Hi, I have copied the following config into a new 837 router using the hyperterminal copy and paste method but am now not able to access the router using snmp or telnet, I can still access it from the console connection and have tried new community strings but the problem remains, the document on cisco's website (doc id 46741) advises that any line beginning with aaa be removed from the configuration before pasting to the new router but when I tried this the config appeared to be corrupt after pasting it into the new router, is there a way i can fix this without erasing and starting again?
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service linenumber
no service dhcp
!
hostname *******
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 notifications
logging console warnings
enable secret 5 *********************
!
username **************************
username **************************
aaa new-model
!
!
aaa authentication login VPN local
aaa authorization network groupauthor local
aaa authorization network groupauth local
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip domain lookup
no ip bootp server
ip ftp username customer
ip ftp password 7 0872541A04090944
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key 3nt9xbg1 address 0.0.0.0 no-xauth
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group *****
key ******
pool VPNCLIENTS
acl VPNCLIENTS
!
crypto isakmp client configuration group ******
key *****
pool VPNCLIENTS
acl VPNCLIENTS
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
!
crypto dynamic-map REMOTE 90
set transform-set 3DES
!
!
crypto map VPN local-address Loopback0
crypto map VPN client authentication list VPN
crypto map VPN isakmp authorization list groupauth
crypto map VPN client configuration address initiate
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp
set peer 0.0.0.0
set transform-set 3DES
set pfs group2
match address VPN
crypto map VPN 100 ipsec-isakmp dynamic REMOTE
!
!
!
interface Loopback0
ip address 0.0.0.0 255.255.255.248
!
interface Ethernet0
ip address 192.168.202.239 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting mac-address input
ip accounting mac-address output
ip accounting access-violations
ip nat inside
ip virtual-reassembly
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname **********
ppp chap password 7 *********
crypto map VPN
!
ip local pool VPNCLIENTS 10.50.1.0 10.50.1.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list NAT interface Dialer1 overload
!
!
ip access-list extended INSIDE
permit ip 192.168.202.0 0.0.0.255 any
ip access-list extended NAT
deny ip 192.168.202.0 0.0.0.255 10.50.1.0 0.0.0.255
deny ip 10.50.1.0 0.0.0.255 192.168.200.0 0.0.0.255
deny ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255
permit ip 192.168.202.0 0.0.0.255 any
ip access-list extended S2S-FIREWALL
permit udp any any eq isakmp
permit ip 10.50.1.0 0.0.0.255 192.168.202.0 0.0.0.255
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any
permit ip 192.168.200.0 0.0.0.255 192.168.202.0 0.0.0.255
permit tcp host 0.0.0.0 any eq 22
permit tcp host 0.0.0.0 any eq telnet
deny ip any any log
ip access-list extended VPN
permit ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255
ip access-list extended VPNCLIENT
permit ip 192.168.202.0 0.0.0.255 10.50.1.0 0.0.0.255
ip access-list extended VPNCLIENTS
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 130 permit ip host 0.0.0.0 any
access-list 130 permit ip 192.168.202.0 0.0.0.255 any
access-list 130 permit ip host 0.0.0.0 any
access-list 130 permit ip host 0.0.0.0 any
access-list 199 permit tcp any any eq 3389
access-list 199 permit tcp any eq 3389 any
dialer-list 1 protocol ip permit
snmp-server community ******** RO
snmp-server community ******** RW
snmp-server enable traps tty
no cdp run
!
control-plane
!
banner login _
Private Property - All access is logged
Unauthorised entry is prohibited
_
alias exec sa show access-list
alias exec sci sh crypto isa sa
alias exec scp sh crypto ip sa
alias exec sr show running
alias exec crs copy running startup-config
alias exec sir show ip route
alias exec sib show ip int brief
alias exec sim show ip multicast
alias exec sip show ip protocols
alias exec wt write term
alias exec ct conf t
alias exec wm write mem
alias exec crt copy running tftp
alias exec sis show interface summary
alias exec sia show interface accounting
alias exec sid show int descr
alias exec sin show interface
alias exec su show user
alias exec sistat show int status
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 130 in
exec-timeout 120 0
login authentication VPN
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service linenumber
no service dhcp
!
hostname *******
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 notifications
logging console warnings
enable secret 5 *********************
!
username **************************
username **************************
aaa new-model
!
!
aaa authentication login VPN local
aaa authorization network groupauthor local
aaa authorization network groupauth local
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
!
no ip domain lookup
no ip bootp server
ip ftp username customer
ip ftp password 7 0872541A04090944
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key 3nt9xbg1 address 0.0.0.0 no-xauth
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group *****
key ******
pool VPNCLIENTS
acl VPNCLIENTS
!
crypto isakmp client configuration group ******
key *****
pool VPNCLIENTS
acl VPNCLIENTS
!
!
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
!
crypto dynamic-map REMOTE 90
set transform-set 3DES
!
!
crypto map VPN local-address Loopback0
crypto map VPN client authentication list VPN
crypto map VPN isakmp authorization list groupauth
crypto map VPN client configuration address initiate
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp
set peer 0.0.0.0
set transform-set 3DES
set pfs group2
match address VPN
crypto map VPN 100 ipsec-isakmp dynamic REMOTE
!
!
!
interface Loopback0
ip address 0.0.0.0 255.255.255.248
!
interface Ethernet0
ip address 192.168.202.239 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting mac-address input
ip accounting mac-address output
ip accounting access-violations
ip nat inside
ip virtual-reassembly
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname **********
ppp chap password 7 *********
crypto map VPN
!
ip local pool VPNCLIENTS 10.50.1.0 10.50.1.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list NAT interface Dialer1 overload
!
!
ip access-list extended INSIDE
permit ip 192.168.202.0 0.0.0.255 any
ip access-list extended NAT
deny ip 192.168.202.0 0.0.0.255 10.50.1.0 0.0.0.255
deny ip 10.50.1.0 0.0.0.255 192.168.200.0 0.0.0.255
deny ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255
permit ip 192.168.202.0 0.0.0.255 any
ip access-list extended S2S-FIREWALL
permit udp any any eq isakmp
permit ip 10.50.1.0 0.0.0.255 192.168.202.0 0.0.0.255
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any
permit ip 192.168.200.0 0.0.0.255 192.168.202.0 0.0.0.255
permit tcp host 0.0.0.0 any eq 22
permit tcp host 0.0.0.0 any eq telnet
deny ip any any log
ip access-list extended VPN
permit ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255
ip access-list extended VPNCLIENT
permit ip 192.168.202.0 0.0.0.255 10.50.1.0 0.0.0.255
ip access-list extended VPNCLIENTS
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 130 permit ip host 0.0.0.0 any
access-list 130 permit ip 192.168.202.0 0.0.0.255 any
access-list 130 permit ip host 0.0.0.0 any
access-list 130 permit ip host 0.0.0.0 any
access-list 199 permit tcp any any eq 3389
access-list 199 permit tcp any eq 3389 any
dialer-list 1 protocol ip permit
snmp-server community ******** RO
snmp-server community ******** RW
snmp-server enable traps tty
no cdp run
!
control-plane
!
banner login _
Private Property - All access is logged
Unauthorised entry is prohibited
_
alias exec sa show access-list
alias exec sci sh crypto isa sa
alias exec scp sh crypto ip sa
alias exec sr show running
alias exec crs copy running startup-config
alias exec sir show ip route
alias exec sib show ip int brief
alias exec sim show ip multicast
alias exec sip show ip protocols
alias exec wt write term
alias exec ct conf t
alias exec wm write mem
alias exec crt copy running tftp
alias exec sis show interface summary
alias exec sia show interface accounting
alias exec sid show int descr
alias exec sin show interface
alias exec su show user
alias exec sistat show int status
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 130 in
exec-timeout 120 0
login authentication VPN
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end
