[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 753
  • Last Modified:

Cisco router probems using multiple adsl wics for multiple vpn connections

I have a Cisco 2801 router with 3 ADSL WIC cards. Until recently it had only 1 ADSL connection with various IPSEC tunnels configured to use this single ADSL connection.  All was working fine.  
I have now added 2 more ADSL wic cards and changed the configuration so that some tunnels are using each adsl connection.  Since doing this only the tunnels on dialer0 still work.  The tunnels on the new adsl connections establish OK but I cannot get any traffic to route through the tunnels.
By way of explanation of the configuration below some tunnels use IPSEC over GRE (cisco router at both ends) and some use straight IPSEC (non cisco router at remote end).
15 tunnels use dialer0 - these all work
3 tunnels use dialer1 - IPSEC over GRE - tunnels come up OK but no traffic routes over the tunnel
1 tunnel uses dialer3 - IPSEC - tunnel comes up OK but no traffic routes over the tunnel

Any help would be appreciated.

Router configuration as follows:

Building configuration...

Current configuration : 18198 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 52000 debugging
logging console critical
enable secret 5 $1$yUEt$4hP1cnwFDwLXlYad/zfPx.
!
username root privilege 15 secret 5 $1$oxKG$Es1LbEDTKzNmEr9Z1RN1N/
clock timezone PCTime 10
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
ip tcp path-mtu-discovery
!
!
no ip bootp server
no ip domain lookup
ip domain name xxx.xxx.xxx.xxx
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name INTERNET-OUT rpc program-number 1 timeout 15
ip inspect name INTERNET-OUT icmp timeout 30
ip inspect name INTERNET-OUT udp alert on
ip inspect name INTERNET-OUT tcp alert on
ip inspect name INTERNET-OUT ftp timeout 1800
ip inspect name INTERNET-OUT http alert on timeout 90
ip ips po max-events 100
no ftp-server write-enable
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.250
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.251
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.200
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.174 no-xauth
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.186 no-xauth
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.35
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.190
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.84
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.204
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.83
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.86
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.185 no-xauth
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.88
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.187 no-xauth
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.182 no-xauth
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.243 255.255.255.0
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.199 255.255.255.0
crypto isakmp key xxxxxxxxxxxxxx address 222.22.22.85 255.255.255.0
!
!
crypto ipsec transform-set lan-lan-tunnel esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 4 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.185
 set transform-set lan-lan-tunnel
 match address 103
crypto map SDM_CMAP_1 5 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.84
 set transform-set lan-lan-tunnel
 match address 104
crypto map SDM_CMAP_1 6 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.177
 set transform-set lan-lan-tunnel
 match address 105
crypto map SDM_CMAP_1 7 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.171
 set transform-set lan-lan-tunnel
 match address 106
crypto map SDM_CMAP_1 8 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.169
 set transform-set lan-lan-tunnel
 match address 107
crypto map SDM_CMAP_1 9 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.192
 set transform-set lan-lan-tunnel
 match address 108
crypto map SDM_CMAP_1 12 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.85
 set transform-set lan-lan-tunnel
 match address 111
crypto map SDM_CMAP_1 14 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.243
 set transform-set lan-lan-tunnel
 match address 110
crypto map SDM_CMAP_1 15 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.199
 set transform-set lan-lan-tunnel
 match address 113
crypto map SDM_CMAP_1 16 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.200
 set transform-set lan-lan-tunnel
 match address 109
crypto map SDM_CMAP_1 17 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.83
 set transform-set lan-lan-tunnel
 match address 116
crypto map SDM_CMAP_1 18 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.190
 set transform-set lan-lan-tunnel
 match address 117
crypto map SDM_CMAP_1 19 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.86
 set transform-set lan-lan-tunnel
 match address 101
crypto map SDM_CMAP_1 20 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.204
 set transform-set lan-lan-tunnel
 match address 118
crypto map SDM_CMAP_1 21 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.88
 set transform-set lan-lan-tunnel
 match address 115
!
crypto map SDM_CMAP_2 1 ipsec-isakmp
 description GRE Tunnel to xxx
 set peer 222.22.22.187
 set transform-set lan-lan-tunnel
 match address 102
crypto map SDM_CMAP_2 2 ipsec-isakmp
 description GRE Tunnel to xxx
 set peer 222.22.22.182
 set transform-set lan-lan-tunnel
 match address 100
crypto map SDM_CMAP_2 3 ipsec-isakmp
 description GRE Tunnel to xxx
 set peer 222.22.22.186
 set transform-set lan-lan-tunnel
 match address 114
!
crypto map SDM_CMAP_3 1 ipsec-isakmp
 description Tunnel to xxx
 set peer 222.22.22.174
 set transform-set lan-lan-tunnel
 match address 112
!
!
!
!
interface Tunnel0
 ip address 10.10.2.1 255.255.255.252
 keepalive 3 3
 tunnel source Loopback0
 tunnel destination 10.10.1.2
!
interface Tunnel1
 ip address 10.10.2.5 255.255.255.252
 keepalive 3 3
 tunnel source Loopback1
 tunnel destination 10.10.1.6
!
interface Tunnel2
 ip address 10.10.2.9 255.255.255.252
 keepalive 3 3
 tunnel source Loopback2
 tunnel destination 10.10.1.4
!
interface Tunnel3
 ip address 10.10.2.13 255.255.255.252
 ip mtu 1476
 tunnel source 10.10.1.9
 tunnel destination 10.10.1.10
!
interface Loopback0
 ip address 10.10.1.1 255.255.255.255
!
interface Loopback1
 ip address 10.10.1.5 255.255.255.255
!
interface Loopback2
 ip address 10.10.1.3 255.255.255.255
!
interface Loopback3
 ip address 10.10.1.9 255.255.255.255
!
interface FastEthernet0/0
 description LAN Port$ETH-LAN$
 ip address 192.168.10.249 255.255.255.0
 ip access-group Ethernet-In in
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description LAN Port$ETH-WAN$
 no ip address
 ip access-group Ethernet-In in
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 3
 no cdp enable
!
interface ATM0/1/0
 no ip address
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
 hold-queue 224 in
!
interface ATM0/1/0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface ATM0/2/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/2/0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 2
 !
!
interface ATM0/3/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0/3/0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 4
 !
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group Internet-In in
 ip mtu 1492
 ip nat outside
 ip inspect INTERNET-OUT out
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxx@vadsl.net
 ppp chap password 7 075E761F19504A
 crypto map SDM_CMAP_1
!
interface Dialer1
 ip address negotiated
 ip access-group Internet-In-Dialer1 in
 ip mtu 1492
 ip nat outside
 ip inspect INTERNET-OUT out
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxx@isp.net.au
 ppp chap password 7 115C405246435F5550
 crypto map SDM_CMAP_2
!

interface Dialer3
 ip address negotiated
 ip access-group Internet-In-Dialer1 in
 ip mtu 1492
 ip nat outside
 ip inspect INTERNET-OUT out
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 4
 dialer-group 4
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxx@auswide.l3i.com.au
 ppp chap password 7 03520958575A751A17
 crypto map SDM_CMAP_3
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.9.0 255.255.255.0 192.168.10.252
ip route 192.168.15.0 255.255.255.0 Tunnel0
ip route 192.168.30.0 255.255.255.0 Tunnel1 permanent
ip route 192.168.40.0 255.255.255.0 Tunnel3
ip route 222.22.22.174 255.255.255.255 Dialer3 2
ip route 222.22.22.182 255.255.255.255 Dialer1 2
ip route 222.22.22.186 255.255.255.255 Dialer1 2
ip route 222.22.22.187 255.255.255.255 Dialer1 2
!
ip http server
ip http secure-server
ip http secure-port 8083
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source static tcp 192.168.10.10 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.10.19 443 interface Dialer0 443
ip nat inside source static tcp 192.168.10.4 80 interface Dialer0 80
ip nat inside source static tcp 192.168.10.4 25 interface Dialer0 25
ip nat inside source static tcp 192.168.10.4 110 interface Dialer0 110
ip nat inside source static tcp 192.168.10.4 143 interface Dialer0 143
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip access-list extended Ethernet-In
 remark Firewall Rules LAN to Router
 remark SDM_ACL Category=17
 deny   ip host 255.255.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 permit ip any any
ip access-list extended Internet-In
 remark vpn enable
 remark SDM_ACL Category=17
 remark IPSec Rule
 permit ip 10.10.1.0 0.0.0.255 10.10.1.0 0.0.0.255
 remark IPSec Rule
 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 permit udp 222.22.22.0 0.0.0.255 any eq non500-isakmp
 permit udp 222.22.22.0 0.0.0.255 any eq isakmp
 permit esp 222.22.22.0 0.0.0.255 any
 permit ahp 222.22.22.0 0.0.0.255 any
 deny   ip 192.168.10.0 0.0.0.255 any
 deny   ip 192.168.9.0 0.0.0.255 any
 permit icmp any any
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 remark WWW
 permit tcp any any eq www
 remark RDP traffic
 permit tcp any any eq 3389
 remark POP
 permit tcp any any eq pop3
 remark IMAP traffic
 permit tcp any any eq 143
 remark HTTPS traffic
 permit tcp any any eq 443
 remark SMTP
 permit tcp any any eq smtp
 deny   ip any any log
ip access-list extended Internet-In-Dialer1
 remark vpn enable
 remark SDM_ACL Category=17
 remark IPSec Rule
 permit ip 10.10.1.0 0.0.0.255 10.10.1.0 0.0.0.255
 remark IPSec Rule
 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 permit udp 222.22.22.0 0.0.0.255 any eq non500-isakmp
 permit udp 222.22.22.0 0.0.0.255 any eq isakmp
 permit esp 222.22.22.0 0.0.0.255 any
 permit ahp 222.22.22.0 0.0.0.255 any
 deny   ip 192.168.10.0 0.0.0.255 any
 deny   ip 192.168.9.0 0.0.0.255 any
 permit icmp any any
 permit icmp any any time-exceeded
 permit icmp any any unreachable
 deny   ip 10.0.0.0 0.255.255.255 any
 deny   ip 172.16.0.0 0.15.255.255 any
 deny   ip 192.168.0.0 0.0.255.255 any
 deny   ip 127.0.0.0 0.255.255.255 any
 deny   ip host 255.255.255.255 any
 deny   ip host 0.0.0.0 any
 deny   ip any any log
ip access-list extended NAT
 remark SDM_ACL Category=18
 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 deny   ip 10.10.1.0 0.0.0.255 10.10.1.0 0.0.0.255
 permit ip 192.168.0.0 0.0.255.255 any
!
access-list 100 remark xxx GRE
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip host 10.10.1.1 host 10.10.1.2
access-list 101 remark IPSEC tunnel to xxx
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.32.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.9.0 0.0.0.255 192.168.32.0 0.0.0.255
access-list 102 remark xxx GRE
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip host 10.10.1.5 host 10.10.1.6
access-list 103 remark IPSEC tunnel to xxx
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.9.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 remark IPSEC tunnel to xxx
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.10.0 0.0.0.255 192.168.35.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.9.0 0.0.0.255 192.168.35.0 0.0.0.255
access-list 105 remark IPSEC tunnel to xxx
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.10.0 0.0.0.255 192.168.51.0 0.0.0.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.9.0 0.0.0.255 192.168.51.0 0.0.0.255
access-list 106 remark IPSEC tunnel to xxx
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 107 remark IPSEC tunnel to xxx
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.9.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 108 remark IPSEC tunnel to xxx
access-list 108 remark SDM_ACL Category=4
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.10.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.9.0 0.0.0.255 192.168.39.0 0.0.0.255
access-list 109 remark IPSEC tunnel to xxx
access-list 109 remark SDM_ACL Category=4
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.14.0 0.0.0.255
access-list 110 remark IPSEC tunnel to xxx
access-list 110 remark SDM_ACL Category=4
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.9.0 0.0.0.255 192.168.17.0 0.0.0.255
access-list 111 remark IPSEC tunnel to xxx
access-list 111 remark SDM_ACL Category=4
access-list 111 remark IPSec Rule
access-list 111 permit ip 192.168.10.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 111 remark IPSec Rule
access-list 111 permit ip 192.168.9.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 112 remark IPSEC tunnel to xxx
access-list 112 remark SDM_ACL Category=4
access-list 112 remark IPSEC rule
access-list 112 permit ip 192.168.9.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 112 remark IPSEC rule
access-list 112 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 113 remark IPSEC tunnel to xxx
access-list 113 remark SDM_ACL Category=4
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.0.255 192.168.33.0 0.0.0.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.9.0 0.0.0.255 192.168.33.0 0.0.0.255
access-list 114 remark xxx GRE
access-list 114 remark SDM_ACL Category=4
access-list 114 remark IPSEC Rule
access-list 114 permit ip host 10.10.1.9 host 10.10.1.10
access-list 115 remark IPSEC tunnel to xxx
access-list 115 remark SDM_ACL Category=4
access-list 115 remark IPSec Rule
access-list 115 permit ip 192.168.10.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 115 remark IPSec Rule
access-list 115 permit ip 192.168.9.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 116 remark IPSEC tunnel to xxx
access-list 116 remark SDM_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.10.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.9.0 0.0.0.255 192.168.21.0 0.0.0.255
access-list 117 remark IPSEC tunnel to xxx
access-list 117 remark SDM_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 192.168.10.0 0.0.0.255 192.168.29.0 0.0.0.255
access-list 117 remark IPSec Rule
access-list 117 permit ip 192.168.9.0 0.0.0.255 192.168.29.0 0.0.0.255
access-list 118 remark IPSEC tunnel to xxx
access-list 118 remark SDM_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.0.255 192.168.34.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.9.0 0.0.0.255 192.168.34.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
dialer-list 4 protocol ip permit
no cdp run
arp 192.168.10.10 03bf.c0a8.0a0a ARPA
!
route-map SDM_RMAP_1 permit 1
 match ip address NAT
!

control-plane
!
!
!

!
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
sntp server 158.43.128.33
sntp server 158.43.128.66
end



0
DerekStoneman
Asked:
DerekStoneman
  • 2
1 Solution
 
MarkDozierCommented:
I do not know but I think it maybe because you only have one PVC.
0
 
mr_dirtCommented:
Your static routes only address half of the story.  You included the crypto endpoints, but not the traffic that's supposed to go to those crypto endpoints.

For the GRE+IPsec tunnels to be encrypted by the right crypto map (and route out the right interface), you'll have to route the GRE tunnel destination addresses out through dialer1 as well.  These will be some of those 10.10.1.x/32 numbers.  

For the IPsec tunnel, you'll have to route the remote subnet out through Dialer3.  

If you don't include these routes, all of your traffic that you don't have specific routes for will go out the Dialer0 interface according to the default route.

0
 
DerekStonemanAuthor Commented:
Thanks for your response.  It makes sense.  I thought that any traffic that met the ACL criteria for a tunnel would automatically route down that tunnel.
I will add additional static routes and test as soon as I can take the router down for testing.  This will be in about 26 hours time.
I will post the results then.
0
 
DerekStonemanAuthor Commented:
Problem resolved by adding the following static routes
192.168.20.0 255.255.255.0  routed to dialer3
10.10.1.6 255.255.255.255 routed to dialer1
10.10.1.2 255.255.255.255 routed to dialer1
10.10.1.10 255.255.255.255 routed to dialer1
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now