Spoke1 (Dynamic Crypto Map)

Spoke1:
conf t
!
crypto isakmp policy 10
encryption aes
hash sha256
authentication pre-share
group 14
!
crypto isakmp key cisco address 172.16.1.1
!
crypto ipsec transform-set TRANS esp-aes esp-sha256-hmac
mode tunnel
!
crypto map IPSEC 10 ipsec-isakmp
set peer 172.16.1.1
set transform-set TRANS
match address 101
!
interface ethernet 0/0
ip address 192.168.2.254 255.255.255.0
no shutdown
!
interface ethernet 1/1
ip address 172.16.2.1 255.255.255.0
crypto map IPSEC
no shutdown
!
interface loopback 0
ip address 20.20.20.20 255.255.255.255
!
router ospf 1
router-id 20.20.20.20
network 172.16.2.1 0.0.0.0 area 0
network 192.168.2.254 0.0.0.0 area 0
default-information originate
!
router bgp 200
bgp router-id 20.20.20.20
neighbor 172.16.2.254 remote-as 500
network 172.16.2.0 mask 255.255.255.0
!
ip access-list extended 101
10 permit ip 172.16.2.0 0.0.0.255 host 192.168.1.1
20 permit ip host 2.2.2.2 host 1.1.1.1
!
end