dbestcomputers
asked on
Cisco config forinternet, DHCP, and GRE Tunnel
I have a config here that was created using the CCP and has what appears to me to be a BUNCH of extra junk in it. My GRE tunnel is not working. In another thread, someone helped me with my 4 line tunnel config:
interface Tunnel0
ip address 10.10.11.1 255.255.255.0
tunnel destination 1.1.1.1
tunnel source Dialer0
But it's not working. I wanted to clean up my config anyway, so I posted this thread for help cleaning my config up.
interface Tunnel0
ip address 10.10.11.1 255.255.255.0
tunnel destination 1.1.1.1
tunnel source Dialer0
But it's not working. I wanted to clean up my config anyway, so I posted this thread for help cleaning my config up.
Building configuration...
Current configuration : 7373 bytes
!
! Last configuration change at 07:17:36 PCTime Mon Jan 2 2006 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$74UL$tNevwIWQ5nQA53O4XyG.s.
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1824105787
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1824105787
revocation-check none
rsakeypair TP-self-signed-1824105787
!
!
crypto pki certificate chain TP-self-signed-1824105787
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383234 31303537 3837301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38323431
30353738 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D7FF 976E3C96 5A034BD5 8D762354 6713E90F AE67A19B 296C02FA 7158CDA8
43E24FED 37D55659 2D97670A D662595E 1E447A6D 77E3FF59 3C5045AF CED941F2
9A3106EE 6CABA7F3 AB8BB984 E7928019 EDD6CB58 6A1ADEE3 18E943A5 B55C0529
3890293D FE8406A5 DC5D00F0 1AD4B5EA C3382D05 E121CC00 A7DF6091 B888E1D5
2F9D0203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
551D1104 14301282 10726F75 7465722E 7574696C 6974796E 77301F06 03551D23
04183016 8014C77C 9156AD9E 90533EC1 39638D85 A9AF6671 63D9301D 0603551D
0E041604 14C77C91 56AD9E90 533EC139 638D85A9 AF667163 D9300D06 092A8648
86F70D01 01040500 03818100 3C65CDFC 3107B54B 63A6F7FB CED3ECDB F1D54DCF
5A5D5A92 67E20DDC C671FC41 A61CFB1B F395F2B5 7A18E480 B714A56A 9A17BAF3
AB81C5C5 ADF963AC A9620D1D BEA0C616 2DF8F5FA B71C28DE 2A7700FD 5E6991CD
4275340B 05838776 9DA0DC4A F6567437 5B9719FB F23176C4 2092C89D BF2EE0AB
8B15B702 DE1C0F05 3612AF84
quit
no ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.201 10.10.10.254
!
ip dhcp pool ccp-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 4.2.2.1 8.8.8.8
default-router 10.10.10.1
!
!
ip cef
no ip bootp server
ip domain name *******
ip name-server 4.2.2.1
ip name-server 8.8.8.8
!
!
license udi pid CISCO861-K9 sn ********************
!
!
username admin privilege 15 secret 5 *************************
!
!
ip tcp synwait-time 10
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
!
!
interface Tunnel0
ip address 10.10.11.1 255.255.255.0
tunnel source Dialer0
tunnel destination ****************** (Let's use 1.1.1.1 for example sake)
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username ***********@windstream.net password 7 ***********************
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.3.0 255.255.255.0 Tunnel0
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner exec
Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
banner login Authorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
router#
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER