chunjo
asked on
Urgent!!! - DMVPN Tunnel is Down and I can't seem to bring back up!
I can't seem to get my VPN Tunnel back up after a migration test I perform earlier today. After completing the project and I put back all the configuration I seem have lost my VPN Connection. I have a 192.168.0.0 /23 network. My spoke sites have a 192.168.x.x /24 address scheme. I've tried performing the following commands:
clear crypto isakmp
clear crypto sa
When I attempt to show the crypto isakmp sa, this is what I get:
CCBQ_2821#sh crypto isakmp sa
dst src state conn-id slot status
208.125.12.116 64.115.135.170 QM_IDLE 524 0 ACTIVE
64.115.135.170 64.115.161.34 QM_IDLE 558 0 ACTIVE
64.115.135.170 64.61.147.90 MM_NO_STATE 521 0 ACTIVE (deleted)
64.115.135.170 64.61.82.234 QM_IDLE 583 0 ACTIVE
64.115.161.138 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.161.138 64.115.135.170 MM_NO_STATE 497 0 ACTIVE (deleted)
64.115.135.170 64.115.168.98 QM_IDLE 520 0 ACTIVE
64.115.135.170 64.115.231.42 MM_NO_STATE 557 0 ACTIVE (deleted)
64.61.145.114 64.115.135.170 QM_IDLE 496 0 ACTIVE
68.236.190.45 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 68.236.190.52 QM_IDLE 1925 0 ACTIVE
24.190.35.158 64.115.135.170 MM_NO_STATE 0 0 ACTIVE
64.115.135.170 64.115.160.82 MM_NO_STATE 476 0 ACTIVE (deleted)
64.115.135.170 68.195.226.162 QM_IDLE 588 0 ACTIVE
71.249.139.123 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.168.122 QM_IDLE 567 0 ACTIVE
64.115.231.42 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.61.15.106 QM_IDLE 505 0 ACTIVE
64.115.135.170 64.115.170.186 MM_NO_STATE 553 0 ACTIVE (deleted)
64.115.135.170 24.186.180.151 QM_IDLE 585 0 ACTIVE
64.115.135.170 64.115.168.70 QM_IDLE 534 0 ACTIVE
64.115.161.10 64.115.135.170 MM_NO_STATE 575 0 ACTIVE (deleted)
dst src state conn-id slot status
69.112.198.28 64.115.135.170 QM_IDLE 578 0 ACTIVE
69.122.13.237 64.115.135.170 QM_IDLE 570 0 ACTIVE
64.115.135.170 64.61.145.162 MM_NO_STATE 533 0 ACTIVE (deleted)
64.115.135.170 64.115.18.82 QM_IDLE 562 0 ACTIVE
24.185.242.242 64.115.135.170 QM_IDLE 596 0 ACTIVE
64.115.135.170 68.195.227.42 QM_IDLE 522 0 ACTIVE
64.115.135.170 68.236.190.35 QM_IDLE 1920 0 ACTIVE
208.125.10.140 64.115.135.170 QM_IDLE 571 0 ACTIVE
208.125.10.140 64.115.135.170 MM_NO_STATE 467 0 ACTIVE (deleted)
64.115.135.170 208.125.12.64 MM_NO_STATE 517 0 ACTIVE (deleted)
64.115.135.170 64.61.151.42 MM_SA_SETUP 580 0 ACTIVE
64.115.135.170 64.61.151.42 MM_NO_STATE 548 0 ACTIVE (deleted)
64.115.135.170 64.61.151.42 MM_NO_STATE 506 0 ACTIVE (deleted)
24.103.16.145 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 69.122.13.237 MM_NO_STATE 456 0 ACTIVE (deleted)
64.115.135.170 24.184.166.192 QM_IDLE 541 0 ACTIVE
64.115.135.170 64.115.117.66 QM_IDLE 503 0 ACTIVE
208.125.10.178 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 208.105.94.220 QM_IDLE 592 0 ACTIVE
64.115.135.170 72.43.97.142 QM_IDLE 594 0 ACTIVE
64.115.135.170 24.103.23.181 QM_IDLE 590 0 ACTIVE
64.115.135.170 69.112.198.28 MM_NO_STATE 480 0 ACTIVE (deleted)
64.115.162.194 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
24.39.155.151 64.115.135.170 QM_IDLE 551 0 ACTIVE
64.115.135.170 64.61.94.122 MM_NO_STATE 463 0 ACTIVE (deleted)
64.115.135.170 24.190.35.158 MM_NO_STATE 486 0 ACTIVE (deleted)
64.115.135.170 208.125.31.220 QM_IDLE 569 0 ACTIVE
208.105.94.252 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 24.185.242.242 MM_NO_STATE 492 0 ACTIVE (deleted)
64.115.135.170 24.89.144.234 QM_IDLE 540 0 ACTIVE
64.115.160.82 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.61.116.66 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.61.147.90 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
69.112.197.119 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.125.226 MM_NO_STATE 494 0 ACTIVE (deleted)
24.105.136.6 64.115.135.170 QM_IDLE 597 0 ACTIVE
64.115.135.170 64.61.166.82 QM_IDLE 572 0 ACTIVE
64.115.135.170 24.103.26.227 QM_IDLE 552 0 ACTIVE
72.43.98.2 64.115.135.170 QM_IDLE 574 0 ACTIVE
72.43.98.2 64.115.135.170 MM_NO_STATE 470 0 ACTIVE (deleted)
64.115.135.170 64.115.194.58 QM_IDLE 518 0 ACTIVE
68.195.237.122 64.115.135.170 MM_NO_STATE 498 0 ACTIVE (deleted)
64.115.135.170 64.115.160.2 MM_NO_STATE 495 0 ACTIVE (deleted)
dst src state conn-id slot status
64.115.135.170 208.125.11.45 QM_IDLE 581 0 ACTIVE
64.61.161.58 64.115.135.170 MM_NO_STATE 545 0 ACTIVE (deleted)
64.115.135.170 64.115.161.114 QM_IDLE 564 0 ACTIVE
64.115.135.170 64.61.124.24 QM_IDLE 1124 0 ACTIVE
64.115.135.170 24.190.200.202 MM_NO_STATE 509 0 ACTIVE (deleted)
64.115.135.170 64.115.161.2 QM_IDLE 523 0 ACTIVE
64.115.135.170 64.61.165.82 MM_NO_STATE 537 0 ACTIVE (deleted)
64.115.135.170 69.112.197.119 MM_NO_STATE 516 0 ACTIVE (deleted)
64.115.135.170 68.236.190.124 QM_IDLE 1919 0 ACTIVE
64.115.135.170 208.125.13.157 QM_IDLE 535 0 ACTIVE
64.115.135.170 64.115.163.18 MM_NO_STATE 510 0 ACTIVE (deleted)
64.61.187.106 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 71.249.196.183 QM_IDLE 1823 0 ACTIVE
64.115.160.34 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.197.178 MM_NO_STATE 458 0 ACTIVE (deleted)
72.43.174.118 64.115.135.170 MM_NO_STATE 544 0 ACTIVE (deleted)
72.43.174.118 64.115.135.170 MM_NO_STATE 483 0 ACTIVE (deleted)
64.115.135.170 64.61.166.58 QM_IDLE 519 0 ACTIVE
64.115.135.170 71.249.139.123 MM_NO_STATE 525 0 ACTIVE (deleted)
64.115.135.170 64.115.193.26 MM_NO_STATE 563 0 ACTIVE (deleted)
64.115.135.170 64.115.197.234 MM_NO_STATE 489 0 ACTIVE (deleted)
64.115.135.170 208.105.94.252 MM_NO_STATE 515 0 ACTIVE (deleted)
64.115.135.170 24.105.131.100 MM_NO_STATE 466 0 ACTIVE (deleted)
64.115.135.170 64.61.124.77 QM_IDLE 1298 0 ACTIVE
64.115.135.170 208.125.28.237 QM_IDLE 565 0 ACTIVE
64.115.135.170 24.105.131.162 QM_IDLE 586 0 ACTIVE
64.115.135.170 24.105.136.6 MM_NO_STATE 508 0 ACTIVE (deleted)
64.115.135.170 64.61.161.58 QM_IDLE 554 0 ACTIVE
64.115.135.170 64.61.161.58 MM_NO_STATE 420 0 ACTIVE (deleted)
64.115.135.170 208.125.10.178 MM_NO_STATE 530 0 ACTIVE (deleted)
64.115.135.170 64.115.161.146 MM_NO_STATE 550 0 ACTIVE (deleted)
64.115.161.146 64.115.135.170 QM_IDLE 587 0 ACTIVE
64.115.135.170 72.43.103.220 QM_IDLE 549 0 ACTIVE
64.115.135.170 64.61.30.154 QM_IDLE 560 0 ACTIVE
64.115.135.170 64.115.193.34 QM_IDLE 542 0 ACTIVE
64.115.135.170 24.105.141.72 QM_IDLE 584 0 ACTIVE
24.188.134.222 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
24.188.134.222 64.115.135.170 MM_NO_STATE 500 0 ACTIVE (deleted)
64.115.163.26 64.115.135.170 MM_NO_STATE 538 0 ACTIVE (deleted)
64.115.135.170 64.115.10.26 MM_NO_STATE 502 0 ACTIVE (deleted)
64.115.135.170 24.103.27.221 MM_KEY_EXCH 577 0 ACTIVE
64.115.135.170 24.185.51.245 QM_IDLE 559 0 ACTIVE
64.115.135.170 24.105.138.143 QM_IDLE 555 0 ACTIVE
dst src state conn-id slot status
64.115.170.186 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.197.178 64.115.135.170 QM_IDLE 556 0 ACTIVE
64.115.197.178 64.115.135.170 MM_NO_STATE 546 0 ACTIVE (deleted)
64.115.135.170 24.105.134.149 QM_IDLE 531 0 ACTIVE
64.115.135.170 64.61.151.50 MM_NO_STATE 507 0 ACTIVE (deleted)
64.115.135.170 64.115.161.242 QM_IDLE 566 0 ACTIVE
64.61.94.122 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.160.2 64.115.135.170 MM_NO_STATE 576 0 ACTIVE (deleted)
64.61.145.162 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 24.103.16.145 MM_NO_STATE 532 0 ACTIVE (deleted)
64.115.135.170 24.39.124.23 QM_IDLE 589 0 ACTIVE
64.115.197.234 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
208.125.12.64 64.115.135.170 QM_IDLE 598 0 ACTIVE
24.190.200.202 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.193.26 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.125.226 64.115.135.170 MM_NO_STATE 582 0 ACTIVE (deleted)
64.115.135.170 72.43.96.101 QM_IDLE 573 0 ACTIVE
64.115.135.170 24.39.155.151 MM_NO_STATE 465 0 ACTIVE (deleted)
64.115.135.170 64.61.116.66 MM_NO_STATE 536 0 ACTIVE (deleted)
64.115.135.170 68.236.190.45 MM_NO_STATE 478 0 ACTIVE (deleted)
64.115.135.170 72.43.169.60 MM_NO_STATE 488 0 ACTIVE (deleted)
64.115.135.170 24.39.124.65 QM_IDLE 579 0 ACTIVE
64.115.135.170 70.107.244.4 MM_NO_STATE 195 0 ACTIVE (deleted)
24.105.131.100 64.115.135.170 QM_IDLE 543 0 ACTIVE
64.115.135.170 64.61.112.242 QM_IDLE 1850 0 ACTIVE
70.107.244.4 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.78.146 QM_IDLE 591 0 ACTIVE
64.115.187.146 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.187.146 64.115.135.170 MM_NO_STATE 493 0 ACTIVE (deleted)
208.105.91.67 64.115.135.170 QM_IDLE 526 0 ACTIVE
24.105.130.113 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.162.194 MM_NO_STATE 514 0 ACTIVE (deleted)
64.115.135.170 72.43.169.53 QM_IDLE 593 0 ACTIVE
64.115.135.170 64.61.13.202 QM_IDLE 1912 0 ACTIVE
64.115.135.170 208.105.94.214 QM_IDLE 561 0 ACTIVE
64.115.135.170 24.103.23.135 QM_IDLE 547 0 ACTIVE
64.115.135.170 208.125.11.48 QM_IDLE 595 0 ACTIVE
64.115.135.170 64.115.161.10 MM_NO_STATE 475 0 ACTIVE (deleted)
64.115.135.170 24.105.130.113 MM_NO_STATE 472 0 ACTIVE (deleted)
64.115.135.170 64.61.187.106 MM_NO_STATE 568 0 ACTIVE (deleted)
64.61.151.50 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
It appear the the Tunnel is flapping. I'm not sure how to resolve this issue.
clear crypto isakmp
clear crypto sa
When I attempt to show the crypto isakmp sa, this is what I get:
CCBQ_2821#sh crypto isakmp sa
dst src state conn-id slot status
208.125.12.116 64.115.135.170 QM_IDLE 524 0 ACTIVE
64.115.135.170 64.115.161.34 QM_IDLE 558 0 ACTIVE
64.115.135.170 64.61.147.90 MM_NO_STATE 521 0 ACTIVE (deleted)
64.115.135.170 64.61.82.234 QM_IDLE 583 0 ACTIVE
64.115.161.138 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.161.138 64.115.135.170 MM_NO_STATE 497 0 ACTIVE (deleted)
64.115.135.170 64.115.168.98 QM_IDLE 520 0 ACTIVE
64.115.135.170 64.115.231.42 MM_NO_STATE 557 0 ACTIVE (deleted)
64.61.145.114 64.115.135.170 QM_IDLE 496 0 ACTIVE
68.236.190.45 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 68.236.190.52 QM_IDLE 1925 0 ACTIVE
24.190.35.158 64.115.135.170 MM_NO_STATE 0 0 ACTIVE
64.115.135.170 64.115.160.82 MM_NO_STATE 476 0 ACTIVE (deleted)
64.115.135.170 68.195.226.162 QM_IDLE 588 0 ACTIVE
71.249.139.123 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.168.122 QM_IDLE 567 0 ACTIVE
64.115.231.42 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.61.15.106 QM_IDLE 505 0 ACTIVE
64.115.135.170 64.115.170.186 MM_NO_STATE 553 0 ACTIVE (deleted)
64.115.135.170 24.186.180.151 QM_IDLE 585 0 ACTIVE
64.115.135.170 64.115.168.70 QM_IDLE 534 0 ACTIVE
64.115.161.10 64.115.135.170 MM_NO_STATE 575 0 ACTIVE (deleted)
dst src state conn-id slot status
69.112.198.28 64.115.135.170 QM_IDLE 578 0 ACTIVE
69.122.13.237 64.115.135.170 QM_IDLE 570 0 ACTIVE
64.115.135.170 64.61.145.162 MM_NO_STATE 533 0 ACTIVE (deleted)
64.115.135.170 64.115.18.82 QM_IDLE 562 0 ACTIVE
24.185.242.242 64.115.135.170 QM_IDLE 596 0 ACTIVE
64.115.135.170 68.195.227.42 QM_IDLE 522 0 ACTIVE
64.115.135.170 68.236.190.35 QM_IDLE 1920 0 ACTIVE
208.125.10.140 64.115.135.170 QM_IDLE 571 0 ACTIVE
208.125.10.140 64.115.135.170 MM_NO_STATE 467 0 ACTIVE (deleted)
64.115.135.170 208.125.12.64 MM_NO_STATE 517 0 ACTIVE (deleted)
64.115.135.170 64.61.151.42 MM_SA_SETUP 580 0 ACTIVE
64.115.135.170 64.61.151.42 MM_NO_STATE 548 0 ACTIVE (deleted)
64.115.135.170 64.61.151.42 MM_NO_STATE 506 0 ACTIVE (deleted)
24.103.16.145 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 69.122.13.237 MM_NO_STATE 456 0 ACTIVE (deleted)
64.115.135.170 24.184.166.192 QM_IDLE 541 0 ACTIVE
64.115.135.170 64.115.117.66 QM_IDLE 503 0 ACTIVE
208.125.10.178 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 208.105.94.220 QM_IDLE 592 0 ACTIVE
64.115.135.170 72.43.97.142 QM_IDLE 594 0 ACTIVE
64.115.135.170 24.103.23.181 QM_IDLE 590 0 ACTIVE
64.115.135.170 69.112.198.28 MM_NO_STATE 480 0 ACTIVE (deleted)
64.115.162.194 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
24.39.155.151 64.115.135.170 QM_IDLE 551 0 ACTIVE
64.115.135.170 64.61.94.122 MM_NO_STATE 463 0 ACTIVE (deleted)
64.115.135.170 24.190.35.158 MM_NO_STATE 486 0 ACTIVE (deleted)
64.115.135.170 208.125.31.220 QM_IDLE 569 0 ACTIVE
208.105.94.252 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 24.185.242.242 MM_NO_STATE 492 0 ACTIVE (deleted)
64.115.135.170 24.89.144.234 QM_IDLE 540 0 ACTIVE
64.115.160.82 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.61.116.66 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.61.147.90 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
69.112.197.119 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.125.226 MM_NO_STATE 494 0 ACTIVE (deleted)
24.105.136.6 64.115.135.170 QM_IDLE 597 0 ACTIVE
64.115.135.170 64.61.166.82 QM_IDLE 572 0 ACTIVE
64.115.135.170 24.103.26.227 QM_IDLE 552 0 ACTIVE
72.43.98.2 64.115.135.170 QM_IDLE 574 0 ACTIVE
72.43.98.2 64.115.135.170 MM_NO_STATE 470 0 ACTIVE (deleted)
64.115.135.170 64.115.194.58 QM_IDLE 518 0 ACTIVE
68.195.237.122 64.115.135.170 MM_NO_STATE 498 0 ACTIVE (deleted)
64.115.135.170 64.115.160.2 MM_NO_STATE 495 0 ACTIVE (deleted)
dst src state conn-id slot status
64.115.135.170 208.125.11.45 QM_IDLE 581 0 ACTIVE
64.61.161.58 64.115.135.170 MM_NO_STATE 545 0 ACTIVE (deleted)
64.115.135.170 64.115.161.114 QM_IDLE 564 0 ACTIVE
64.115.135.170 64.61.124.24 QM_IDLE 1124 0 ACTIVE
64.115.135.170 24.190.200.202 MM_NO_STATE 509 0 ACTIVE (deleted)
64.115.135.170 64.115.161.2 QM_IDLE 523 0 ACTIVE
64.115.135.170 64.61.165.82 MM_NO_STATE 537 0 ACTIVE (deleted)
64.115.135.170 69.112.197.119 MM_NO_STATE 516 0 ACTIVE (deleted)
64.115.135.170 68.236.190.124 QM_IDLE 1919 0 ACTIVE
64.115.135.170 208.125.13.157 QM_IDLE 535 0 ACTIVE
64.115.135.170 64.115.163.18 MM_NO_STATE 510 0 ACTIVE (deleted)
64.61.187.106 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 71.249.196.183 QM_IDLE 1823 0 ACTIVE
64.115.160.34 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.197.178 MM_NO_STATE 458 0 ACTIVE (deleted)
72.43.174.118 64.115.135.170 MM_NO_STATE 544 0 ACTIVE (deleted)
72.43.174.118 64.115.135.170 MM_NO_STATE 483 0 ACTIVE (deleted)
64.115.135.170 64.61.166.58 QM_IDLE 519 0 ACTIVE
64.115.135.170 71.249.139.123 MM_NO_STATE 525 0 ACTIVE (deleted)
64.115.135.170 64.115.193.26 MM_NO_STATE 563 0 ACTIVE (deleted)
64.115.135.170 64.115.197.234 MM_NO_STATE 489 0 ACTIVE (deleted)
64.115.135.170 208.105.94.252 MM_NO_STATE 515 0 ACTIVE (deleted)
64.115.135.170 24.105.131.100 MM_NO_STATE 466 0 ACTIVE (deleted)
64.115.135.170 64.61.124.77 QM_IDLE 1298 0 ACTIVE
64.115.135.170 208.125.28.237 QM_IDLE 565 0 ACTIVE
64.115.135.170 24.105.131.162 QM_IDLE 586 0 ACTIVE
64.115.135.170 24.105.136.6 MM_NO_STATE 508 0 ACTIVE (deleted)
64.115.135.170 64.61.161.58 QM_IDLE 554 0 ACTIVE
64.115.135.170 64.61.161.58 MM_NO_STATE 420 0 ACTIVE (deleted)
64.115.135.170 208.125.10.178 MM_NO_STATE 530 0 ACTIVE (deleted)
64.115.135.170 64.115.161.146 MM_NO_STATE 550 0 ACTIVE (deleted)
64.115.161.146 64.115.135.170 QM_IDLE 587 0 ACTIVE
64.115.135.170 72.43.103.220 QM_IDLE 549 0 ACTIVE
64.115.135.170 64.61.30.154 QM_IDLE 560 0 ACTIVE
64.115.135.170 64.115.193.34 QM_IDLE 542 0 ACTIVE
64.115.135.170 24.105.141.72 QM_IDLE 584 0 ACTIVE
24.188.134.222 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
24.188.134.222 64.115.135.170 MM_NO_STATE 500 0 ACTIVE (deleted)
64.115.163.26 64.115.135.170 MM_NO_STATE 538 0 ACTIVE (deleted)
64.115.135.170 64.115.10.26 MM_NO_STATE 502 0 ACTIVE (deleted)
64.115.135.170 24.103.27.221 MM_KEY_EXCH 577 0 ACTIVE
64.115.135.170 24.185.51.245 QM_IDLE 559 0 ACTIVE
64.115.135.170 24.105.138.143 QM_IDLE 555 0 ACTIVE
dst src state conn-id slot status
64.115.170.186 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.197.178 64.115.135.170 QM_IDLE 556 0 ACTIVE
64.115.197.178 64.115.135.170 MM_NO_STATE 546 0 ACTIVE (deleted)
64.115.135.170 24.105.134.149 QM_IDLE 531 0 ACTIVE
64.115.135.170 64.61.151.50 MM_NO_STATE 507 0 ACTIVE (deleted)
64.115.135.170 64.115.161.242 QM_IDLE 566 0 ACTIVE
64.61.94.122 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.160.2 64.115.135.170 MM_NO_STATE 576 0 ACTIVE (deleted)
64.61.145.162 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 24.103.16.145 MM_NO_STATE 532 0 ACTIVE (deleted)
64.115.135.170 24.39.124.23 QM_IDLE 589 0 ACTIVE
64.115.197.234 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
208.125.12.64 64.115.135.170 QM_IDLE 598 0 ACTIVE
24.190.200.202 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.193.26 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.125.226 64.115.135.170 MM_NO_STATE 582 0 ACTIVE (deleted)
64.115.135.170 72.43.96.101 QM_IDLE 573 0 ACTIVE
64.115.135.170 24.39.155.151 MM_NO_STATE 465 0 ACTIVE (deleted)
64.115.135.170 64.61.116.66 MM_NO_STATE 536 0 ACTIVE (deleted)
64.115.135.170 68.236.190.45 MM_NO_STATE 478 0 ACTIVE (deleted)
64.115.135.170 72.43.169.60 MM_NO_STATE 488 0 ACTIVE (deleted)
64.115.135.170 24.39.124.65 QM_IDLE 579 0 ACTIVE
64.115.135.170 70.107.244.4 MM_NO_STATE 195 0 ACTIVE (deleted)
24.105.131.100 64.115.135.170 QM_IDLE 543 0 ACTIVE
64.115.135.170 64.61.112.242 QM_IDLE 1850 0 ACTIVE
70.107.244.4 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.78.146 QM_IDLE 591 0 ACTIVE
64.115.187.146 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.187.146 64.115.135.170 MM_NO_STATE 493 0 ACTIVE (deleted)
208.105.91.67 64.115.135.170 QM_IDLE 526 0 ACTIVE
24.105.130.113 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
64.115.135.170 64.115.162.194 MM_NO_STATE 514 0 ACTIVE (deleted)
64.115.135.170 72.43.169.53 QM_IDLE 593 0 ACTIVE
64.115.135.170 64.61.13.202 QM_IDLE 1912 0 ACTIVE
64.115.135.170 208.105.94.214 QM_IDLE 561 0 ACTIVE
64.115.135.170 24.103.23.135 QM_IDLE 547 0 ACTIVE
64.115.135.170 208.125.11.48 QM_IDLE 595 0 ACTIVE
64.115.135.170 64.115.161.10 MM_NO_STATE 475 0 ACTIVE (deleted)
64.115.135.170 24.105.130.113 MM_NO_STATE 472 0 ACTIVE (deleted)
64.115.135.170 64.61.187.106 MM_NO_STATE 568 0 ACTIVE (deleted)
64.61.151.50 64.115.135.170 MM_NO_STATE 0 0 ACTIVE (deleted)
It appear the the Tunnel is flapping. I'm not sure how to resolve this issue.
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 2821
!
boot-start-marker
boot system flash flash:c2800nm-advipservicesk9-mz.124-10b.bin
boot-end-marker
!
security authentication failure rate 3 log
logging count
logging buffered 51200 warnings
no logging console
enable secret 5 $1$TFNT$LIV7qzTmwky9.GeFjfLlb/
!
aaa new-model
!
!
aaa authentication login VTY local
aaa authentication login CON local
aaa authentication login REMOTE local
aaa authorization network VPNCLIENT local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
ip tcp synwait-time 10
!
!
ip cef
ip dhcp database url timeout 60
!
!
no ip bootp server
no ip domain lookup
ip domain name CCBQ.org
ip name-server 4.2.2.1
ip ssh time-out 60
ip inspect name INET tcp alert off audit-trail on
ip inspect name INET udp alert off audit-trail on
ip inspect name INET icmp alert off audit-trail on
ip urlfilter exclusive-domain deny www.myspace.com
ip urlfilter audit-trail
ip urlfilter server vendor n2h2 www.myspace.com outside
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2748599135
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2748599135
revocation-check none
rsakeypair TP-self-signed-2748599135
!
!
crypto pki certificate chain TP-self-signed-2748599135
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373438 35393931 3335301E 170D3037 30333331 31363430
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343835
39393133 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C7F6 60544E09 D756045B 0219ED6B 1DA5EF7C 61370654 E45B5944 94C512A0
E867305A 4D8DF460 C6A25B9E 629739D9 18A96E37 107D0DA5 85E99000 446A87DD
7C6302B0 042A6684 447C69FD 5955D525 F883A063 60373435 2FAD22B4 546E23EE
203757B2 57B409E7 5C272B93 93B4D64E 328B84DD 82363243 0552D646 CB4F3886
A8FD0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12434342 515F3238 32312E43 4342512E 6F726730 1F060355
1D230418 30168014 00FF5A04 25652982 46A3B455 9599E646 39BDD6DC 301D0603
551D0E04 16041400 FF5A0425 65298246 A3B45595 99E64639 BDD6DC30 0D06092A
864886F7 0D010104 05000381 8100155C 4477F774 B7BA63F1 0D8A21A1 0C102212
183D664D C3950C5D 0943A1BF 1C7C3919 5AF64F79 C8269247 C1F8B44D BCBB73EC
C3415CB6 8614F81D 4D78A29D D1D5601B 1673930C 739F4858 8AE27AC1 4E1F8DC5
297C7568 67622F5B D5895A02 F7D1FD23 388DAE55 8A02FB7B 541A0530 613FEBD3
2CC600E8 9C15DFFC A4BA12B7 6A6F
quit
username XXXX privilege 15 secret 5 $1$eIfj$wd6o7fYXVrG/vtQFGiTUh0
!
crypto keyring ccbq-dmvpn
pre-shared-key address 0.0.0.0 0.0.0.0 key XXXXXXX
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 5
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group ccbq-vpn
key 3cc2bq3
dns 192.168.1.2
domain ccbq.org
pool REMOTE
crypto isakmp profile DMVPN
keyring ccbq-dmvpn
match identity address 0.0.0.0
crypto isakmp profile ccbq-vpn-client
match identity group ccbq-vpn
client authentication list REMOTE
isakmp authorization list VPNCLIENT
client configuration address respond
!
!
crypto ipsec transform-set ccbq-set esp-3des esp-sha-hmac
!
crypto ipsec profile ccbq-profile
set transform-set ccbq-set
set isakmp-profile DMVPN
!
!
crypto dynamic-map ccbq-dyn 10
set transform-set ccbq-set
set isakmp-profile ccbq-vpn-client
!
!
crypto map ccbq-map 10 ipsec-isakmp dynamic ccbq-dyn
!
!
!
!
interface Loopback128
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
interface Tunnel255
description Connection to Primary DMVPN
bandwidth 4632
ip address 192.168.255.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip mtu 1416
ip nbar protocol-discovery
ip nat inside
ip nhrp authentication ccbqn#rp
ip nhrp map multicast dynamic
ip nhrp network-id 255
ip nhrp holdtime 300
ip virtual-reassembly
ip route-cache flow
no ip split-horizon eigrp 255
tunnel source Multilink1
tunnel mode gre multipoint
tunnel key 255
tunnel protection ipsec profile ccbq-profile
hold-queue 1024 in
!
interface Null0
no ip unreachables
!
interface Multilink1
description WAN Connection$FW_OUTSIDE$
ip address 64.115.135.170 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip mroute-cache
no cdp enable
ppp multilink
ppp multilink group 1
crypto map ccbq-map
!
interface GigabitEthernet0/0
description connected to CCBQ Internal LAN$ETH-LAN$$FW_INSIDE$
ip address 192.168.1.19 255.255.254.0
ip access-group 102 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1350
ip policy route-map clear-df
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface GigabitEthernet0/1
description connect to CCBQ Interal LAN$FW_ETH0/2$
ip address 192.168.192.1 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
ip policy route-map clear-df
shutdown
duplex full
speed 100
no cdp enable
no mop enabled
!
interface Serial0/0/0
bandwidth 4632
no ip address
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
no ip mroute-cache
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0
bandwidth 4632
no ip address
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
no ip mroute-cache
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/2/0
bandwidth 4632
no ip address
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
no ip mroute-cache
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 1
!
interface Serial0/3/0
bandwidth 1544
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
shutdown
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
!
router eigrp 255
redistribute static
passive-interface GigabitEthernet0/0
network 172.168.0.0
network 192.168.1.0
network 192.168.0.0 0.0.1.255
network 192.168.255.0
network 192.168.0.0 0.0.255.255
no auto-summary
!
ip local pool REMOTE 192.168.252.1 192.168.252.254
ip forward-protocol udp 5120
ip route 0.0.0.0 0.0.0.0 64.115.135.169
ip route 66.200.154.167 255.255.255.255 64.115.135.169
ip route 67.100.227.128 255.255.255.255 64.115.135.169
ip route 192.168.0.16 255.255.255.255 GigabitEthernet0/0
!
ip flow-capture packet-length
ip flow-capture icmp
ip flow-capture ip-id
ip flow-capture mac-addresses
ip flow-top-talkers
top 10
sort-by packets
!
no ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source route-map NAT interface Multilink1 overload
!
ip access-list extended TELNET
permit tcp any any eq telnet
!
logging trap debugging
logging 192.168.1.13
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 63.117.181.64 0.0.0.63
access-list 2 permit 0.0.0.0
access-list 3 remark HTTP Access-class list
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.0.0 0.0.1.255
access-list 3 deny any
access-list 100 permit tcp any any eq telnet
access-list 100 deny ip 64.69.124.128 0.0.0.15 any
access-list 100 deny ip 64.69.124.144 0.0.0.15 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 permit icmp any any
access-list 100 permit tcp any host 64.69.124.129 established
access-list 100 permit tcp any host 64.69.124.130 established
access-list 100 permit esp any any
access-list 100 permit gre any any
access-list 100 permit udp any any eq isakmp
access-list 100 permit udp any any eq non500-isakmp
access-list 100 permit tcp any host 64.69.124.129 eq 22
access-list 100 permit tcp any host 64.69.124.130 eq 22
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit udp host 128.118.46.3 host 64.69.124.129 eq ntp
access-list 100 permit tcp any any eq 5120
access-list 100 deny tcp any eq www host 64.69.124.129
access-list 100 deny ip any any
access-list 101 deny ip host 192.168.1.255 any
access-list 101 deny ip host 192.168.20.255 any
access-list 101 deny ip any 192.168.0.0 0.0.255.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip host 192.168.1.91 any
access-list 101 permit ip host 192.168.1.177 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip 172.168.1.0 0.0.0.255 any
access-list 102 permit tcp any any eq 25000
access-list 102 permit tcp any eq 25000 any
access-list 102 permit udp any eq 5120 any
access-list 102 permit udp any any eq 5120
access-list 102 permit tcp any any eq 5120
access-list 102 permit tcp any eq 5120 any
access-list 102 permit udp any eq 7766 any
access-list 102 permit udp any any eq 7766
access-list 102 permit tcp any any eq 7766
access-list 102 permit tcp any eq 7766 any
access-list 102 permit udp any eq 4750 any
access-list 102 permit udp any any eq 4750
access-list 102 permit tcp any any eq 4750
access-list 102 permit tcp any eq 4750 any
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any eq smtp any
access-list 102 permit tcp any host 64.115.135.170 eq smtp log
access-list 102 permit tcp host 192.168.1.3 host 192.168.0.8 eq smtp
access-list 102 permit tcp host 192.168.0.8 host 192.168.1.3 eq smtp
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.0.0 0.0.1.255 any
access-list 103 deny ip any any
access-list 199 permit tcp any host 192.168.1.3 eq smtp
snmp-server community <removed> RO
snmp-server community ccbq_ro RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps xgcp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps atm subif
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps mpls ldp
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls vpn
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps vsimaster
snmp-server enable traps vtp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps voice fallback
snmp-server enable traps dnis
snmp-server host 192.168.1.6 <removed>
snmp-server host 192.168.1.6 ccbq_ro
no cdp run
!
route-map static2eigrp permit 10
match ip address 1 2
!
route-map clear-df permit 10
match ip address 102
set ip df 0
!
route-map NAT permit 10
match ip address 101
!
route-map VPNINET permit 10
match ip address 102
set ip next-hop 192.168.1.5
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
login authentication CON
transport output telnet
line aux 0
transport output telnet
line vty 0 4
exec-timeout 60 0
privilege level 15
login authentication VTY
transport input telnet ssh
line vty 5 15
exec-timeout 60 0
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp authentication-key 100 md5 12181103130807 7
ntp trusted-key 100
ntp clock-period 17180173
ntp source GigabitEthernet0/0
ntp master 6
ntp server 192.168.1.6
ntp server 128.118.46.3
!
end
CCBQ_2821#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER