This lab example adds another key server for redundancy or what is referred to as "cooperative". The design name makes sense since both KS are working together, or cooperating. They basically have the same P1 and P2 policy configuration and share an RSA key. The RSA key can be manually exported and imported or leverage TFTP/FTP.
IOS15
IOSv15#show crypto key mypubkey rsa
% Key pair was generated at: 05:08:09 UTC Dec 9 2019
Key name: GETVPN
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00A03BD8 00D0B053 E710EBFB 1B9B3460 8F3A7427 E3A0A81B 2D08FA59 4138B25A
870548A4 5EEC5074 A82B0E73 921CF5B2 6AC05CF9 4112EC1A 26170D8E D277A37C
5016B70D 9FB81503 E28FDFC8 E644C2DF DA54B21F 96169643 6C398054 FA5941A4
6D3EFF43 27C25942 4F9B8B7D 4A371448 9E5A7105 F8AF1D5F 01C3838E DC61D4FA
25A0068B DB14E494 68E80937 2B15808F B913F63A C5549B69 59557793 5A36E712
0C11F0CF 18B1F8FF 013ABF99 9834A774 C5B09381 C8AF8F38 F991E961 2B6FC725
7CB614DD 1B4CD15A 3748BD52 A6A204E3 A1A6FF32 81338A71 383312EF D71F231A
27D2B95C 20D771DC 6EC6058A 118DCE7B 7FAE6C01 771D0473 8586D8CF 6D3B4C37
2D020301 0001
% Key pair was generated at: 22:10:58 UTC Dec 13 2019
Key name: GETVPN.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
IOSv15(config)#crypto key export rsa GETVPN pem terminal 3des cisco1234
% Key name: GETVPN
Usage: General Purpose Key
Key data:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDvYANCwU+cQ6/sbmzRg
jzp0J+OgqBstCPpZQTiyWocFSKRe7FB0qCsOc5Ic9bJqwFz5QRLsGiYXDY7Sd6N8
UBa3DZ+4FQPij9/I5kTC39pUsh+WFpZDbDmAVPpZQaRtPv9DJ8JZQk+bi31KNxRI
nlpxBfivHV8Bw4OO3GHU+iWgBovbFOSUaOgJNysVgI+5E/Y6xVSbaVlVd5NaNucS
DBHwzxix+P8BOr+ZmDSndMWwk4HIr484+ZHpYStvxyV8thTdG0zRWjdIvVKmogTj
oab/MoEzinE4MxLv1x8jGifSuVwg13HcbsYFihGNznt/rmwBdx0Ec4WG2M9tO0w3
LQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,94A552555A037C25
MyDrLzBU8k4ypceKLqz/o8sa5Ekj1x6R+dH8uCBHvLdzdCUSopXw79LeKagVrBZF
P3vocNuOmM9DNZ8klgX2rUZ0ft7DgrQRG8Ip3PUu00iZUaag3WGw+ZW05XdHBqVM
Xh49dp3rVMTr1pB6phLZHVQK4JbkluFnD140Gps18PZn3FX5iOhI6J4YBjc8OZtZ
5//c7j+b3ECDAEKhzVyj2QhzbfWW9PbPdrcMwV/MTgumAYBOPTo8gnmc51ngC/xl
tHVJtg/6H/iHvwjngAirAaNHPF5UPJC7n2RJXA7B/0+2m3mlklWJlEOEMkuC1fkK
+FBmPB3i9n/+6U1f1y1W8hArhBZ4oIfkGCI5boXhbrUMKXy23GxNKfOXszrZXOpU
oj6eEPOYoNNjQsY9aeg5cXYGVM6B+SJILASj/nvq+7YRPhlz2vuuikrcoTCg4QwF
TC8b2vYVmG6nJ2AwCfRZ4zwXX5m6Sy+qnqTJKuOVvLjKEIJtnqt0prf9eVW0z6pc
n7EgLRpJKbmB85HBHosEYXbFulqY/rgoQm5Fgb6RP38bh4a9Hg2z4jiexza35Q/O
ZpqgXBJj9coS2HQ+hmMhhYDro8rUOKvWoitcC2OTJUzgptKQIDwoRdmI1I/Veb2G
/ndLx6AoGRC78jXadzVNVrZSiy+gqZSv9Q/NEF3uLvAe28+swh1fyHVsULyHQ3x3
sdB/JAKFOhkh5jHO725RGf7OLvCjL87GtFO5wSiAleN5ag5fgFvRv8qLEIDl7eSM
C4XvEMPStoOsekouVwKijN54rrrwZq67jXGmcdrJP03jqhxLuk53H69xXht6ZQVR
bD/hctdR9edkKufFVZI2h7BQHVSiek7ONseKVeJAJHPbV4qQoFFTFNSATw6rvdK+
oEetGzXpJRKNM58ZPrfGO89U3GMtUdGcEC0goQVT1bG91TRx/yyxhMJIMrvvD5gF
dbx4vN6Pv6WB1U8pnGV6q8rzoflc/k+gKfUgqzLGw3/ded0hcdYJD+0GfZyfG9SM
LJk/RMTWpgoUjVbopWncXVEc3owLo94xmgPCRJe+Vlo4tf5LNKve7/bmO4UHLBGE
rsr30UYCaZncbP7hdPejaTiGvRcDvSS9FZDc8ZHIash5YIWEjHF+UYW+5P7/wztp
Fnu7UAd8ZHuuMQbRDwBpkPRbk59Zw9E5ZAzn4lB4VcNnWAn7AI6S2Y5lvr5v0lDa
UoQd1uhSWQKcoE0YlrVFQ2dyTk0In/RzvHPKapNaqJvVz65jiFbQi3UZ554SUMwc
RPA5TKevCS501S9ZvWKvMJOQmAekDtGeVa6TGclEEhy7JG3laMo7Dekc3vl2odyF
7B9VP5qO2qVfLIRXCHCZuDwTWDBNDuM6wf9TDmTZKroHuoM9kvZW5RBveYSHV3Vm
eLrGdHuAbKZhu8F1EH4cDbtLE6EhFZjMwg3O0WJ2RyUEEPqWdUVSnRk4F9pkk/p7
tswbi7p27u9jKXASHeNILpmIEA66zV2yFmO4yqfHsVZQgXf/A8doyWrAa6Odf5Et
pMUaveww5zX4caY40Wm/QI12l8+b4Wpi0EHkTc6cQe0PNp3SNAR+wg==
-----END RSA PRIVATE KEY-----
ip access-list extended GETVPN
deny udp any any eq 848
deny udp any eq 848 any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny udp any any eq snmp
deny udp any eq snmp any
permit ip any any
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key cisco address 0.0.0.0
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN
crypto gdoi group GETVPNGROUP
identity number 100
server local
rekey algorithm aes 128
rekey authentication mypubkey rsa GETVPN
rekey transport unicast
sa ipsec 10
profile DMVPN
match address ipv4 GETVPN
replay counter window-size 64
no tag
address ipv4 10.1.15.15
redundancy
local priority 255
peer address ipv4 10.1.14.14
crypto map GDOI 10 gdoi
set group GETVPNGROUP
IOSv14(config)#crypto key import rsa GETVPN terminal cisco1234
% Enter PEM-formatted public General Purpose key or certificate.
% End with a blank line or "quit" on a line by itself.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDvYANCwU+cQ6/sbmzRg
jzp0J+OgqBstCPpZQTiyWocFSKRe7FB0qCsOc5Ic9bJqwFz5QRLsGiYXDY7Sd6N8
UBa3DZ+4FQPij9/I5kTC39pUsh+WFpZDbDmAVPpZQaRtPv9DJ8JZQk+bi31KNxRI
nlpxBfivHV8Bw4OO3GHU+iWgBovbFOSUaOgJNysVgI+5E/Y6xVSbaVlVd5NaNucS
DBHwzxix+P8BOr+ZmDSndMWwk4HIr484+ZHpYStvxyV8thTdG0zRWjdIvVKmogTj
oab/MoEzinE4MxLv1x8jGifSuVwg13HcbsYFihGNznt/rmwBdx0Ec4WG2M9tO0w3
LQIDAQAB
-----END PUBLIC KEY-----
quit
% Enter PEM-formatted encrypted private General Purpose key.
% End with "quit" on a line by itself.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,94A552555A037C25
MyDrLzBU8k4ypceKLqz/o8sa5Ekj1x6R+dH8uCBHvLdzdCUSopXw79LeKagVrBZF
P3vocNuOmM9DNZ8klgX2rUZ0ft7DgrQRG8Ip3PUu00iZUaag3WGw+ZW05XdHBqVM
Xh49dp3rVMTr1pB6phLZHVQK4JbkluFnD140Gps18PZn3FX5iOhI6J4YBjc8OZtZ
5//c7j+b3ECDAEKhzVyj2QhzbfWW9PbPdrcMwV/MTgumAYBOPTo8gnmc51ngC/xl
tHVJtg/6H/iHvwjngAirAaNHPF5UPJC7n2RJXA7B/0+2m3mlklWJlEOEMkuC1fkK
+FBmPB3i9n/+6U1f1y1W8hArhBZ4oIfkGCI5boXhbrUMKXy23GxNKfOXszrZXOpU
oj6eEPOYoNNjQsY9aeg5cXYGVM6B+SJILASj/nvq+7YRPhlz2vuuikrcoTCg4QwF
TC8b2vYVmG6nJ2AwCfRZ4zwXX5m6Sy+qnqTJKuOVvLjKEIJtnqt0prf9eVW0z6pc
n7EgLRpJKbmB85HBHosEYXbFulqY/rgoQm5Fgb6RP38bh4a9Hg2z4jiexza35Q/O
ZpqgXBJj9coS2HQ+hmMhhYDro8rUOKvWoitcC2OTJUzgptKQIDwoRdmI1I/Veb2G
/ndLx6AoGRC78jXadzVNVrZSiy+gqZSv9Q/NEF3uLvAe28+swh1fyHVsULyHQ3x3
sdB/JAKFOhkh5jHO725RGf7OLvCjL87GtFO5wSiAleN5ag5fgFvRv8qLEIDl7eSM
C4XvEMPStoOsekouVwKijN54rrrwZq67jXGmcdrJP03jqhxLuk53H69xXht6ZQVR
bD/hctdR9edkKufFVZI2h7BQHVSiek7ONseKVeJAJHPbV4qQoFFTFNSATw6rvdK+
oEetGzXpJRKNM58ZPrfGO89U3GMtUdGcEC0goQVT1bG91TRx/yyxhMJIMrvvD5gF
dbx4vN6Pv6WB1U8pnGV6q8rzoflc/k+gKfUgqzLGw3/ded0hcdYJD+0GfZyfG9SM
LJk/RMTWpgoUjVbopWncXVEc3owLo94xmgPCRJe+Vlo4tf5LNKve7/bmO4UHLBGE
rsr30UYCaZncbP7hdPejaTiGvRcDvSS9FZDc8ZHIash5YIWEjHF+UYW+5P7/wztp
Fnu7UAd8ZHuuMQbRDwBpkPRbk59Zw9E5ZAzn4lB4VcNnWAn7AI6S2Y5lvr5v0lDa
UoQd1uhSWQKcoE0YlrVFQ2dyTk0In/RzvHPKapNaqJvVz65jiFbQi3UZ554SUMwc
RPA5TKevCS501S9ZvWKvMJOQmAekDtGeVa6TGclEEhy7JG3laMo7Dekc3vl2odyF
7B9VP5qO2qVfLIRXCHCZuDwTWDBNDuM6wf9TDmTZKroHuoM9kvZW5RBveYSHV3Vm
eLrGdHuAbKZhu8F1EH4cDbtLE6EhFZjMwg3O0WJ2RyUEEPqWdUVSnRk4F9pkk/p7
tswbi7p27u9jKXASHeNILpmIEA66zV2yFmO4yqfHsVZQgXf/A8doyWrAa6Odf5Et
pMUaveww5zX4caY40Wm/QI12l8+b4Wpi0EHkTc6cQe0PNp3SNAR+wg==
-----END RSA PRIVATE KEY-----
quit
% Key pair import succeeded.
%SSH-5-ENABLED: SSH 1.99 has been enabled
ip access-list extended GETVPN
deny udp any any eq 848
deny udp any eq 848 any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny udp any any eq snmp
deny udp any eq snmp any
permit ip any any
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server local
rekey algorithm aes 128
rekey authentication mypubkey rsa GETVPN
rekey transport unicast
sa ipsec 10
profile DMVPN
match address ipv4 GETVPN
replay counter window-size 64
no tag
address ipv4 10.1.14.14
redundancy
local priority 110
peer address ipv4 10.1.15.15
R3
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
crypto map GDOI 10 gdoi
set group GETVPNGROUP
crypto map GDOI
!
interface GigabitEthernet0/2
crypto map GDOI
CSR1
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR8
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR9
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR10
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet2
crypto map GDOI
IOS15
IOSv15#show crypto key mypubkey rsa
% Key pair was generated at: 05:08:09 UTC Dec 9 2019
Key name: GETVPN
Key type: RSA KEYS
Storage Device: not specified
Usage: General Purpose Key
Key is exportable.
Key Data:
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00A03BD8 00D0B053 E710EBFB 1B9B3460 8F3A7427 E3A0A81B 2D08FA59 4138B25A
870548A4 5EEC5074 A82B0E73 921CF5B2 6AC05CF9 4112EC1A 26170D8E D277A37C
5016B70D 9FB81503 E28FDFC8 E644C2DF DA54B21F 96169643 6C398054 FA5941A4
6D3EFF43 27C25942 4F9B8B7D 4A371448 9E5A7105 F8AF1D5F 01C3838E DC61D4FA
25A0068B DB14E494 68E80937 2B15808F B913F63A C5549B69 59557793 5A36E712
0C11F0CF 18B1F8FF 013ABF99 9834A774 C5B09381 C8AF8F38 F991E961 2B6FC725
7CB614DD 1B4CD15A 3748BD52 A6A204E3 A1A6FF32 81338A71 383312EF D71F231A
27D2B95C 20D771DC 6EC6058A 118DCE7B 7FAE6C01 771D0473 8586D8CF 6D3B4C37
2D020301 0001
% Key pair was generated at: 22:10:58 UTC Dec 13 2019
Key name: GETVPN.server
Key type: RSA KEYS
Temporary key
Usage: Encryption Key
IOSv15(config)#crypto key export rsa GETVPN pem terminal 3des cisco1234
% Key name: GETVPN
Usage: General Purpose Key
Key data:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDvYANCwU+cQ6/sbmzRg
jzp0J+OgqBstCPpZQTiyWocFSKRe7FB0qCsOc5Ic9bJqwFz5QRLsGiYXDY7Sd6N8
UBa3DZ+4FQPij9/I5kTC39pUsh+WFpZDbDmAVPpZQaRtPv9DJ8JZQk+bi31KNxRI
nlpxBfivHV8Bw4OO3GHU+iWgBovbFOSUaOgJNysVgI+5E/Y6xVSbaVlVd5NaNucS
DBHwzxix+P8BOr+ZmDSndMWwk4HIr484+ZHpYStvxyV8thTdG0zRWjdIvVKmogTj
oab/MoEzinE4MxLv1x8jGifSuVwg13HcbsYFihGNznt/rmwBdx0Ec4WG2M9tO0w3
LQIDAQAB
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,94A552555A037C25
MyDrLzBU8k4ypceKLqz/o8sa5Ekj1x6R+dH8uCBHvLdzdCUSopXw79LeKagVrBZF
P3vocNuOmM9DNZ8klgX2rUZ0ft7DgrQRG8Ip3PUu00iZUaag3WGw+ZW05XdHBqVM
Xh49dp3rVMTr1pB6phLZHVQK4JbkluFnD140Gps18PZn3FX5iOhI6J4YBjc8OZtZ
5//c7j+b3ECDAEKhzVyj2QhzbfWW9PbPdrcMwV/MTgumAYBOPTo8gnmc51ngC/xl
tHVJtg/6H/iHvwjngAirAaNHPF5UPJC7n2RJXA7B/0+2m3mlklWJlEOEMkuC1fkK
+FBmPB3i9n/+6U1f1y1W8hArhBZ4oIfkGCI5boXhbrUMKXy23GxNKfOXszrZXOpU
oj6eEPOYoNNjQsY9aeg5cXYGVM6B+SJILASj/nvq+7YRPhlz2vuuikrcoTCg4QwF
TC8b2vYVmG6nJ2AwCfRZ4zwXX5m6Sy+qnqTJKuOVvLjKEIJtnqt0prf9eVW0z6pc
n7EgLRpJKbmB85HBHosEYXbFulqY/rgoQm5Fgb6RP38bh4a9Hg2z4jiexza35Q/O
ZpqgXBJj9coS2HQ+hmMhhYDro8rUOKvWoitcC2OTJUzgptKQIDwoRdmI1I/Veb2G
/ndLx6AoGRC78jXadzVNVrZSiy+gqZSv9Q/NEF3uLvAe28+swh1fyHVsULyHQ3x3
sdB/JAKFOhkh5jHO725RGf7OLvCjL87GtFO5wSiAleN5ag5fgFvRv8qLEIDl7eSM
C4XvEMPStoOsekouVwKijN54rrrwZq67jXGmcdrJP03jqhxLuk53H69xXht6ZQVR
bD/hctdR9edkKufFVZI2h7BQHVSiek7ONseKVeJAJHPbV4qQoFFTFNSATw6rvdK+
oEetGzXpJRKNM58ZPrfGO89U3GMtUdGcEC0goQVT1bG91TRx/yyxhMJIMrvvD5gF
dbx4vN6Pv6WB1U8pnGV6q8rzoflc/k+gKfUgqzLGw3/ded0hcdYJD+0GfZyfG9SM
LJk/RMTWpgoUjVbopWncXVEc3owLo94xmgPCRJe+Vlo4tf5LNKve7/bmO4UHLBGE
rsr30UYCaZncbP7hdPejaTiGvRcDvSS9FZDc8ZHIash5YIWEjHF+UYW+5P7/wztp
Fnu7UAd8ZHuuMQbRDwBpkPRbk59Zw9E5ZAzn4lB4VcNnWAn7AI6S2Y5lvr5v0lDa
UoQd1uhSWQKcoE0YlrVFQ2dyTk0In/RzvHPKapNaqJvVz65jiFbQi3UZ554SUMwc
RPA5TKevCS501S9ZvWKvMJOQmAekDtGeVa6TGclEEhy7JG3laMo7Dekc3vl2odyF
7B9VP5qO2qVfLIRXCHCZuDwTWDBNDuM6wf9TDmTZKroHuoM9kvZW5RBveYSHV3Vm
eLrGdHuAbKZhu8F1EH4cDbtLE6EhFZjMwg3O0WJ2RyUEEPqWdUVSnRk4F9pkk/p7
tswbi7p27u9jKXASHeNILpmIEA66zV2yFmO4yqfHsVZQgXf/A8doyWrAa6Odf5Et
pMUaveww5zX4caY40Wm/QI12l8+b4Wpi0EHkTc6cQe0PNp3SNAR+wg==
-----END RSA PRIVATE KEY-----
ip access-list extended GETVPN
deny udp any any eq 848
deny udp any eq 848 any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny udp any any eq snmp
deny udp any eq snmp any
permit ip any any
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key cisco address 0.0.0.0
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
crypto ipsec profile DMVPN
set transform-set DMVPN
crypto gdoi group GETVPNGROUP
identity number 100
server local
rekey algorithm aes 128
rekey authentication mypubkey rsa GETVPN
rekey transport unicast
sa ipsec 10
profile DMVPN
match address ipv4 GETVPN
replay counter window-size 64
no tag
address ipv4 10.1.15.15
redundancy
local priority 255
peer address ipv4 10.1.14.14
crypto map GDOI 10 gdoi
set group GETVPNGROUP
IOSv14(config)#crypto key import rsa GETVPN terminal cisco1234
% Enter PEM-formatted public General Purpose key or certificate.
% End with a blank line or "quit" on a line by itself.
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDvYANCwU+cQ6/sbmzRg
jzp0J+OgqBstCPpZQTiyWocFSKRe7FB0qCsOc5Ic9bJqwFz5QRLsGiYXDY7Sd6N8
UBa3DZ+4FQPij9/I5kTC39pUsh+WFpZDbDmAVPpZQaRtPv9DJ8JZQk+bi31KNxRI
nlpxBfivHV8Bw4OO3GHU+iWgBovbFOSUaOgJNysVgI+5E/Y6xVSbaVlVd5NaNucS
DBHwzxix+P8BOr+ZmDSndMWwk4HIr484+ZHpYStvxyV8thTdG0zRWjdIvVKmogTj
oab/MoEzinE4MxLv1x8jGifSuVwg13HcbsYFihGNznt/rmwBdx0Ec4WG2M9tO0w3
LQIDAQAB
-----END PUBLIC KEY-----
quit
% Enter PEM-formatted encrypted private General Purpose key.
% End with "quit" on a line by itself.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,94A552555A037C25
MyDrLzBU8k4ypceKLqz/o8sa5Ekj1x6R+dH8uCBHvLdzdCUSopXw79LeKagVrBZF
P3vocNuOmM9DNZ8klgX2rUZ0ft7DgrQRG8Ip3PUu00iZUaag3WGw+ZW05XdHBqVM
Xh49dp3rVMTr1pB6phLZHVQK4JbkluFnD140Gps18PZn3FX5iOhI6J4YBjc8OZtZ
5//c7j+b3ECDAEKhzVyj2QhzbfWW9PbPdrcMwV/MTgumAYBOPTo8gnmc51ngC/xl
tHVJtg/6H/iHvwjngAirAaNHPF5UPJC7n2RJXA7B/0+2m3mlklWJlEOEMkuC1fkK
+FBmPB3i9n/+6U1f1y1W8hArhBZ4oIfkGCI5boXhbrUMKXy23GxNKfOXszrZXOpU
oj6eEPOYoNNjQsY9aeg5cXYGVM6B+SJILASj/nvq+7YRPhlz2vuuikrcoTCg4QwF
TC8b2vYVmG6nJ2AwCfRZ4zwXX5m6Sy+qnqTJKuOVvLjKEIJtnqt0prf9eVW0z6pc
n7EgLRpJKbmB85HBHosEYXbFulqY/rgoQm5Fgb6RP38bh4a9Hg2z4jiexza35Q/O
ZpqgXBJj9coS2HQ+hmMhhYDro8rUOKvWoitcC2OTJUzgptKQIDwoRdmI1I/Veb2G
/ndLx6AoGRC78jXadzVNVrZSiy+gqZSv9Q/NEF3uLvAe28+swh1fyHVsULyHQ3x3
sdB/JAKFOhkh5jHO725RGf7OLvCjL87GtFO5wSiAleN5ag5fgFvRv8qLEIDl7eSM
C4XvEMPStoOsekouVwKijN54rrrwZq67jXGmcdrJP03jqhxLuk53H69xXht6ZQVR
bD/hctdR9edkKufFVZI2h7BQHVSiek7ONseKVeJAJHPbV4qQoFFTFNSATw6rvdK+
oEetGzXpJRKNM58ZPrfGO89U3GMtUdGcEC0goQVT1bG91TRx/yyxhMJIMrvvD5gF
dbx4vN6Pv6WB1U8pnGV6q8rzoflc/k+gKfUgqzLGw3/ded0hcdYJD+0GfZyfG9SM
LJk/RMTWpgoUjVbopWncXVEc3owLo94xmgPCRJe+Vlo4tf5LNKve7/bmO4UHLBGE
rsr30UYCaZncbP7hdPejaTiGvRcDvSS9FZDc8ZHIash5YIWEjHF+UYW+5P7/wztp
Fnu7UAd8ZHuuMQbRDwBpkPRbk59Zw9E5ZAzn4lB4VcNnWAn7AI6S2Y5lvr5v0lDa
UoQd1uhSWQKcoE0YlrVFQ2dyTk0In/RzvHPKapNaqJvVz65jiFbQi3UZ554SUMwc
RPA5TKevCS501S9ZvWKvMJOQmAekDtGeVa6TGclEEhy7JG3laMo7Dekc3vl2odyF
7B9VP5qO2qVfLIRXCHCZuDwTWDBNDuM6wf9TDmTZKroHuoM9kvZW5RBveYSHV3Vm
eLrGdHuAbKZhu8F1EH4cDbtLE6EhFZjMwg3O0WJ2RyUEEPqWdUVSnRk4F9pkk/p7
tswbi7p27u9jKXASHeNILpmIEA66zV2yFmO4yqfHsVZQgXf/A8doyWrAa6Odf5Et
pMUaveww5zX4caY40Wm/QI12l8+b4Wpi0EHkTc6cQe0PNp3SNAR+wg==
-----END RSA PRIVATE KEY-----
quit
% Key pair import succeeded.
%SSH-5-ENABLED: SSH 1.99 has been enabled
ip access-list extended GETVPN
deny udp any any eq 848
deny udp any eq 848 any
deny tcp any any eq bgp
deny tcp any eq bgp any
deny udp any any eq snmp
deny udp any eq snmp any
permit ip any any
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server local
rekey algorithm aes 128
rekey authentication mypubkey rsa GETVPN
rekey transport unicast
sa ipsec 10
profile DMVPN
match address ipv4 GETVPN
replay counter window-size 64
no tag
address ipv4 10.1.14.14
redundancy
local priority 110
peer address ipv4 10.1.15.15
R3
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
crypto map GDOI 10 gdoi
set group GETVPNGROUP
crypto map GDOI
!
interface GigabitEthernet0/2
crypto map GDOI
CSR1
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR8
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR9
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet3
crypto map GDOI
CSR10
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
!
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set DMVPN esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN
!
crypto gdoi group GETVPNGROUP
identity number 100
server address ipv4 15.15.15.15
server address ipv4 14.14.14.14
!
crypto map GDOI 10 gdoi
set group GETVPNGROUP
!
interface GigabitEthernet2
crypto map GDOI