I have two 1721 routers with a VPN configured between the two. We have two sin servers on each side. On one side everything works. On the other, certain programs like ftp and ssh fail. They time out. Looking at ftp, it is hanging on a socket read. PC's seem to transfer data fine and I did get some success with PASV ftp. Any Ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Router to Router VPN, sockets don't work in one direction
- Thread starter Dlweeksjr
- Start date
Does this occur in Tunnel to Tunnel or Site to Internet traffic?
Do you have FTP Servers on both sides?
DO you have NAT anywhere in this equation?
it's probably occuring because of NAT and the fact that the IP addresses embedded in the pkt payloads are not jiving with the ones in the headers (re-wrapped).
-gC-
p.s.
may be worth a read
Do you have FTP Servers on both sides?
DO you have NAT anywhere in this equation?
it's probably occuring because of NAT and the fact that the IP addresses embedded in the pkt payloads are not jiving with the ones in the headers (re-wrapped).
-gC-
p.s.
may be worth a read
- Thread starter
- #3
Tunnel to Tunnel traffic. I have ftp servers (Suns) on both sides and both 1721 routers have NAT running on them. So I can't see any difference in the NAT config on either one except one side has a lot more static routes. The full 'show runs' are below. India side can't ftp to me and US side has no trouble. BTW, PC's on the India side can ftp to the Sun server on the US side
India:
Current configuration : 3606 bytes
!
! Last configuration change at 17:32:55 Asia/Ca Fri Apr 9 2004 by remoteadmin
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Spatial-India
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
clock timezone Asia/Calcutta 5 30
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 192.168.150.1 192.168.150.159
ip dhcp excluded-address 192.168.150.201 192.168.150.254
!
ip dhcp pool sdm-pool1
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
dns-server 202.54.15.30 203.197.12.42
!
!
ip tcp mss 1436
ip domain name spatialwireless.com
ip name-server 202.54.15.30
ip name-server 203.197.12.42
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 5
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 7
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXX address 216.59.195.68 no-xauth
!
!
crypto ipsec transform-set india esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map TMO 6 ipsec-isakmp
set peer 216.59.195.68
set transform-set myset
match address 129
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.150.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
speed auto
no cdp enable
!
interface Serial0
description $FW_OUTSIDE$
ip address 203.197.228.50 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no cdp enable
crypto map TMO
!
interface Serial1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
ip nat inside source list 110 interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.150.0 255.255.255.0 FastEthernet0
ip route 192.168.160.0 255.255.255.0 FastEthernet0
ip http server
ip http authentication local
ip http secure-server
!
!
!
logging trap debugging
access-list 110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 129 permit ip 192.168.160.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.150.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.155.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
US:
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Spatial
!
boot system flash c1700-k9o3sy7-mz.123-1a.bin
logging buffered 4096 debugging
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip tcp mss 1436
ip domain name spatialwireless.com
ip name-server 209.51.6.10
ip name-server 208.217.211.10
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group spatial
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp gateway 192.168.5.254
async-bootp dns-server 192.168.5.212
async-bootp nbns-server 192.168.1.11
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 4
encr 3des
authentication pre-share
group 2
lifetime 24000
!
crypto isakmp policy 5
authentication pre-share
group 2
!
crypto isakmp policy 6
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 7
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXXXX address 63.122.5.247
crypto isakmp key XXXXXXXXXX address 199.202.45.7 no-xauth
crypto isakmp key XXXXXXXXX address 203.190.129.62 no-xauth
crypto isakmp key XXXXXXXXXXX address 12.237.85.137 no-xauth
crypto isakmp key XXXXXXXX address 199.202.47.7 no-xauth
crypto isakmp key XXXXXXXXXX address 203.197.202.209 no-xauth
crypto isakmp key XXXXXXXX address 203.197.228.50 no-xauth
!
crypto isakmp client configuration group 'groupname'
dns 192.168.5.212
wins 192.168.1.11
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set TMO esp-3des esp-md5-hmac
crypto ipsec transform-set india esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map TMO client authentication list userauthen
crypto map TMO isakmp authorization list groupauthor
crypto map TMO client configuration address respond
crypto map TMO 2 ipsec-isakmp
set peer 63.122.5.247
set transform-set TMO
match address 119
crypto map TMO 4 ipsec-isakmp
set peer 199.202.45.7
set transform-set myset
match address 120
crypto map TMO 5 ipsec-isakmp
set peer 203.190.129.62
set transform-set india
match address 124
crypto map TMO 6 ipsec-isakmp
set peer 203.197.228.50
set transform-set myset
match address 129
crypto map TMO 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface Ethernet0
ip address 216.59.197.26 255.255.255.0 secondary
ip address 216.59.197.27 255.255.255.0 secondary
ip address 216.59.197.28 255.255.255.0 secondary
ip address 216.59.197.29 255.255.255.0 secondary
ip address 216.59.197.30 255.255.255.0 secondary
ip address 216.59.197.31 255.255.255.0 secondary
ip address 216.59.197.25 255.255.255.0 secondary
ip address 216.59.195.68 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
crypto map TMO
!
interface FastEthernet0
ip address 192.168.5.155 255.255.255.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet0
peer default ip address pool default
ppp authentication ms-chap
!
ip local pool ippool 192.168.254.2 192.168.254.200
ip local pool default 192.168.5.158 192.168.5.180
ip nat pool ovrld 216.59.195.68 216.59.195.68 prefix-length 24
ip nat inside source route-map nonat interface Ethernet0 overload
ip nat inside source static tcp 192.168.5.212 22 216.59.195.68 22 extendable
ip nat inside source static tcp 192.168.5.209 9201 216.59.197.25 9201 extendable
ip nat inside source static tcp 192.168.5.209 9203 216.59.197.25 9203 extendable
ip nat inside source static tcp 192.168.5.209 9001 216.59.197.25 9001 extendable
ip nat inside source static tcp 192.168.5.209 9002 216.59.197.25 9002 extendable
ip nat inside source static tcp 192.168.5.209 8502 216.59.197.25 8502 extendable
ip nat inside source static tcp 192.168.5.209 8080 216.59.197.25 8080 extendable
ip nat inside source static tcp 192.168.5.209 80 216.59.197.25 80 extendable
ip nat inside source static udp 192.168.5.209 9201 216.59.197.25 9201 extendable
ip nat inside source static udp 192.168.5.209 9203 216.59.197.25 9203 extendable
ip nat inside source static udp 192.168.5.209 9001 216.59.197.25 9001 extendable
ip nat inside source static udp 192.168.5.209 9002 216.59.197.25 9002 extendable
ip nat inside source static udp 192.168.5.209 8502 216.59.197.25 8502 extendable
ip nat inside source static udp 192.168.1.166 5060 216.59.197.25 5060 extendable
ip nat inside source static udp 192.168.1.166 5090 216.59.197.25 5090 extendable
ip nat inside source static udp 192.168.5.118 162 216.59.197.25 162 extendable
ip nat inside source static tcp 192.168.1.250 23 216.59.197.25 23 extendable
ip nat inside source static udp 192.168.1.126 5001 216.59.195.68 5001 extendable
ip nat inside source static tcp 192.168.1.126 5001 216.59.195.68 5001 extendable
ip nat inside source static tcp 192.168.5.89 500 216.59.197.26 500 extendable
ip nat inside source static tcp 192.168.5.89 522 216.59.197.26 522 extendable
ip nat inside source static tcp 192.168.115.107 23 216.59.197.26 23 extendable
ip nat inside source static tcp 192.168.10.10 21 216.59.197.25 21 extendable
ip nat inside source static tcp 192.168.5.43 80 216.59.197.30 80 extendable
ip nat inside source static tcp 192.168.110.13 23 216.59.197.27 23 extendable
ip nat inside source static tcp 192.168.45.35 5001 216.59.197.25 5001 extendable
ip nat inside source static udp 192.168.45.35 5001 216.59.197.25 5001 extendable
ip nat inside source static udp 192.168.45.180 2944 216.59.197.25 2944 extendabl
e
ip nat inside source static udp 192.168.45.181 2944 216.59.197.26 2944 extendabl
e
ip nat inside source static tcp 192.168.5.219 443 216.59.197.25 443 extendable
ip nat inside source static tcp 192.168.55.18 8060 216.59.197.25 8060 extendable
ip nat inside source static udp 192.168.55.18 8060 216.59.197.25 8060 extendable
ip nat inside source static tcp 192.168.45.100 2017 216.59.197.25 2017 extendabl
e
ip nat inside source static tcp 192.168.10.6 8060 216.59.197.26 8060 extendable
ip nat inside source static udp 192.168.10.6 8060 216.59.197.26 8060 extendable
ip nat inside source static tcp 192.168.20.213 443 216.59.197.26 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 10.169.194.0 255.255.255.0 199.202.47.7
ip route 10.255.22.0 255.255.255.0 192.168.45.254
ip route 140.85.253.112 255.255.255.248 192.168.5.254
ip route 141.146.165.0 255.255.255.224 192.168.5.254
ip route 141.146.168.0 255.255.252.0 192.168.5.254
ip route 148.87.1.239 255.255.255.255 192.168.5.254
ip route 172.17.251.0 255.255.255.0 192.168.5.254
ip route 172.168.251.0 255.255.255.0 192.168.5.254
ip route 192.168.1.0 255.255.255.0 192.168.5.254
ip route 192.168.3.0 255.255.255.0 192.168.5.254
ip route 192.168.10.0 255.255.255.0 192.168.5.254
ip route 192.168.15.0 255.255.255.0 192.168.5.254
ip route 192.168.20.0 255.255.255.0 192.168.5.254
ip route 192.168.25.0 255.255.255.0 192.168.5.254
ip route 192.168.45.0 255.255.255.0 192.168.5.254
ip route 192.168.55.0 255.255.255.0 192.168.5.254
ip route 192.168.65.0 255.255.255.0 192.168.5.254
ip route 192.168.70.0 255.255.255.0 192.168.5.254
ip route 192.168.80.0 255.255.255.0 192.168.5.254
ip route 192.168.90.0 255.255.255.0 192.168.5.254
ip route 192.168.110.0 255.255.255.0 192.168.5.254
ip route 192.168.111.0 255.255.255.0 192.168.5.254
ip route 192.168.115.0 255.255.255.0 192.168.5.254
ip route 192.168.251.0 255.255.255.0 192.168.5.254
ip route 192.168.253.0 255.255.255.0 192.168.5.254
no ip http server
no ip http secure-server
!
!
!
ip access-list extended UNKNOWN
ip access-list extended protocol
logging trap errors
logging 192.168.1.11
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 110 deny ip 10.100.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.5.0 0.0.0.255 any
access-list 110 permit ip 192.168.20.0 0.0.0.255 any
access-list 110 permit ip 192.168.25.0 0.0.0.255 any
access-list 110 permit ip 192.168.253.0 0.0.0.255 any
access-list 110 permit ip 192.168.251.0 0.0.0.255 any
access-list 110 permit ip 192.168.45.0 0.0.0.255 any
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 110 permit ip 192.168.70.0 0.0.0.255 any
access-list 110 permit ip 192.168.55.0 0.0.0.255 any
access-list 110 permit ip 192.168.65.0 0.0.0.255 any
access-list 110 permit ip 192.168.35.0 0.0.0.255 any
access-list 110 permit ip 10.255.22.0 0.0.0.255 any
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
access-list 110 permit ip 172.22.0.0 0.0.255.255 any
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 118 permit ip 192.168.1.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.5.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.110.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.115.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.70.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.90.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.20.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.111.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 119 permit ip 192.168.253.0 0.0.0.255 216.155.174.112 0.0.0.7
access-list 120 permit ip 172.17.251.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 120 permit ip 192.168.10.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 123 permit ip 192.168.5.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.20.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.115.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.90.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.80.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.70.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.45.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 124 permit ip 192.168.1.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.5.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.110.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.115.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.70.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.90.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.20.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.111.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 126 permit ip 172.17.251.0 0.0.0.255 199.202.47.0 0.0.0.255
access-list 126 permit ip 10.169.194.0 0.0.0.255 199.202.47.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.160.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.150.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.155.0 0.0.0.255
!
route-map cisco permit 10
match ip address 123
!
route-map nonat permit 10
match ip address 122 110
!
snmp-server community public RO
snmp-server enable traps tty
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
!
end
India:
Current configuration : 3606 bytes
!
! Last configuration change at 17:32:55 Asia/Ca Fri Apr 9 2004 by remoteadmin
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Spatial-India
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
clock timezone Asia/Calcutta 5 30
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 192.168.150.1 192.168.150.159
ip dhcp excluded-address 192.168.150.201 192.168.150.254
!
ip dhcp pool sdm-pool1
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
dns-server 202.54.15.30 203.197.12.42
!
!
ip tcp mss 1436
ip domain name spatialwireless.com
ip name-server 202.54.15.30
ip name-server 203.197.12.42
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
no scripting tcl init
no scripting tcl encdir
!
!
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 5
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 7
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXX address 216.59.195.68 no-xauth
!
!
crypto ipsec transform-set india esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map TMO 6 ipsec-isakmp
set peer 216.59.195.68
set transform-set myset
match address 129
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.150.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
speed auto
no cdp enable
!
interface Serial0
description $FW_OUTSIDE$
ip address 203.197.228.50 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
no cdp enable
crypto map TMO
!
interface Serial1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no cdp enable
!
ip nat inside source list 110 interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.150.0 255.255.255.0 FastEthernet0
ip route 192.168.160.0 255.255.255.0 FastEthernet0
ip http server
ip http authentication local
ip http secure-server
!
!
!
logging trap debugging
access-list 110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 129 permit ip 192.168.160.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.150.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 129 permit ip 192.168.155.0 0.0.0.255 192.168.0.0 0.0.255.255
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
US:
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Spatial
!
boot system flash c1700-k9o3sy7-mz.123-1a.bin
logging buffered 4096 debugging
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip tcp mss 1436
ip domain name spatialwireless.com
ip name-server 209.51.6.10
ip name-server 208.217.211.10
!
ip cef
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group spatial
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
async-bootp gateway 192.168.5.254
async-bootp dns-server 192.168.5.212
async-bootp nbns-server 192.168.1.11
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 4
encr 3des
authentication pre-share
group 2
lifetime 24000
!
crypto isakmp policy 5
authentication pre-share
group 2
!
crypto isakmp policy 6
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 7
encr 3des
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXXXX address 63.122.5.247
crypto isakmp key XXXXXXXXXX address 199.202.45.7 no-xauth
crypto isakmp key XXXXXXXXX address 203.190.129.62 no-xauth
crypto isakmp key XXXXXXXXXXX address 12.237.85.137 no-xauth
crypto isakmp key XXXXXXXX address 199.202.47.7 no-xauth
crypto isakmp key XXXXXXXXXX address 203.197.202.209 no-xauth
crypto isakmp key XXXXXXXX address 203.197.228.50 no-xauth
!
crypto isakmp client configuration group 'groupname'
dns 192.168.5.212
wins 192.168.1.11
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set TMO esp-3des esp-md5-hmac
crypto ipsec transform-set india esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map TMO client authentication list userauthen
crypto map TMO isakmp authorization list groupauthor
crypto map TMO client configuration address respond
crypto map TMO 2 ipsec-isakmp
set peer 63.122.5.247
set transform-set TMO
match address 119
crypto map TMO 4 ipsec-isakmp
set peer 199.202.45.7
set transform-set myset
match address 120
crypto map TMO 5 ipsec-isakmp
set peer 203.190.129.62
set transform-set india
match address 124
crypto map TMO 6 ipsec-isakmp
set peer 203.197.228.50
set transform-set myset
match address 129
crypto map TMO 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.252
!
interface Ethernet0
ip address 216.59.197.26 255.255.255.0 secondary
ip address 216.59.197.27 255.255.255.0 secondary
ip address 216.59.197.28 255.255.255.0 secondary
ip address 216.59.197.29 255.255.255.0 secondary
ip address 216.59.197.30 255.255.255.0 secondary
ip address 216.59.197.31 255.255.255.0 secondary
ip address 216.59.197.25 255.255.255.0 secondary
ip address 216.59.195.68 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
crypto map TMO
!
interface FastEthernet0
ip address 192.168.5.155 255.255.255.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
no cdp enable
!
interface Virtual-Template1
ip unnumbered Ethernet0
peer default ip address pool default
ppp authentication ms-chap
!
ip local pool ippool 192.168.254.2 192.168.254.200
ip local pool default 192.168.5.158 192.168.5.180
ip nat pool ovrld 216.59.195.68 216.59.195.68 prefix-length 24
ip nat inside source route-map nonat interface Ethernet0 overload
ip nat inside source static tcp 192.168.5.212 22 216.59.195.68 22 extendable
ip nat inside source static tcp 192.168.5.209 9201 216.59.197.25 9201 extendable
ip nat inside source static tcp 192.168.5.209 9203 216.59.197.25 9203 extendable
ip nat inside source static tcp 192.168.5.209 9001 216.59.197.25 9001 extendable
ip nat inside source static tcp 192.168.5.209 9002 216.59.197.25 9002 extendable
ip nat inside source static tcp 192.168.5.209 8502 216.59.197.25 8502 extendable
ip nat inside source static tcp 192.168.5.209 8080 216.59.197.25 8080 extendable
ip nat inside source static tcp 192.168.5.209 80 216.59.197.25 80 extendable
ip nat inside source static udp 192.168.5.209 9201 216.59.197.25 9201 extendable
ip nat inside source static udp 192.168.5.209 9203 216.59.197.25 9203 extendable
ip nat inside source static udp 192.168.5.209 9001 216.59.197.25 9001 extendable
ip nat inside source static udp 192.168.5.209 9002 216.59.197.25 9002 extendable
ip nat inside source static udp 192.168.5.209 8502 216.59.197.25 8502 extendable
ip nat inside source static udp 192.168.1.166 5060 216.59.197.25 5060 extendable
ip nat inside source static udp 192.168.1.166 5090 216.59.197.25 5090 extendable
ip nat inside source static udp 192.168.5.118 162 216.59.197.25 162 extendable
ip nat inside source static tcp 192.168.1.250 23 216.59.197.25 23 extendable
ip nat inside source static udp 192.168.1.126 5001 216.59.195.68 5001 extendable
ip nat inside source static tcp 192.168.1.126 5001 216.59.195.68 5001 extendable
ip nat inside source static tcp 192.168.5.89 500 216.59.197.26 500 extendable
ip nat inside source static tcp 192.168.5.89 522 216.59.197.26 522 extendable
ip nat inside source static tcp 192.168.115.107 23 216.59.197.26 23 extendable
ip nat inside source static tcp 192.168.10.10 21 216.59.197.25 21 extendable
ip nat inside source static tcp 192.168.5.43 80 216.59.197.30 80 extendable
ip nat inside source static tcp 192.168.110.13 23 216.59.197.27 23 extendable
ip nat inside source static tcp 192.168.45.35 5001 216.59.197.25 5001 extendable
ip nat inside source static udp 192.168.45.35 5001 216.59.197.25 5001 extendable
ip nat inside source static udp 192.168.45.180 2944 216.59.197.25 2944 extendabl
e
ip nat inside source static udp 192.168.45.181 2944 216.59.197.26 2944 extendabl
e
ip nat inside source static tcp 192.168.5.219 443 216.59.197.25 443 extendable
ip nat inside source static tcp 192.168.55.18 8060 216.59.197.25 8060 extendable
ip nat inside source static udp 192.168.55.18 8060 216.59.197.25 8060 extendable
ip nat inside source static tcp 192.168.45.100 2017 216.59.197.25 2017 extendabl
e
ip nat inside source static tcp 192.168.10.6 8060 216.59.197.26 8060 extendable
ip nat inside source static udp 192.168.10.6 8060 216.59.197.26 8060 extendable
ip nat inside source static tcp 192.168.20.213 443 216.59.197.26 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 10.169.194.0 255.255.255.0 199.202.47.7
ip route 10.255.22.0 255.255.255.0 192.168.45.254
ip route 140.85.253.112 255.255.255.248 192.168.5.254
ip route 141.146.165.0 255.255.255.224 192.168.5.254
ip route 141.146.168.0 255.255.252.0 192.168.5.254
ip route 148.87.1.239 255.255.255.255 192.168.5.254
ip route 172.17.251.0 255.255.255.0 192.168.5.254
ip route 172.168.251.0 255.255.255.0 192.168.5.254
ip route 192.168.1.0 255.255.255.0 192.168.5.254
ip route 192.168.3.0 255.255.255.0 192.168.5.254
ip route 192.168.10.0 255.255.255.0 192.168.5.254
ip route 192.168.15.0 255.255.255.0 192.168.5.254
ip route 192.168.20.0 255.255.255.0 192.168.5.254
ip route 192.168.25.0 255.255.255.0 192.168.5.254
ip route 192.168.45.0 255.255.255.0 192.168.5.254
ip route 192.168.55.0 255.255.255.0 192.168.5.254
ip route 192.168.65.0 255.255.255.0 192.168.5.254
ip route 192.168.70.0 255.255.255.0 192.168.5.254
ip route 192.168.80.0 255.255.255.0 192.168.5.254
ip route 192.168.90.0 255.255.255.0 192.168.5.254
ip route 192.168.110.0 255.255.255.0 192.168.5.254
ip route 192.168.111.0 255.255.255.0 192.168.5.254
ip route 192.168.115.0 255.255.255.0 192.168.5.254
ip route 192.168.251.0 255.255.255.0 192.168.5.254
ip route 192.168.253.0 255.255.255.0 192.168.5.254
no ip http server
no ip http secure-server
!
!
!
ip access-list extended UNKNOWN
ip access-list extended protocol
logging trap errors
logging 192.168.1.11
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.5.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.20.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.25.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.254.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.253.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.251.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.45.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.90.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.115.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 110 deny ip 10.100.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.168.5.0 0.0.0.255 any
access-list 110 permit ip 192.168.20.0 0.0.0.255 any
access-list 110 permit ip 192.168.25.0 0.0.0.255 any
access-list 110 permit ip 192.168.253.0 0.0.0.255 any
access-list 110 permit ip 192.168.251.0 0.0.0.255 any
access-list 110 permit ip 192.168.45.0 0.0.0.255 any
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
access-list 110 permit ip 192.168.70.0 0.0.0.255 any
access-list 110 permit ip 192.168.55.0 0.0.0.255 any
access-list 110 permit ip 192.168.65.0 0.0.0.255 any
access-list 110 permit ip 192.168.35.0 0.0.0.255 any
access-list 110 permit ip 10.255.22.0 0.0.0.255 any
access-list 110 permit ip 192.168.3.0 0.0.0.255 any
access-list 110 permit ip 172.22.0.0 0.0.255.255 any
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.160.0 0.0.0.255
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.150.0 0.0.0.255
access-list 110 deny ip 192.168.55.0 0.0.0.255 192.168.155.0 0.0.0.255
access-list 118 permit ip 192.168.1.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.5.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.110.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.115.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.70.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.90.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.20.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 118 permit ip 192.168.111.0 0.0.0.255 10.101.1.0 0.0.0.255
access-list 119 permit ip 192.168.253.0 0.0.0.255 216.155.174.112 0.0.0.7
access-list 120 permit ip 172.17.251.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 120 permit ip 192.168.10.0 0.0.0.255 199.202.45.0 0.0.0.255
access-list 123 permit ip 192.168.5.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.20.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.115.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.90.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.80.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.70.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit ip 192.168.45.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 124 permit ip 192.168.1.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.5.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.110.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.115.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.70.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.90.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.20.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 124 permit ip 192.168.111.0 0.0.0.255 160.110.224.0 0.0.0.255
access-list 126 permit ip 172.17.251.0 0.0.0.255 199.202.47.0 0.0.0.255
access-list 126 permit ip 10.169.194.0 0.0.0.255 199.202.47.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.160.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.150.0 0.0.0.255
access-list 129 permit ip 192.168.0.0 0.0.255.255 192.168.155.0 0.0.0.255
!
route-map cisco permit 10
match ip address 123
!
route-map nonat permit 10
match ip address 122 110
!
snmp-server community public RO
snmp-server enable traps tty
radius-server authorization permit missing Service-Type
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
!
end
- Thread starter
- #4
- Status
Similar threads
- Locked
- Question