
  30820223 308201A8 A0030201 02020900 901332DE C64CD623 300A0608 2A8648CE 
  3D040303 304F310B 30090603 55040613 02555331 0B300906 03550408 0C025458 
  310E300C 06035504 070C0550 6C616E6F 310E300C 06035504 0A0C054F 63657573 
  31133011 06035504 030C0A31 302E3137 2E312E35 31301E17 0D313331 30303332 
  32333630 385A170D 32333130 30313232 33363038 5A304F31 0B300906 03550406 
  13025553 310B3009 06035504 080C0254 58310E30 0C060355 04070C05 506C616E 
  6F310E30 0C060355 040A0C05 4F636575 73311330 11060355 04030C0A 31302E31 
  372E312E 35313076 30100607 2A8648CE 3D020106 052B8104 00220362 00042B6C 
  7C6C8CFE 7CC028F3 2CA50E40 F8FEFEF2 9F45C563 DA4B418C 2F00A4AF FC016E68 
  8BEC7652 5F47807D 28F900AF 636C7E79 5A02653E FF5AA8F4 7285DCFE 0AA8921E 
  0F106C16 A187F1A3 A9161D4B 04DAD07D C432D768 5359F744 759F0AD7 C19DA350 
  304E301D 0603551D 0E041604 147DE309 BFBA5B4C 8647E1AC D976F5D2 D443EAF6 
  0D301F06 03551D23 04183016 80147DE3 09BFBA5B 4C8647E1 ACD976F5 D2D443EA 
  F60D300C 0603551D 13040530 030101FF 300A0608 2A8648CE 3D040303 03690030 
  66023100 F74B35EB 897D138C 48378F9B 19EBA5BC 1D051F8E 82EEB9B8 69767898 
  3C3C296E 3276DA1C B743F1B3 FB7CB1D1 C3E6F6B4 023100C0 6B46706C E8968D4C 
  A0AEB03C 03A53CD1 C4100974 D237A3F1 D64A62ED 68B867AB DBD689E2 6373D177 
  6C56681E BB0BB7
  	quit
ip cef
!
!
!
!


!
!
!
!
no ip domain lookup
ip domain name oceusnetworks.com
no ipv6 cef
!
!
multilink bundle-name authenticated
chat-script lte "" "AT!CALL1" TIMEOUT 20 "OK"
chat-script ltereset "" "AT+CFUN=1,1" TIMEOUT 2 "OK"
license udi pid C819HG-4G-A-K9 sn FTX171480CL
!
!
username sysadmin privilege 15 secret 4 <removed>
!
crypto ikev2 authorization policy ikev2-auth-c2s 
 route set interface
 route set access-list c2s-traffic
!
crypto ikev2 proposal ikev2-prop-suiteb 
 encryption aes-cbc-256
 integrity sha384
 group 20
!
crypto ikev2 policy ikev2-pol1 
 match fvrf any
 proposal ikev2-prop-suiteb
!
!
crypto ikev2 profile c2s-Profile-certs
 match certificate certmap-c2s
 identity local dn 
 authentication remote ecdsa-sig
 authentication local ecdsa-sig
 pki trustpoint ontp
 aaa authorization group cert list aaa-author-list ikev2-auth-c2s
!
no crypto ikev2 diagnose error
no crypto ikev2 http-url cert
no crypto ikev2 certificate-cache
!
!
controller Cellular 0
!
ip ssh version 2
! 
!
!
crypto ipsec transform-set ESP-GCM256-SuiteB esp-gcm 256 
 mode tunnel
!
!
crypto ipsec profile ipsec-prof2-suiteb
 set transform-set ESP-GCM256-SuiteB 
 set ikev2-profile c2s-Profile-certs
!
!
!
!
!
!
interface Tunnel2
 ip address 10.240.3.5 255.255.255.252
 tunnel source Vlan2
 tunnel mode ipsec ipv4
 tunnel destination 10.17.1.52
 tunnel protection ipsec profile ipsec-prof2-suiteb
!
interface Tunnel3
 ip address 10.241.3.5 255.255.255.252
 shutdown
 tunnel source Vlan2
 tunnel mode ipsec ipv4
 tunnel destination 10.17.5.66
 tunnel protection ipsec profile ipsec-prof2-suiteb
!
interface Cellular0
 ip address negotiated
 encapsulation slip
 dialer in-band
 dialer idle-timeout 0
 dialer string lte
 dialer-group 1
 no peer default ip address
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 switchport access vlan 2
 no ip address
!
interface FastEthernet2
 switchport access vlan 3
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0
 no ip address
 shutdown
 clock rate 2000000
!
interface Vlan1
 ip address 172.17.26.1 255.255.255.0
!
interface Vlan2
 ip address 10.17.1.55 255.255.255.192
!
interface Vlan3
 ip address 10.17.12.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 1.2.3.4 255.255.255.255 Cellular0
ip route 10.10.0.0 255.255.255.0 10.17.1.49
ip route 10.10.4.0 255.255.255.0 10.17.1.49
ip route 10.17.5.66 255.255.255.255 10.17.1.49
ip route 10.17.5.67 255.255.255.255 Tunnel3
ip route 10.17.11.0 255.255.255.0 Tunnel2
ip route 172.30.30.0 255.255.255.0 10.17.1.49
!
ip access-list standard c2s-traffic
 permit 10.17.12.0 0.0.0.255
!
ip sla auto discovery
ip sla 1
 icmp-echo 1.2.3.4
 frequency 15
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line 3
 script dialer lte
 modem InOut
 no exec
 transport input all
 transport output all
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 transport input all
!
scheduler allocate 20000 1000
event manager environment EEM_ATTACH_SCRIPT_INTERVAL 200
event manager directory user policy "flash:/"
event manager policy LTEstatus.tcl
!
end