From 053754ec4ee65835035988245582e8ec33f4ab49 Mon Sep 17 00:00:00 2001
From: Darnell Keith <darnell@naxslabs.com>
Date: Fri, 4 Jul 2025 14:58:09 -0400
Subject: [PATCH] pushing device configs

---
 capture-esp.png => Images/capture-esp.png     | Bin
 .../capture-site-a-to-b-reachability.png      | Bin
 .../site-a-cryptomap.png                      | Bin
 .../site-a-host-icmp.png                      | Bin
 .../site-a-isakmp-1.png                       | Bin
 .../site-a-to-b-reachability.png              | Bin
 .../site-a-transformset.png                   | Bin
 .../site-a-tunnel-acl.png                     | Bin
 topology.png => Images/topology.png           | Bin
 isp1                                          | 128 +++++++++++++++
 isp2                                          | 131 ++++++++++++++++
 site-a                                        | 146 ++++++++++++++++++
 site-a-sw1                                    |  91 +++++++++++
 site-b                                        | 142 +++++++++++++++++
 site-b-sw1                                    |  91 +++++++++++
 15 files changed, 729 insertions(+)
 rename capture-esp.png => Images/capture-esp.png (100%)
 rename capture-site-a-to-b-reachability.png => Images/capture-site-a-to-b-reachability.png (100%)
 rename site-a-cryptomap.png => Images/site-a-cryptomap.png (100%)
 rename site-a-host-icmp.png => Images/site-a-host-icmp.png (100%)
 rename site-a-isakmp-1.png => Images/site-a-isakmp-1.png (100%)
 rename site-a-to-b-reachability.png => Images/site-a-to-b-reachability.png (100%)
 rename site-a-transformset.png => Images/site-a-transformset.png (100%)
 rename site-a-tunnel-acl.png => Images/site-a-tunnel-acl.png (100%)
 rename topology.png => Images/topology.png (100%)
 create mode 100644 isp1
 create mode 100644 isp2
 create mode 100644 site-a
 create mode 100644 site-a-sw1
 create mode 100644 site-b
 create mode 100644 site-b-sw1

diff --git a/capture-esp.png b/Images/capture-esp.png
similarity index 100%
rename from capture-esp.png
rename to Images/capture-esp.png
diff --git a/capture-site-a-to-b-reachability.png b/Images/capture-site-a-to-b-reachability.png
similarity index 100%
rename from capture-site-a-to-b-reachability.png
rename to Images/capture-site-a-to-b-reachability.png
diff --git a/site-a-cryptomap.png b/Images/site-a-cryptomap.png
similarity index 100%
rename from site-a-cryptomap.png
rename to Images/site-a-cryptomap.png
diff --git a/site-a-host-icmp.png b/Images/site-a-host-icmp.png
similarity index 100%
rename from site-a-host-icmp.png
rename to Images/site-a-host-icmp.png
diff --git a/site-a-isakmp-1.png b/Images/site-a-isakmp-1.png
similarity index 100%
rename from site-a-isakmp-1.png
rename to Images/site-a-isakmp-1.png
diff --git a/site-a-to-b-reachability.png b/Images/site-a-to-b-reachability.png
similarity index 100%
rename from site-a-to-b-reachability.png
rename to Images/site-a-to-b-reachability.png
diff --git a/site-a-transformset.png b/Images/site-a-transformset.png
similarity index 100%
rename from site-a-transformset.png
rename to Images/site-a-transformset.png
diff --git a/site-a-tunnel-acl.png b/Images/site-a-tunnel-acl.png
similarity index 100%
rename from site-a-tunnel-acl.png
rename to Images/site-a-tunnel-acl.png
diff --git a/topology.png b/Images/topology.png
similarity index 100%
rename from topology.png
rename to Images/topology.png
diff --git a/isp1 b/isp1
new file mode 100644
index 0000000..faeca73
--- /dev/null
+++ b/isp1
@@ -0,0 +1,128 @@
+version 15.7
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname ISP1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+!
+!
+!
+mmi polling-interval 60
+no mmi auto-configure
+no mmi pvc
+mmi snmp-timeout 180
+!         
+!
+!
+!
+!
+no ip icmp rate-limit unreachable
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+
+
+!
+!
+!
+!
+no ip domain lookup
+ip cef    
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+redundancy
+!
+no cdp log mismatch duplex
+!
+ip tcp synwait-time 5
+! 
+!
+!
+!
+!         
+!
+!
+!
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ ip address 11.0.32.10 255.255.255.0
+ duplex auto
+!
+interface Ethernet0/1
+ ip address 203.0.113.2 255.255.255.252
+ duplex auto
+!
+interface Ethernet0/2
+ no ip address
+ duplex auto
+!
+interface Ethernet0/3
+ no ip address
+ duplex auto
+!
+router ospf 1
+ network 11.0.32.0 0.0.0.255 area 0
+ network 203.0.113.0 0.0.0.3 area 0
+!
+ip forward-protocol nd
+!
+!
+no ip http server
+no ip http secure-server
+!
+ipv6 ioam timestamp
+!
+!
+!
+control-plane
+!
+!
+!
+!
+!
+!
+!         
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+ transport input none
+!
+!
+end
diff --git a/isp2 b/isp2
new file mode 100644
index 0000000..7406c18
--- /dev/null
+++ b/isp2
@@ -0,0 +1,131 @@
+version 15.7
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname ISP2
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+!
+!
+!
+mmi polling-interval 60
+no mmi auto-configure
+no mmi pvc
+mmi snmp-timeout 180
+!         
+!
+!
+!
+!
+no ip icmp rate-limit unreachable
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+
+
+!
+!
+!
+!
+no ip domain lookup
+ip cef    
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!
+!
+!
+!
+!
+!
+redundancy
+!
+no cdp log mismatch duplex
+!
+ip tcp synwait-time 5
+! 
+!
+!
+!
+!         
+!
+!
+!
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ ip address 203.0.114.2 255.255.255.252
+ duplex auto
+!
+interface Ethernet0/1
+ ip address 11.0.32.11 255.255.255.0
+ duplex auto
+!
+interface Ethernet0/2
+ no ip address
+ duplex auto
+!
+interface Ethernet0/3
+ no ip address
+ duplex auto
+!
+router ospf 1
+ network 11.0.32.0 0.0.0.255 area 0
+ network 203.0.114.0 0.0.0.3 area 0
+!
+ip forward-protocol nd
+!
+!
+no ip http server
+no ip http secure-server
+ip route 192.168.10.0 255.255.255.0 11.0.32.10
+!
+ipv6 ioam timestamp
+!
+!
+!
+control-plane
+!
+!
+!
+!
+!
+!         
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+ transport input none
+!
+!
+end
+
+
diff --git a/site-a b/site-a
new file mode 100644
index 0000000..7f7024f
--- /dev/null
+++ b/site-a
@@ -0,0 +1,146 @@
+version 15.2
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname SITE-A
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+mmi polling-interval 60
+no mmi auto-configure
+no mmi pvc
+mmi snmp-timeout 180
+no ip icmp rate-limit unreachable
+!
+!         
+!
+!
+
+
+!
+ip dhcp excluded-address 192.168.10.1 192.168.10.9
+!
+ip dhcp pool PCI-Compliant
+ network 192.168.10.0 255.255.255.0
+ default-router 192.168.10.254 
+!
+!
+!
+no ip domain lookup
+no ip cef
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!         
+!
+!
+!
+!
+redundancy
+!
+!
+ip tcp synwait-time 5
+! 
+!
+!
+!
+!
+crypto isakmp policy 1
+ encr aes
+ hash sha256
+ authentication pre-share
+ group 2
+crypto isakmp key NAXSLABS address 203.0.114.1    
+!
+!
+crypto ipsec transform-set NAXSLABSTS esp-aes esp-sha256-hmac 
+ mode tunnel
+!
+!
+!
+crypto map NAXSLABSCM 10 ipsec-isakmp 
+ set peer 203.0.114.1
+ set transform-set NAXSLABSTS 
+ match address NAXSLABSVPN-ACL
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ no ip address
+!
+interface Ethernet0/0.10
+ encapsulation dot1Q 10
+ ip address 192.168.10.254 255.255.255.0
+ ip nat inside
+ ip virtual-reassembly in
+!
+interface Ethernet0/1
+ ip address 203.0.113.1 255.255.255.252
+ ip nat outside
+ ip virtual-reassembly in
+ crypto map NAXSLABSCM
+!
+interface Ethernet0/2
+ no ip address
+!
+interface Ethernet0/3
+ no ip address
+!
+router ospf 1
+ network 192.168.10.0 0.0.0.255 area 0
+ network 203.0.113.0 0.0.0.3 area 0
+ default-information originate
+!
+ip forward-protocol nd
+!
+!
+no ip http server
+no ip http secure-server
+ip nat inside source list NAXSLABSNAT interface Ethernet0/1 overload
+ip route 192.168.20.0 255.255.255.0 203.0.113.2
+!         
+ip access-list extended NAXSLABSNAT
+ deny   ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
+ permit ip 192.168.10.0 0.0.0.255 any
+ip access-list extended NAXSLABSVPN-ACL
+ permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
+!
+no cdp log mismatch duplex
+!
+!
+!
+control-plane
+!
+!
+!
+!
+!
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+ transport input all
+!
+!
+end
+
+
diff --git a/site-a-sw1 b/site-a-sw1
new file mode 100644
index 0000000..e4df7eb
--- /dev/null
+++ b/site-a-sw1
@@ -0,0 +1,91 @@
+version 15.2
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+service compress-config
+!
+hostname SW1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+!
+!
+!
+!
+!         
+no ipv6 cef
+!
+!
+!
+!
+no ip icmp rate-limit unreachable
+!
+no ip domain-lookup
+!
+!
+ip cef
+!
+!
+!
+spanning-tree mode pvst
+spanning-tree extend system-id
+!
+!
+! 
+!
+!
+!
+!         
+!
+!
+!
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ switchport trunk encapsulation dot1q
+ switchport mode trunk
+!
+interface Ethernet0/1
+ switchport access vlan 10
+ switchport mode access
+!
+interface Ethernet0/2
+!
+interface Ethernet0/3
+!
+ip forward-protocol nd
+!
+ip tcp synwait-time 5
+no ip http server
+ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
+ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
+!
+!
+!
+!
+!
+!
+control-plane
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+!         
+!
+!
+end
diff --git a/site-b b/site-b
new file mode 100644
index 0000000..abbc0ab
--- /dev/null
+++ b/site-b
@@ -0,0 +1,142 @@
+version 15.2
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname R2
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+mmi polling-interval 60
+no mmi auto-configure
+no mmi pvc
+mmi snmp-timeout 180
+no ip icmp rate-limit unreachable
+!
+!         
+!
+!
+
+
+!
+ip dhcp excluded-address 192.168.20.1 192.168.20.19
+!
+ip dhcp pool PCI-Compliant
+ network 192.168.20.0 255.255.255.0
+ default-router 192.168.20.254 
+!
+!
+!
+no ip domain lookup
+no ip cef
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+!
+!
+!
+!         
+!
+!
+!
+!
+redundancy
+!
+!
+ip tcp synwait-time 5
+! 
+!
+!
+!
+!
+crypto isakmp policy 1
+ encr aes
+ hash sha256
+ authentication pre-share
+ group 2
+crypto isakmp key NAXSLABS address 203.0.113.1    
+!
+!
+crypto ipsec transform-set NAXSLABSTS esp-aes esp-sha256-hmac 
+ mode tunnel
+!
+!
+!
+crypto map NAXSLABSCM 10 ipsec-isakmp 
+ set peer 203.0.113.1
+ set transform-set NAXSLABSTS 
+ match address NAXSLABSVPN-ACL
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ no ip address
+!
+interface Ethernet0/0.20
+ encapsulation dot1Q 20
+ ip address 192.168.20.254 255.255.255.0
+ ip nat inside
+ ip virtual-reassembly in
+!
+interface Ethernet0/1
+ ip address 203.0.114.1 255.255.255.252
+ ip nat outside
+ ip virtual-reassembly in
+ crypto map NAXSLABSCM
+!
+interface Ethernet0/2
+ no ip address
+!
+interface Ethernet0/3
+ no ip address
+!
+router ospf 1
+ network 192.168.20.0 0.0.0.255 area 0
+ network 203.0.114.0 0.0.0.3 area 0
+ default-information originate
+!
+ip forward-protocol nd
+!
+!
+no ip http server
+no ip http secure-server
+!
+ip access-list extended NAXSLABSNAT
+ deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
+ permit ip 192.168.20.0 0.0.0.255 any
+ip access-list extended NAXSLABSVPN-ACL
+ permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
+!
+no cdp log mismatch duplex
+!
+!
+!
+control-plane
+!
+!
+!
+!
+!
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+ transport input all
+!
+!
+end
diff --git a/site-b-sw1 b/site-b-sw1
new file mode 100644
index 0000000..233d010
--- /dev/null
+++ b/site-b-sw1
@@ -0,0 +1,91 @@
+version 15.2
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+service compress-config
+!
+hostname SW2
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+!
+!
+!
+!
+!         
+no ipv6 cef
+!
+!
+!
+!
+no ip icmp rate-limit unreachable
+!
+no ip domain-lookup
+!
+!
+ip cef
+!
+!
+!
+spanning-tree mode pvst
+spanning-tree extend system-id
+!
+!
+! 
+!
+!
+!
+!         
+!
+!
+!
+!
+!
+!
+!
+!
+interface Ethernet0/0
+ switchport trunk encapsulation dot1q
+ switchport mode trunk
+!
+interface Ethernet0/1
+ switchport access vlan 20
+ switchport mode access
+!
+interface Ethernet0/2
+!
+interface Ethernet0/3
+!
+ip forward-protocol nd
+!
+ip tcp synwait-time 5
+no ip http server
+ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
+ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
+!
+!
+!
+!
+!
+!
+control-plane
+!
+!
+line con 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line aux 0
+ exec-timeout 0 0
+ privilege level 15
+ logging synchronous
+line vty 0 4
+ login
+!         
+!
+!
+end