captnops
IS-IT--Management
- Feb 12, 2003
- 141
I have a 2811 at my primary location that connects to the internet via T1. Additionally, the 2811 also connects to my remote office via a frame relay split PVC.
The data on one part of the PVC gets to the offsite location, but the internet circuit does not. I am unable to ping or trace the far end. I will post both sanitized configs:
Primary Location Running Config
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
card type t1 0 1
card type t1 0 3
logging buffered 4096 debugging
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate wic 1
no network-clock-participate wic 3
!
!
ip cef
!
!
ip inspect audit-trail
ip inspect dns-timeout 200
ip inspect name fw cuseeme timeout 3600
ip inspect name fw rcmd timeout 3600
ip inspect name fw realaudio timeout 3600
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 15
ip inspect name fw tcp timeout 3600
ip inspect name fw ftp timeout 3600
ip inspect name fw h323
ip inspect name fw vdolive
ip inspect name fw netshow
ip inspect name fw rtsp
ip inspect name fw sqlnet
ip inspect name fw streamworks
ip inspect name fw http urlfilter
no ip ips sdf builtin
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
no ip ips notify log
vpdn-template
!
!
frame-relay switching
!
voice-card 0
no dspfarm
!
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key $GhDsI$ address 199.41.253.14 no-xauth
!
crypto isakmp client configuration group GHDSIVPN
key global2world
dns 10.10.10.4
domain GHDSI.COM
pool ippoool
acl 115
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 5 ipsec-isakmp
set peer 199.41.253.14
set transform-set myset
match address 125
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Null0
no ip unreachables
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
ip virtual-reassembly
!
interface Loopback3
ip address 72.166.69.35 255.255.255.255
ip virtual-reassembly
!
interface Loopback4
no ip address
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip policy route-map static
duplex full
speed 100
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 204.17.65.226 255.255.255.248
ip access-group 111 in
ip flow ingress
ip flow egress
ip nat outside
ip inspect fw out
ip virtual-reassembly
duplex full
speed 100
crypto map clientmap
!
interface ATM0/0/0
description SNET DSL CIRCUIT
no ip address
no ip mroute-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
pvc 1/150
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Serial0/1/0:0
ip address 63.239.37.174 255.255.255.0
!
interface Serial0/3/0:0
description Qwest circuit
no ip address
ip virtual-reassembly
encapsulation frame-relay IETF
!
interface Serial0/3/0:0.1 point-to-point
description PVC to Offsite
bandwidth 768
ip address 63.149.109.18 255.255.255.252
ip virtual-reassembly
frame-relay interface-dlci 16
!
interface Serial0/3/0:0.2 point-to-point
description Public Circuit
bandwidth 768
ip address 72.166.68.246 255.255.255.252
ip virtual-reassembly
frame-relay interface-dlci 17
!
ip local pool ippoool 192.168.254.1 192.168.254.50
ip route 0.0.0.0 0.0.0.0 204.17.65.225
ip route 10.10.10.49 255.255.255.255 72.168.68.246
ip route 10.10.10.49 255.255.255.255 72.166.68.248
ip route 10.10.10.49 255.255.255.255 72.166.68.230
ip route 10.10.20.0 255.255.255.0 63.149.109.17
ip route 10.120.1.0 255.255.255.240 10.10.10.135
ip route 10.130.50.0 255.255.255.0 10.10.10.135
ip route 10.130.175.0 255.255.255.0 10.10.10.135
ip route 10.130.240.0 255.255.254.0 10.10.10.135
ip route 65.115.10.14 255.255.255.255 72.166.68.25
ip route 172.30.30.0 255.255.255.0 10.10.10.135
ip route 172.30.31.254 255.255.255.254 10.10.10.135
ip route 172.30.151.0 255.255.255.0 10.10.10.135
!
ip flow-export version 5
ip flow-export destination 10.10.10.96 9996
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.10.4 25 204.17.65.226 25 route-map SDM_RMA
P_3 extendable
ip nat inside source static tcp 10.10.10.4 80 204.17.65.226 80 route-map SDM_RMA
P_7 extendable
ip nat inside source static tcp 10.10.10.4 443 204.17.65.226 443 route-map SDM_R
MAP_5 extendable
ip nat inside source static tcp 10.10.10.47 80 204.17.65.227 80 route-map SDM_RM
AP_8 extendable
ip nat inside source static tcp 10.10.10.47 443 204.17.65.227 443 route-map SDM_
RMAP_4 extendable
ip nat inside source static tcp 10.10.10.7 1433 204.17.65.227 1433 route-map SDM
_RMAP_2 extendable
ip nat inside source static tcp 10.10.10.7 2004 204.17.65.227 2004 route-map SDM
_RMAP_1 extendable
!
ip access-list extended group-lock
ip access-list extended idletime
ip access-list extended protocol
ip access-list extended tty66
!
logging history debugging
logging trap debugging
logging 10.10.10.96
logging 10.10.10.71
access-list 101 remark SDM_ACL Category=18
access-list 101 deny ip 10.10.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 199.41.1.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit tcp any host 204.17.65.227 eq www
access-list 111 permit tcp any host 204.17.65.227 eq 443
access-list 111 permit tcp any host 204.17.65.227 eq 2004
access-list 111 permit tcp any host 204.17.65.226 eq smtp
access-list 111 permit tcp any host 204.17.65.226 eq 443
access-list 111 permit esp any host 204.17.65.226
access-list 111 permit udp any host 204.17.65.226 eq non500-isakmp
access-list 111 permit icmp any any echo-reply
access-list 111 permit udp host 192.5.41.41 host 204.17.65.226 eq ntp
access-list 111 permit icmp any any echo
access-list 111 permit tcp any host 204.17.65.226 eq www
access-list 111 permit icmp any any traceroute
access-list 111 permit udp host 192.5.41.209 host 204.17.65.226 eq ntp
access-list 111 permit gre any host 204.17.65.226
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit udp any host 204.17.65.226 eq isakmp
access-list 111 permit icmp any any time-exceeded
access-list 111 permit tcp any host 204.17.65.226 eq 1723
access-list 111 permit ip 192.168.254.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 permit udp host 170.20.20.55 host 204.17.65.226 eq snmp
access-list 111 permit tcp 206.104.31.0 0.0.0.255 host 204.17.65.227 eq 1433
access-list 111 permit tcp 198.68.195.0 0.0.0.255 host 204.17.65.227 eq 1433
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any packet-too-big
access-list 111 permit udp host 204.17.65.226 any eq non500-isakmp
access-list 111 permit tcp 65.115.10.0 0.0.0.255 host 204.17.65.226
access-list 111 permit udp 65.115.10.0 0.0.0.255 host 204.17.65.226 eq 23
access-list 111 deny ip 10.10.10.0 0.0.0.255 any
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any administratively-prohibited
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any traceroute
access-list 112 permit icmp any any unreachable
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any echo
access-list 115 permit ip 10.10.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.6 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.4 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.7 192.168.254.0 0.0.0.255
access-list 125 permit ip 10.10.10.0 0.0.0.255 199.41.1.0 0.0.0.255
route-map static permit 10
match ip address 120
set ip next-hop 1.1.1.2
!
route-map SDM_RMAP_4 permit 1
match ip address 104
!
route-map SDM_RMAP_5 permit 1
match ip address 105
!
route-map SDM_RMAP_6 permit 1
match ip address 106
!
route-map SDM_RMAP_7 permit 1
match ip address 100
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 102
!
route-map SDM_RMAP_3 permit 1
match ip address 103
!
route-map SDM_RMAP_8 permit 1
match ip address 102
!
route-map SDM_RMAP_9 permit 1
match ip address 103
!
route-map nonat permit 10
match ip address 101
!
!
control-plane
!
no call rsvp-sync
!
!
dial-peer cor custom
!
line con 0
password 7
line aux 0
line vty 0 4
privilege level 15
password 7
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180094
ntp update-calendar
ntp server 192.5.41.41
ntp server 10.10.10.4 source FastEthernet0/0 prefer
ntp server 192.5.41.209
!
end
OFFSITE ROUTER RUNNING CONFIG:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
!
logging queue-limit 100
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip inspect audit-trail
ip inspect dns-timeout 200
ip inspect name fw cuseeme timeout 3600
ip inspect name fw rcmd timeout 3600
ip inspect name fw realaudio timeout 3600
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 15
ip inspect name fw tcp timeout 3600
ip inspect name fw ftp timeout 3600
ip inspect name fw h323
ip inspect name fw vdolive
ip inspect name fw netshow
ip inspect name fw rtsp
ip inspect name fw sqlnet
ip inspect name fw streamworks
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key $GhDsI$ address 199.41.253.14 no-xauth
!
crypto isakmp client configuration group
dns .x.x.x.x.
pool ippoool
acl 115
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 5 ipsec-isakmp
! Incomplete
set peer 199.41.253.14
set transform-set myset
match address 125
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
ip address 10.10.20.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
!
interface Serial0/0.1 point-to-point
description Private Circuit to Primary
bandwidth 768
ip address 67.133.27.170 255.255.255.252
frame-relay interface-dlci 100
!
interface Serial0/0.2 point-to-point
description Internet Circuit
bandwidth 768
ip address 72.166.68.230 255.255.255.252
ip nat outside
shutdown
frame-relay interface-dlci 101
!
interface Serial0/1
no ip address
!
interface FastEthernet1/0
ip address 63.145.17.57 255.255.255.248
duplex auto
speed auto
!
ip nat pool internetpool 63.145.17.60 63.145.17.60 netmask 255.255.255.248
ip nat inside source list 101 pool internetpool overload
ip nat inside source static 10.10.20.10 63.145.17.61
ip nat inside source static tcp 10.10.20.10 443 63.145.17.61 443 extendable
ip nat inside source static tcp 10.10.20.10 1443 63.145.17.61 1443 extendable
ip nat inside source static tcp 10.10.20.10 2004 63.145.17.61 2004 extendable
ip http server
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 72.166.68.229
ip route 10.10.10.0 255.255.255.0 67.133.27.169
!
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
!
radius-server authorization permit missing Service-Type
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7
transport input telnet ssh
!
!
end
Thanks for the help
The data on one part of the PVC gets to the offsite location, but the internet circuit does not. I am unable to ping or trace the far end. I will post both sanitized configs:
Primary Location Running Config
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
card type t1 0 1
card type t1 0 3
logging buffered 4096 debugging
enable secret 5
enable password 7
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
clock timezone EST -5
clock summer-time EDT recurring
no network-clock-participate wic 1
no network-clock-participate wic 3
!
!
ip cef
!
!
ip inspect audit-trail
ip inspect dns-timeout 200
ip inspect name fw cuseeme timeout 3600
ip inspect name fw rcmd timeout 3600
ip inspect name fw realaudio timeout 3600
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 15
ip inspect name fw tcp timeout 3600
ip inspect name fw ftp timeout 3600
ip inspect name fw h323
ip inspect name fw vdolive
ip inspect name fw netshow
ip inspect name fw rtsp
ip inspect name fw sqlnet
ip inspect name fw streamworks
ip inspect name fw http urlfilter
no ip ips sdf builtin
ip ips sdf location flash://128MB.sdf autosave
ip ips notify SDEE
no ip ips notify log
vpdn-template
!
!
frame-relay switching
!
voice-card 0
no dspfarm
!
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key $GhDsI$ address 199.41.253.14 no-xauth
!
crypto isakmp client configuration group GHDSIVPN
key global2world
dns 10.10.10.4
domain GHDSI.COM
pool ippoool
acl 115
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 5 ipsec-isakmp
set peer 199.41.253.14
set transform-set myset
match address 125
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Null0
no ip unreachables
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
ip virtual-reassembly
!
interface Loopback3
ip address 72.166.69.35 255.255.255.255
ip virtual-reassembly
!
interface Loopback4
no ip address
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 10.10.10.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip policy route-map static
duplex full
speed 100
!
interface FastEthernet0/1
description $ETH-WAN$
ip address 204.17.65.226 255.255.255.248
ip access-group 111 in
ip flow ingress
ip flow egress
ip nat outside
ip inspect fw out
ip virtual-reassembly
duplex full
speed 100
crypto map clientmap
!
interface ATM0/0/0
description SNET DSL CIRCUIT
no ip address
no ip mroute-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
pvc 1/150
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Serial0/1/0:0
ip address 63.239.37.174 255.255.255.0
!
interface Serial0/3/0:0
description Qwest circuit
no ip address
ip virtual-reassembly
encapsulation frame-relay IETF
!
interface Serial0/3/0:0.1 point-to-point
description PVC to Offsite
bandwidth 768
ip address 63.149.109.18 255.255.255.252
ip virtual-reassembly
frame-relay interface-dlci 16
!
interface Serial0/3/0:0.2 point-to-point
description Public Circuit
bandwidth 768
ip address 72.166.68.246 255.255.255.252
ip virtual-reassembly
frame-relay interface-dlci 17
!
ip local pool ippoool 192.168.254.1 192.168.254.50
ip route 0.0.0.0 0.0.0.0 204.17.65.225
ip route 10.10.10.49 255.255.255.255 72.168.68.246
ip route 10.10.10.49 255.255.255.255 72.166.68.248
ip route 10.10.10.49 255.255.255.255 72.166.68.230
ip route 10.10.20.0 255.255.255.0 63.149.109.17
ip route 10.120.1.0 255.255.255.240 10.10.10.135
ip route 10.130.50.0 255.255.255.0 10.10.10.135
ip route 10.130.175.0 255.255.255.0 10.10.10.135
ip route 10.130.240.0 255.255.254.0 10.10.10.135
ip route 65.115.10.14 255.255.255.255 72.166.68.25
ip route 172.30.30.0 255.255.255.0 10.10.10.135
ip route 172.30.31.254 255.255.255.254 10.10.10.135
ip route 172.30.151.0 255.255.255.0 10.10.10.135
!
ip flow-export version 5
ip flow-export destination 10.10.10.96 9996
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.10.4 25 204.17.65.226 25 route-map SDM_RMA
P_3 extendable
ip nat inside source static tcp 10.10.10.4 80 204.17.65.226 80 route-map SDM_RMA
P_7 extendable
ip nat inside source static tcp 10.10.10.4 443 204.17.65.226 443 route-map SDM_R
MAP_5 extendable
ip nat inside source static tcp 10.10.10.47 80 204.17.65.227 80 route-map SDM_RM
AP_8 extendable
ip nat inside source static tcp 10.10.10.47 443 204.17.65.227 443 route-map SDM_
RMAP_4 extendable
ip nat inside source static tcp 10.10.10.7 1433 204.17.65.227 1433 route-map SDM
_RMAP_2 extendable
ip nat inside source static tcp 10.10.10.7 2004 204.17.65.227 2004 route-map SDM
_RMAP_1 extendable
!
ip access-list extended group-lock
ip access-list extended idletime
ip access-list extended protocol
ip access-list extended tty66
!
logging history debugging
logging trap debugging
logging 10.10.10.96
logging 10.10.10.71
access-list 101 remark SDM_ACL Category=18
access-list 101 deny ip 10.10.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 199.41.1.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit tcp any host 204.17.65.227 eq www
access-list 111 permit tcp any host 204.17.65.227 eq 443
access-list 111 permit tcp any host 204.17.65.227 eq 2004
access-list 111 permit tcp any host 204.17.65.226 eq smtp
access-list 111 permit tcp any host 204.17.65.226 eq 443
access-list 111 permit esp any host 204.17.65.226
access-list 111 permit udp any host 204.17.65.226 eq non500-isakmp
access-list 111 permit icmp any any echo-reply
access-list 111 permit udp host 192.5.41.41 host 204.17.65.226 eq ntp
access-list 111 permit icmp any any echo
access-list 111 permit tcp any host 204.17.65.226 eq www
access-list 111 permit icmp any any traceroute
access-list 111 permit udp host 192.5.41.209 host 204.17.65.226 eq ntp
access-list 111 permit gre any host 204.17.65.226
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit udp any host 204.17.65.226 eq isakmp
access-list 111 permit icmp any any time-exceeded
access-list 111 permit tcp any host 204.17.65.226 eq 1723
access-list 111 permit ip 192.168.254.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 111 permit udp host 170.20.20.55 host 204.17.65.226 eq snmp
access-list 111 permit tcp 206.104.31.0 0.0.0.255 host 204.17.65.227 eq 1433
access-list 111 permit tcp 198.68.195.0 0.0.0.255 host 204.17.65.227 eq 1433
access-list 111 permit icmp any any unreachable
access-list 111 permit icmp any any packet-too-big
access-list 111 permit udp host 204.17.65.226 any eq non500-isakmp
access-list 111 permit tcp 65.115.10.0 0.0.0.255 host 204.17.65.226
access-list 111 permit udp 65.115.10.0 0.0.0.255 host 204.17.65.226 eq 23
access-list 111 deny ip 10.10.10.0 0.0.0.255 any
access-list 112 permit icmp any any echo-reply
access-list 112 permit icmp any any administratively-prohibited
access-list 112 permit icmp any any time-exceeded
access-list 112 permit icmp any any traceroute
access-list 112 permit icmp any any unreachable
access-list 112 permit icmp any any packet-too-big
access-list 112 permit icmp any any echo
access-list 115 permit ip 10.10.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.6 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.4 192.168.254.0 0.0.0.255
access-list 120 permit ip host 10.10.10.7 192.168.254.0 0.0.0.255
access-list 125 permit ip 10.10.10.0 0.0.0.255 199.41.1.0 0.0.0.255
route-map static permit 10
match ip address 120
set ip next-hop 1.1.1.2
!
route-map SDM_RMAP_4 permit 1
match ip address 104
!
route-map SDM_RMAP_5 permit 1
match ip address 105
!
route-map SDM_RMAP_6 permit 1
match ip address 106
!
route-map SDM_RMAP_7 permit 1
match ip address 100
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 102
!
route-map SDM_RMAP_3 permit 1
match ip address 103
!
route-map SDM_RMAP_8 permit 1
match ip address 102
!
route-map SDM_RMAP_9 permit 1
match ip address 103
!
route-map nonat permit 10
match ip address 101
!
!
control-plane
!
no call rsvp-sync
!
!
dial-peer cor custom
!
line con 0
password 7
line aux 0
line vty 0 4
privilege level 15
password 7
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180094
ntp update-calendar
ntp server 192.5.41.41
ntp server 10.10.10.4 source FastEthernet0/0 prefer
ntp server 192.5.41.209
!
end
OFFSITE ROUTER RUNNING CONFIG:
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
!
logging queue-limit 100
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
no ip domain lookup
!
ip inspect audit-trail
ip inspect dns-timeout 200
ip inspect name fw cuseeme timeout 3600
ip inspect name fw rcmd timeout 3600
ip inspect name fw realaudio timeout 3600
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 15
ip inspect name fw tcp timeout 3600
ip inspect name fw ftp timeout 3600
ip inspect name fw h323
ip inspect name fw vdolive
ip inspect name fw netshow
ip inspect name fw rtsp
ip inspect name fw sqlnet
ip inspect name fw streamworks
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key $GhDsI$ address 199.41.253.14 no-xauth
!
crypto isakmp client configuration group
dns .x.x.x.x.
pool ippoool
acl 115
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 5 ipsec-isakmp
! Incomplete
set peer 199.41.253.14
set transform-set myset
match address 125
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
ip address 10.10.20.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
!
interface Serial0/0.1 point-to-point
description Private Circuit to Primary
bandwidth 768
ip address 67.133.27.170 255.255.255.252
frame-relay interface-dlci 100
!
interface Serial0/0.2 point-to-point
description Internet Circuit
bandwidth 768
ip address 72.166.68.230 255.255.255.252
ip nat outside
shutdown
frame-relay interface-dlci 101
!
interface Serial0/1
no ip address
!
interface FastEthernet1/0
ip address 63.145.17.57 255.255.255.248
duplex auto
speed auto
!
ip nat pool internetpool 63.145.17.60 63.145.17.60 netmask 255.255.255.248
ip nat inside source list 101 pool internetpool overload
ip nat inside source static 10.10.20.10 63.145.17.61
ip nat inside source static tcp 10.10.20.10 443 63.145.17.61 443 extendable
ip nat inside source static tcp 10.10.20.10 1443 63.145.17.61 1443 extendable
ip nat inside source static tcp 10.10.20.10 2004 63.145.17.61 2004 extendable
ip http server
ip http authentication local
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 72.166.68.229
ip route 10.10.10.0 255.255.255.0 67.133.27.169
!
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
!
radius-server authorization permit missing Service-Type
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7
transport input telnet ssh
!
!
end
Thanks for the help