CES#show run 
! System Identity Configuration
ip address 10.213.0.254
ip name-server 0.0.0.0
! 
! System Lan Interface Configurations
! Interface on 0/1
interface FastEthernet 0/1
ip address 10.213.0.1 255.255.0.0
filter "deny all"
speed auto
no mac-pause
mac-pause threshold 0%
mac-pause ticks 0
exit
! Interface on 1/1
interface FastEthernet 1/1
ip address 192.70.106.213 255.255.255.192
no shutdown
filter "deny all"
public
speed auto
no mac-pause
mac-pause threshold 0%
mac-pause ticks 0
exit
! Routing Static Route Configuration
router static
ip default-network 192.70.106.254 public 1 enable
! Configure Services IPSEC
aaa authentication ipsec radius
ipsec authentication local username-password
ipsec authentication local rsa-sig
no ipsec authentication radius axent-defender
no ipsec authentication radius dynamic-securid
no ipsec authentication radius username-password
no ipsec encryption des56-md5
no ipsec encryption hmac-md5
no ipsec encryption md5
no ipsec encryption sha1
no ipsec encryption hmac-sha1
no ipsec encryption des40-md5
ipsec encryption 3des-sha1
no ipsec encryption des56-sha1
no ipsec encryption 3des-md5
no ipsec encryption des40-sha1
no ipsec encryption ike des56-group1
ipsec encryption ike 3des-group2
ipsec encryption ike 3des-group7
no ipsec load-balance
no ipsec nat-traversal
no ipsec fail-over host1
no ipsec fail-over host2
no ipsec fail-over host3
!
! Networks Configuration
!
network add "LOCAL" ip 10.213.0.0 mask 255.255.0.0
!
bo-group add "/Base/IPSEC 2001" 
! Enter connectivity mode for group "/Base/IPSEC 2001" 
bo-group connectivity "/Base/IPSEC 2001" 
default access-hours
priority call-admission highest
priority forwarding low
default idle-timeout
default forced-logoff
default nailed-up
default rsvp
default rsvp token-bucket depth
default rsvp token-bucket rate
default committed rate
default excess rate
default excess action
exit    
! Enter ipsec mode for group "/Base/IPSEC 2001" 
bo-group ipsec "/Base/IPSEC 2001" 
rekey timeout 01:00:00
default rekey data-count
no pfs
no compress
encryption 3des-sha1
encryption ike "3des-group2"
no vendor-id
default isakmp-retransmission interval
default isakmp-retransmission max-attempts
exit
! Enter ospf mode for group "/Base/IPSEC 2001" 
bo-group ospf "/Base/IPSEC 2001" 
default priority
default dead-interval
default hello-interval
default retransmit-interval
default transmit-delay
default authentication
exit
! Enter rip mode for group "/Base/IPSEC 2001" 
bo-group rip "/Base/IPSEC 2001" 
default send version
default receive version
default authentication
default import default-route
no export default-routes-metric
no export static-routes-metric
no export bo-static-routes-metric
no export ospf-routes-metric
default poison-reverse
exit
! Create Branch Office Connection "6WIND" in group "/Base/IPSEC 2001"
bo-conn add "6WIND" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "6WIND" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.196
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.196.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=6windgate, o=6wind sa, l=levallois, st=idf, c=fr"
! Exit Branch Office Connection configuration
exit
! Create Branch Office Connection "CISCO PIX" in group "/Base/IPSEC 2001"
bo-conn add "CISCO PIX" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "CISCO PIX" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.198
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.198.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=pix.ipsec2001.hsc.fr"
ipsec subject-alt-name "pix.ipsec2001.hsc.fr" type 2
! Exit Branch Office Connection configuration
exit
! Create Branch Office Connection "CISCO VPN 3000" in group "/Base/IPSEC 2001"
bo-conn add "CISCO VPN 3000" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "CISCO VPN 3000" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.199
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.199.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=vpn3000.ipsec2001.hsc.fr, o=hsc, l=levallois-perret, st=id
f, c=fr"
! Exit Branch Office Connection configuration
exit
! Create Branch Office Connection "CISCO_IOS" in group "/Base/IPSEC 2001"
bo-conn add "CISCO_IOS" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "CISCO_IOS" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.202
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.202.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=ios.ipsec2001.hsc.fr"
ipsec subject-alt-name "ios.ipsec2001.hsc.fr" type 2
exit
! Create Branch Office Connection "FREES/WAN" in group "/Base/IPSEC 2001"
bo-conn add "FREES/WAN" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "FREES/WAN" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.205
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.205.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=freeswan.ipsec2001.hsc.fr, o=zuercher hochschule winterthur, c=ch"
exit
! Create Branch Office Connection "NETASQ" in group "/Base/IPSEC 2001"
bo-conn add "NETASQ" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "NETASQ" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.207
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.207.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=ipsec, o=netasq, c=fr"
exit
! Create Branch Office Connection "NETCELO" in group "/Base/IPSEC 2001"
bo-conn add "NETCELO" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "NETCELO" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.201
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.201.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=netcelo.ipsec2001.hsc.fr"
ipsec subject-alt-name "netcelo.ipsec2001.hsc.fr" type 2
exit
! Create Branch Office Connection "NETSCREEN" in group "/Base/IPSEC 2001"
bo-conn add "NETSCREEN" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "NETSCREEN" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.209
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.209.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=netscreen.ipsec2001.hsc.fr"
ipsec subject-alt-name "netscreen.ipsec2001.hsc.fr" type 2
exit
! Create Branch Office Connection "OPEN BSD" in group "/Base/IPSEC 2001"
bo-conn add "OPEN BSD" "/Base/IPSEC 2001" conn-type peer2peer
bo-conn "OPEN BSD" "/Base/IPSEC 2001"
state enable
filter "permit all"
local-endpoint 192.70.106.213
remote-endpoint 192.70.106.200
routing type static
! Static Routing Configuration
routing static
local-network "LOCAL"
remote-network 10.200.0.0 mask 255.255.0.0 state enable cost 10
! Exit Static Routing configuration
exit
tunnel-type IPSEC
ipsec authentication certificates
ipsec issuer-ca "CN=operational CA, O=acme"
ipsec server-ca "CN=nortel.ipsec2001.hsc.fr, OU=Nortel, O=Contivity, C=fr"
ipsec subject-dn "cn=openbsd.ipsec2001.hsc.fr"
ipsec subject-alt-name "openbsd.ipsec2001.hsc.fr" type 2
exit