BluffPlace
MIS
Hello
We have a Cisco 7204 that was configured with a secondary IP address. When I create a sub-interfaces, I lose my Internet connection. The port on my switch is configure as a trunk port. The 151 network has a check point firewall with a 3030 concentrator. The 65 network has more bandwidth and a ASA5520. I want to slowly move all the vpn tunnels from the 151 network to the 65 network. Eventually, I will drop the 151 network. any assistance would be appreciated
Here is my router configs
interface Tunnel0
description Primary-Zscaler-Tun
ip address 172.17.6.33 255.255.255.252
ip mtu 1476
ip nat outside
tunnel source 151.198.252.20
tunnel destination 4.79.205.3
interface Tunnel1
description Zscale secondary
ip address 172.17.6.37 255.255.255.252
ip mtu 1476
ip nat outside
tunnel source 151.198.252.20
tunnel destination 208.100.40.34
interface Ethernet0/0
ip access-group 102 out
ip nat inside
ip route-cache policy
ip policy route-map Zscaler-redirect
interface Ethernet0/0.1
encapsulation dot1q native 10
ip address 151.198.253.22 255.255.255.224
interface ethernet0/0.2
encapsulation dot1q 20
ip address 65.211.65.20 255.255.255.224
interface GigabitEthernet0/0
ip address 10.10.0.8 255.255.0.0
ip helper-address 10.100.91.5
interface Serial1/0
ip address 208.214.102.21 255.255.255.252
no ip redirects
no ip proxy-arp
encapsulation ppp
no ip mroute-cache
ip policy route-map net-11
load-interval 30
scramble
framing c-bit
cablelength 10
dsu bandwidth 18948
no cdp enable
interface ATM2/0
no ip address
atm uni-version 3.1
no atm ilmi-keepalive
interface ATM2/0.1 point-to-point
bandwidth 75000
ip address 151.198.252.20 255.255.255.252
ip policy route-map net-11
pvc 1/57
vbr-nrt 10000 10000 100
encapsulation aal5snap
interface ATM2/0.5 point-to-point
bandwidth 145000
ip address 10.15.0.2 255.255.255.252
ip helper-address 10.100.91.5
ip policy route-map net-10
pvc obd 5/55
protocol ip 10.15.0.1 broadcast
vbr-nrt 145000 145000 1000
encapsulation aal5snap
router eigrp 1
network 10.0.0.0
no auto-summary
no eigrp log-neighbor-changes
ip nat inside source route-map Zscaler interface Tunnel0 overload
ip nat inside source route-map Zscaler-backup interface Tunnel1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 151.198.252.205
ip route 10.70.1.1 255.255.255.255 10.60.1.2 name URG-RWJ-PACS
ip route 10.70.1.2 255.255.255.255 10.60.1.2 name URG-RWJ-PACS
no ip http server
ip access-list extended Zscaler
permit tcp any any eq www
permit tcp any any eq 443
access-list 102 permit ip any any
access-list 111 permit ip any any
access-list 112 permit ip any any
access-list 116 permit ip 65.211.65.0 0.0.0.31 any
access-list 117 permit ip 151.198.253.22 0.0.0.31 any
route-map Zscaler permit 10
match ip address Zscaler
set interface Tunnel0 Tunnel1
route-map net-11 permit 11
set interface Ethernet0/0
route-map net-10 permit 10
match ip address 111
set ip next-hop 10.10.0.1
route-map Zscaler-redirect permit 10
match ip address Zscaler
set interface Tunnel0
!
route-map PBR1 permit 10
match ip address 116
set interface Serial1/0
set ip next-hop 208.214.102.20
route-map PBR1 permit 20
match ip address 117
set interface ATM2/0.1
set ip next-hop 151.198.252.20
route-map Zscaler-backup permit 10
match ip address Zscaler
set interface Tunnel1
!
gatekeeper
shutdown
here is my switch configs
interface FastEthernet0/1
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
interface VLAN1
no ip directed-broadcast
no ip route-cache
shutdown
interface VLAN2
no ip directed-broadcast
no ip route-cache
shutdown
interface VLAN10
ip address 10.10.0.171 255.255.0.0
no ip directed-broadcast
no ip route-cache
ip default-gateway 10.10.0.1
We have a Cisco 7204 that was configured with a secondary IP address. When I create a sub-interfaces, I lose my Internet connection. The port on my switch is configure as a trunk port. The 151 network has a check point firewall with a 3030 concentrator. The 65 network has more bandwidth and a ASA5520. I want to slowly move all the vpn tunnels from the 151 network to the 65 network. Eventually, I will drop the 151 network. any assistance would be appreciated
Here is my router configs
interface Tunnel0
description Primary-Zscaler-Tun
ip address 172.17.6.33 255.255.255.252
ip mtu 1476
ip nat outside
tunnel source 151.198.252.20
tunnel destination 4.79.205.3
interface Tunnel1
description Zscale secondary
ip address 172.17.6.37 255.255.255.252
ip mtu 1476
ip nat outside
tunnel source 151.198.252.20
tunnel destination 208.100.40.34
interface Ethernet0/0
ip access-group 102 out
ip nat inside
ip route-cache policy
ip policy route-map Zscaler-redirect
interface Ethernet0/0.1
encapsulation dot1q native 10
ip address 151.198.253.22 255.255.255.224
interface ethernet0/0.2
encapsulation dot1q 20
ip address 65.211.65.20 255.255.255.224
interface GigabitEthernet0/0
ip address 10.10.0.8 255.255.0.0
ip helper-address 10.100.91.5
interface Serial1/0
ip address 208.214.102.21 255.255.255.252
no ip redirects
no ip proxy-arp
encapsulation ppp
no ip mroute-cache
ip policy route-map net-11
load-interval 30
scramble
framing c-bit
cablelength 10
dsu bandwidth 18948
no cdp enable
interface ATM2/0
no ip address
atm uni-version 3.1
no atm ilmi-keepalive
interface ATM2/0.1 point-to-point
bandwidth 75000
ip address 151.198.252.20 255.255.255.252
ip policy route-map net-11
pvc 1/57
vbr-nrt 10000 10000 100
encapsulation aal5snap
interface ATM2/0.5 point-to-point
bandwidth 145000
ip address 10.15.0.2 255.255.255.252
ip helper-address 10.100.91.5
ip policy route-map net-10
pvc obd 5/55
protocol ip 10.15.0.1 broadcast
vbr-nrt 145000 145000 1000
encapsulation aal5snap
router eigrp 1
network 10.0.0.0
no auto-summary
no eigrp log-neighbor-changes
ip nat inside source route-map Zscaler interface Tunnel0 overload
ip nat inside source route-map Zscaler-backup interface Tunnel1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 151.198.252.205
ip route 10.70.1.1 255.255.255.255 10.60.1.2 name URG-RWJ-PACS
ip route 10.70.1.2 255.255.255.255 10.60.1.2 name URG-RWJ-PACS
no ip http server
ip access-list extended Zscaler
permit tcp any any eq www
permit tcp any any eq 443
access-list 102 permit ip any any
access-list 111 permit ip any any
access-list 112 permit ip any any
access-list 116 permit ip 65.211.65.0 0.0.0.31 any
access-list 117 permit ip 151.198.253.22 0.0.0.31 any
route-map Zscaler permit 10
match ip address Zscaler
set interface Tunnel0 Tunnel1
route-map net-11 permit 11
set interface Ethernet0/0
route-map net-10 permit 10
match ip address 111
set ip next-hop 10.10.0.1
route-map Zscaler-redirect permit 10
match ip address Zscaler
set interface Tunnel0
!
route-map PBR1 permit 10
match ip address 116
set interface Serial1/0
set ip next-hop 208.214.102.20
route-map PBR1 permit 20
match ip address 117
set interface ATM2/0.1
set ip next-hop 151.198.252.20
route-map Zscaler-backup permit 10
match ip address Zscaler
set interface Tunnel1
!
gatekeeper
shutdown
here is my switch configs
interface FastEthernet0/1
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 10
spanning-tree portfast
interface FastEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
interface VLAN1
no ip directed-broadcast
no ip route-cache
shutdown
interface VLAN2
no ip directed-broadcast
no ip route-cache
shutdown
interface VLAN10
ip address 10.10.0.171 255.255.0.0
no ip directed-broadcast
no ip route-cache
ip default-gateway 10.10.0.1
