
!
!
crypto isakmp policy 10
 encr aes 256
 hash sha512
 authentication pre-share
 group 2
 lifetime 86399
crypto isakmp key $kyBand@!POS address 192.168.1.1
!
!
crypto ipsec transform-set SKYPOS-MOB-BH esp-aes esp-sha512-hmac
 mode transport
!
!
!
crypto map GDC-MOBBH local-address Loopback0
crypto map GDC-MOBBH 10 ipsec-isakmp
 set peer 192.168.1.1
 set transform-set SKYPOS-MOB-BH
 match address SB-POS-TRAFFIC
!
!
!
!
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
 ip address 192.168.100.2 255.255.255.252
 ip mtu 1440
 keepalive 5 3
 tunnel source Loopback0
 tunnel destination 192.168.1.1
 crypto map GDC-MOBBH
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ### Conencted to GDC-COREL2-SW00 - Gi1/0/13 ###
 ip address 10.0.9.194 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 standby 30 ip 10.0.9.193
 standby 30 priority 110
 standby 30 preempt
 duplex full
 speed 100
 no lldp transmit
 no lldp receive
 no mop enabled
!
interface GigabitEthernet0/1
 description ### Connected to GDC-COREL2-SW00 - Gi1/0/1 ###
 ip address 10.0.9.146 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 standby 20 ip 10.0.9.145
 standby 20 priority 110
 standby 20 preempt
 standby 20 track 4 decrement 10
 load-interval 30
 duplex full
 speed 100
 no lldp transmit
 no lldp receive
 no mop enabled
!
interface GigabitEthernet0/0/0
 description ### Connected to Mobile Backhaul ###
 ip address 172.31.2.130 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no lldp transmit
 no lldp receive
 no mop enabled
!
!
router eigrp 10
 network 10.0.9.144 0.0.0.15
 network 10.0.9.192 0.0.0.31
 network 192.168.100.0 0.0.0.3
 redistribute static
 no eigrp log-neighbor-changes
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 10.0.9.128 255.255.255.240 10.0.9.148 name TOWARDS-FW-IN
ip route 10.158.150.192 255.255.255.192 10.0.9.148
ip route 192.168.1.0 255.255.255.0 172.31.2.129 name LOOPBACK-ROUTE

!

ip access-list extended SB-POS-TRAFFIC 
 permit gre host 192.168.2.1 host 192.168.1.1
 permit ip 10.0.9.128 0.0.0.127 any
 permit ip 10.158.150.192 0.0.0.63 any