August 30, 2008 04:21am pdt

	[x] Attachment Details

Cisco 877 VPN Tunnel point-to-point

Zones: Virtual Private Networking (VPN), Network Routers, IPSec Security Protocol

Tags: Cisco, 877, c870-advipservicesk9-mz.124-4.T2.bin", Cisco, ADSL Router, 877

Hi,

I have two Cisco 877's with a point-to-point VPN tunnel. Everything was working fine and it just dropped out all of a sudden. The two configrations are attached. Can anyone please help as to why? It looks like the tunnel is up, I'm wondering if its to do with the fact that RIPv2 is being used on one end and EIGRP on the other, however the static routes should be overriding that part of the routing.

Thanks heaps guys!!!

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:
510:
511:
512:
513:
514:
515:
516:
517:
518:
519:
520:

           
           
             ###ROUTER1###
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname TEST
!
boot-start-marker
boot-end-marker
!
logging buffered 10240 debugging
logging console critical
enable secret 0 PASSWORD
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist group radius
aaa authentication ppp default local
aaa authorization network grouplist local
!
aaa session-id common
!
resource policy
!
clock timezone QST 10
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
 
ip domain name TEST.local
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall skinny
!
!
!
file verify auto
username admin privilege 15 secret 0 PASSWORD
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key PASSWORD address "ROUTER2 WAN IP" no-xauth
!
crypto isakmp client configuration group GROUP
 key PASSWORD
 domain TEST.local
 pool vpnclients
 acl 106
!
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
!
crypto dynamic-map vpnusers 1
 description Client to Site VPN Users
 set transform-set tr-aes-sha
!
!
crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 110 ipsec-isakmp
 set peer "other 877 WAN Address"
 set transform-set tr-aes-sha tr-3des-sha tr-3des-md5 tr-des-sha
 match address 110
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.70.100.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 ip nat outside
 ip inspect firewall out
 ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname HOSTNAME
 ppp chap password 0 PASSWORD
 ppp ipcp dns request
 ppp ipcp route default
 crypto map cm-cryptomap
!
interface Dialer1
 no ip address
!
router rip
 version 2
 redistribute static metric 4
 redistribute eigrp 10600 metric 1
 passive-interface default
 no passive-interface Vlan1
 no passive-interface Dialer0
 network 10.0.0.0
 default-information originate
!
ip local pool vpnclients 10.70.101.1 10.70.101.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.71.0.0 255.255.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 105 interface Dialer0 overload
ip nat inside source static tcp 10.70.20.10 110 interface Dialer0 110
ip nat inside source static tcp 10.70.20.10 443 interface Dialer0 443
ip nat inside source static tcp 10.70.20.30 25 interface Dialer0 25
ip nat inside source static tcp 10.70.20.30 84 interface Dialer0 84
ip nat inside source static tcp 10.70.20.10 25 interface Dialer0 24
!
access-list 1 remark The local LAN.
access-list 1 permit 10.70.0.0 0.0.255.255
access-list 2 remark Where management can be done from.
access-list 2 permit 10.70.0.0 0.0.255.255
access-list 2 permit "MY COMPANIS WAN IP"
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny   10.71.100.0 0.0.0.255
access-list 3 deny   10.70.101.0 0.0.0.255
access-list 3 permit any
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 10.71.0.0 0.0.255.255 10.70.0.0 0.0.255.255
access-list 101 permit ip 10.70.101.0 0.0.0.255 10.70.0.0 0.0.255.255
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.0.2.0 0.0.0.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 198.18.0.0 0.1.255.255 any
access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
access-list 101 deny   ip any host 255.255.255.255
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit tcp any host "WAN IP ADDRESS" eq 443
access-list 101 permit tcp any host "WAN IP ADDRESS" eq pop3
access-list 101 permit tcp any host "WAN IP ADDRESS" eq smtp
access-list 101 permit tcp any host "WAN IP ADDRESS" eq 24
access-list 101 permit tcp any host "WAN IP ADDRESS" eq 84
access-list 101 permit tcp "MY COMPANIS WAN IP" host "WAN IP ADDRESS" eq 22
access-list 101 deny   icmp any any echo
access-list 101 deny   ip any any log
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 10.70.100.1
access-list 102 deny   ip any host 10.70.100.255
access-list 102 deny   udp any any eq tftp log
access-list 102 permit ip 10.70.0.0 0.0.255.255 10.71.0.0 0.0.255.255
access-list 102 permit ip 10.70.0.0 0.0.255.255 10.70.101.0 0.0.0.255
access-list 102 deny   ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny   ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny   ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny   ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny   ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny   udp any any eq 135 log
access-list 102 deny   tcp any any eq 135 log
access-list 102 deny   udp any any eq netbios-ns log
access-list 102 deny   udp any any eq netbios-dgm log
access-list 102 deny   tcp any any eq 445 log
access-list 102 permit ip 10.70.0.0 0.0.255.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny   ip any any log
access-list 105 remark Traffic to NAT
access-list 105 deny   ip 10.70.0.0 0.0.255.255 10.70.101.0 0.0.0.255
access-list 105 deny   ip 10.70.0.0 0.0.255.255 10.71.0.0 0.0.255.255
access-list 105 permit ip 10.70.0.0 0.0.255.255 any
access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 10.70.0.0 0.0.255.255 any
access-list 110 remark Site to Site VPN
access-list 110 permit ip 10.70.0.0 0.0.255.255 10.71.0.0 0.0.255.255
access-list 110 deny   ip 10.70.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
!
radius-server host 10.70.20.10 auth-port 1645 acct-port 1646 key 0 PASSWORD
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 2 in
!
scheduler max-task-time 5000
end
 
 
###ROUTER2###
 
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname NAME
!
boot-start-marker
boot-end-marker
!
logging buffered 10240 debugging
logging console critical
enable secret 0 PASSWORD
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network grouplist local
!
 
aaa session-id common
!
resource policy
!
clock timezone QST 10
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
ip domain name TEST.local
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall skinny
!
!
!
file verify auto
username admin privilege 15 secret 0 PASSWORD
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key PASSWORD address "ROUTER1 WAN IP" no-xauth
!
crypto isakmp client configuration group GROUP
 key PASSWORD
 domain TEST.local
 pool vpnclients
 acl 106
!
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
!
crypto dynamic-map vpnusers 1
 description Client to Site VPN Users
 set transform-set tr-aes-sha
!
!
crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 110 ipsec-isakmp
 set peer "ROUTER1 WAN IP"
 set transform-set tr-aes-sha tr-3des-sha tr-3des-md5 tr-des-sha
 match address 110
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.71.100.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
!
interface Dialer0
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 ip nat outside
 ip inspect firewall out
 ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname HOSTNAME
 ppp chap password 0 PASSWORD
 ppp ipcp dns request
 ppp ipcp route default
 crypto map cm-cryptomap
!
router eigrp 10600
 redistribute static metric 1000 20 255 100 1500
 redistribute rip metric 10000000 20000 255 1 1500
 network 10.60.0.0 0.0.0.255
 network 10.0.0.0
 no auto-summary
!
ip local pool vpnclients 10.71.101.1 10.71.101.254
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.70.0.0 255.255.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 105 interface Dialer0 overload
!
access-list 1 remark The local LAN.
access-list 1 permit 10.71.0.0 0.0.255.255
access-list 2 remark Where management can be done from.
access-list 2 permit 10.70.0.0 0.0.255.255
access-list 2 permit 10.71.0.0 0.0.255.255
access-list 2 permit "MY COMPANIS WAN IP"
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny   10.71.100.0 0.0.0.255
access-list 3 deny   10.70.101.0 0.0.0.255
access-list 3 permit any
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 10.70.0.0 0.0.255.255 10.71.0.0 0.0.255.255
access-list 101 permit ip 10.71.101.0 0.0.0.255 10.71.0.0 0.0.255.255
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.0.2.0 0.0.0.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 198.18.0.0 0.1.255.255 any
access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
access-list 101 deny   ip any host 255.255.255.255
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit tcp "MY COMPANIS WAN IP" host "WAN IP" eq 22
access-list 101 permit tcp host "ROUTER1 WAN IP" host "WAN IP" eq 22
access-list 101 deny   icmp any any echo
access-list 101 deny   ip any any log
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 10.71.100.1
access-list 102 deny   ip any host 10.71.100.255
access-list 102 deny   udp any any eq tftp log
access-list 102 permit ip 10.71.0.0 0.0.255.255 10.70.0.0 0.0.255.255
access-list 102 permit ip 10.71.0.0 0.0.255.255 10.71.101.0 0.0.0.255
access-list 102 deny   ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny   ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny   ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny   ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny   ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny   ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny   udp any any eq 135 log
access-list 102 deny   tcp any any eq 135 log
access-list 102 deny   udp any any eq netbios-ns log
access-list 102 deny   udp any any eq netbios-dgm log
access-list 102 deny   tcp any any eq 445 log
access-list 102 permit ip 10.71.0.0 0.0.255.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny   ip any any log
access-list 105 remark Traffic to NAT
access-list 105 deny   ip 10.71.0.0 0.0.255.255 10.71.101.0 0.0.0.255
access-list 105 deny   ip 10.71.0.0 0.0.255.255 10.70.0.0 0.0.255.255
access-list 105 permit ip 10.71.0.0 0.0.255.255 any
access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 10.71.0.0 0.0.255.255 any
access-list 110 remark Site to Site VPN
access-list 110 permit ip 10.71.0.0 0.0.255.255 10.70.0.0 0.0.255.255
access-list 110 deny   ip 10.71.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 2 in
!
scheduler max-task-time 5000
end

           
         

Start your free trial to view this solution

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.8

Question Stats

Zone: Software

Question Asked By: ben_sharp1987

Solution Provided By: lrmoore

Participating Experts: 1

Solution Grade: A

Translate:

Loading Advertisement...

20080723-EE-VQP-34 - Hierarchy / EE_QW_2_20070628

Member Login

Hall of Fame

Yearly

1RobWill 348,183
2batry_boy 236,734
3lrmoore 165,453
4arnold 118,053
5dpk_wal 72,695
6mwecom... 67,324
7ebjers 44,300
8MrHusy 43,020
9mkielar 42,800
10Qlemo 39,883
11Voltz-dk 35,470
12Cyclops3... 34,840
13TechSoEasy 33,389
14tigermatt 31,325
15keith_ala... 27,046
16trinak96 26,315
17JFrederic... 21,480
18from_exp 21,275
19stuknhaw... 20,075
20rsivanandan 19,950
21rowansmith 19,875
22PeteLong 19,175
23johnb6767 19,122
242PiFL 18,725
25RPPreacher 17,950