Configuration for two tunnels from TransitAGWs
!Username admin privilege level 15 password ave
crypto keyring mykey
pre-shared-key address 34.217.166.158 key aviatrix
pre-shared-key address 54.70.4.223 key aviatrix
!
! 34.217.166.158 is the public IP address of NV-TransitAGW1
! 54.70.4.223 is the public IP address of NV-TransitAGW2
crypto isakmp policy 1
encryption aes 256
authentication pre-share
hash sha256
group 14
lifetime 28800
!
crypto isakmp keepalive 10 3 periodic
!
crypto isakmp profile myprofile
keyring mykey
self-identity address
match identity address 34.217.166.158 255.255.255.255
match identity address 54.70.4.223 255.255.255.255
!
crypto ipsec transform-set myset esp-aes 256 esp-sha256-hmac
mode tunnel
crypto ipsec df-bit clear
!
crypto ipsec profile ipsec_profile
set security-association lifetime seconds 3600
set transform-set myset
set pfs group14
set isakmp-profile myprofile
!
!
interface Tunnel0
ip address 169.254.34.241 255.255.255.252
ip tcp adjust-mss 1387
!!!!!
tunnel source g1
!!!10.4.115.219is the local IP of this CSR
tunnel mode ipsec ipv4
tunnel destination 34.217.166.158
!!!34.217.166.158 is the public IP of the NV-TransitAW1
tunnel protection ipsec profile ipsec_profile
!
interface Tunnel1
ip address 169.254.247.241 255.255.255.252
ip tcp adjust-mss 1387
!!!!!
tunnel source g1
!!!10.4.115.219is the local IP of this CSR
tunnel mode ipsec ipv4
tunnel destination 54.70.4.223
!!!54.70.4.223 is the public IP of the NVTransitAGW2
tunnel protection ipsec profile ipsec_profile
!
router bgp 65014
bgp log-neighbor-changes
neighbor 169.254.34.242 remote-as 65013
neighbor 169.254.34.242 timers 10 30 30
neighbor 169.254.247.242 remote-as 65013
neighbor 169.254.247.242 timers 10 30 30
!
address-family ipv4
redistribute connected
neighbor 169.254.34.242 activate
neighbor 169.254.34.242 route-map ORDC2CSR1-TO-ORTransit out
neighbor 169.254.247.242 activate
neighbor 169.254.247.242 route-map ORDC2CSR1-TO-ORTransit out
exit-address-family
!
!
ip access-list standard 1
10 permit 10.201.0.0
!
!
route-map ORDC2CSR1-TO-ORTransit permit 10
match ip address 1
!
end