Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco DMVPN ( web traffic through tunnel )

Status
Not open for further replies.
ST675

ST675

IS-IT--Management
Feb 21, 2009
1
Hello, First I admit I am a novice Cisco guy, but am learning more every day. so thanks to those that can help.

I have a DMVPN set up and working. My issue is that I need to get the web traffic to flow through the tunnel to verify that the QOS policys are getting applied. I belive that I need to change the ip route from 0.0.0.0 0.0.0.0 A.B.C.D to 0.0.0.0 0.0.0.0 Tunnel0 but when I do this I can no longer access the router. Ideally I would like to have ALL traffic go through the VPN tunnel ahile still being able to get access to the router from internal IP address and the external IP. Below is the config of the remote router ( Cisco 1811 ) any help is greatly appriciated!

Code: 
Building configuration...

Current configuration : 11526 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname dmtsrstDIA
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
enable password <REMOVED>
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
crypto isakmp key DMT address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
 mode transport
!
crypto ipsec profile 3DES
 set transform-set 3DES
!
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.13.1.1 10.13.1.25
ip dhcp excluded-address 10.13.3.1 10.13.3.25
!
ip dhcp pool diamond
   network 10.13.1.0 255.255.255.0
   default-router 10.13.1.1
   dns-server 10.1.5.20 10.1.5.21
   domain-name deepsubs.local
   netbios-name-server 10.1.5.20
   lease 3
!
ip dhcp pool Voice_diamond
   network 10.13.3.0 255.255.255.0
   default-router 10.13.3.1
   dns-server 10.1.5.20 10.1.5.21
   domain-name deepsubs.local
   netbios-name-server 10.1.5.20
   option 150 ip 10.1.3.10
   lease 3
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
 no dspfarm
!
!
!
username <REMOVED>
username <REMOVED>
archive
 log config
  hidekeys
!
!
!
class-map match-any AutoQoS-VoIP-Control-Trust-wan
 match ip dscp cs3
 match ip dscp af31
class-map match-any AutoQoS-VoIP-RTP-Trust-wan
 match ip dscp ef
class-map match-any AutoQoS-VoIP-Remark
 match ip dscp ef
 match ip dscp cs3
 match ip dscp af31
class-map match-any AutoQoS-VoIP-Control-UnTrust
 match access-group name AutoQoS-VoIP-Control
class-map match-any AutoQoS-VoIP-RTP-UnTrust
 match protocol rtp audio
 match access-group name AutoQoS-VoIP-RTCP
!
!
policy-map AutoQoS-Policy-UnTrust
 class AutoQoS-VoIP-RTP-UnTrust
  priority percent 70
  set dscp ef
 class AutoQoS-VoIP-Control-UnTrust
  bandwidth percent 5
  set dscp af31
 class AutoQoS-VoIP-Remark
  set dscp default
 class class-default
  fair-queue
policy-map child
 class AutoQoS-VoIP-RTP-Trust-wan
  priority percent 25
  set dscp ef
 class AutoQoS-VoIP-Control-Trust-wan
  priority percent 12
  set dscp af31
 class class-default
  fair-queue
policy-map parent
 class class-default
  shape average 512000
  service-policy child
!
!
!
!
!
interface Loopback0
 ip address 192.168.30.1 255.255.255.255
!
interface Tunnel0
 bandwidth 512
 ip address 10.10.10.12 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip nhrp authentication <REMOVED>
 ip nhrp map 10.10.10.1 12.B.C.D
 ip nhrp map multicast 12.B.C.D
 ip nhrp network-id 100
 ip nhrp holdtime 300
 ip nhrp nhs 10.10.10.1
 ip nhrp cache non-authoritative
 no ip mroute-cache
 delay 1000
 qos pre-classify
 tunnel source FastEthernet0/0
 tunnel mode gre multipoint
 tunnel key 100
 tunnel protection ipsec profile 3DES
 tunnel bandwidth transmit 512
 tunnel bandwidth receive 512
 max-reserved-bandwidth 90
!
interface FastEthernet0/0
 description DIA_wan
 ip address 72.B.C.D 255.255.255.224
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 duplex auto
 speed auto
 max-reserved-bandwidth 90
 service-policy output parent
!
interface FastEthernet0/1/0
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/1
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 bandwidth 128000
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/2
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/3
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/4
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/5
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/6
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/7
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface FastEthernet0/1/8
 description ***Phone + PC Connection***
 switchport access vlan 10
 switchport voice vlan 30
 auto qos voip
 spanning-tree portfast
 service-policy output AutoQoS-Policy-UnTrust
!
interface Vlan1
 no ip address
 ip nat inside
 ip virtual-reassembly
 shutdown
!
interface Vlan10
 ip address 10.13.1.1 255.255.255.0
 ip access-group 101 out
 ip nat inside
 ip virtual-reassembly
!
interface Vlan30
 ip address 10.13.3.1 255.255.255.0
!
router eigrp 100
 passive-interface FastEthernet0/0
 network 10.0.0.0
 auto-summary
!
ip route 0.0.0.0 0.0.0.0 72.B.C.D
!
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
!
ip access-list extended AutoQoS-VoIP-Control
 permit tcp any any eq 1720
 permit tcp any any range 11000 11999
 permit udp any any eq 2427
 permit tcp any any eq 2428
 permit tcp any any range 2000 2002
 permit udp any any eq 1719
 permit udp any any eq 5060
ip access-list extended AutoQoS-VoIP-RTCP
 permit udp any any range 16384 32767
!
access-list 10 permit 10.13.0.0 0.0.255.255
access-list 100 permit ip 10.13.0.0 0.0.255.255 10.0.0.0 0.255.255.255
access-list 100 permit ip 10.13.0.0 0.0.255.255 172.16.16.0 0.0.0.255
access-list 100 permit ip 10.13.0.0 0.0.255.255 192.168.11.0 0.0.0.3
access-list 100 permit ip host 192.168.30.1 10.0.0.0 0.255.255.255
access-list 100 permit ip host 192.168.30.1 172.16.16.0 0.0.0.255
access-list 100 permit ip host 192.168.30.1 192.168.11.0 0.0.0.3
!
!
!
!
!
!
control-plane
!
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
 auto-cut-through
 signal immediate
 input gain auto-control
 description Music On Hold Port
!
ccm-manager redundant-host 10.1.3.10
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server 10.1.3.10
ccm-manager config
!
mgcp
mgcp call-agent 10.1.3.11 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp rtp payload-type g726r16 static
!
mgcp profile default
!
!
!
dial-peer voice 999000 pots
 service mgcpapp
 port 0/0/0
!
dial-peer voice 999001 pots
 service mgcpapp
 port 0/0/1
!
dial-peer voice 999002 pots
 service mgcpapp
 port 0/0/2
!
dial-peer voice 999003 pots
 service mgcpapp
 port 0/0/3
!
!
!
!
call-manager-fallback
 max-conferences 3 gain -6
 transfer-system full-consult
 ip source-address 72.B.C.D port 2000
 max-ephones 6
 max-dn 20
 dialplan-pattern 1 281784.... extension-length 4
!
banner motd ^CCC
You have accessed a private internetwork.
Unauthorized access to this internetwork
is prohibited and will be prosecuted in
accordance with Title 18, U.S.C. -- if you
are not explicitly authorized to access
this internetwork, log off now!
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 login local
 length 0
 transport input all
!

!
webvpn cef
end
 
Status
Not open for further replies.

Similar threads

B
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
100
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
427
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
402
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
424
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
374
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top