troubleshooting Question

Cisco config forinternet, DHCP, and GRE Tunnel

Avatar of dbestcomputers
dbestcomputers asked on
RoutersHardware FirewallsCisco
3 Comments1 Solution820 ViewsLast Modified:
I have a config here that was created using the CCP and has what appears to me to be a BUNCH of extra junk in it.  My GRE tunnel is not working.  In another thread, someone helped me with my 4 line tunnel config:

interface Tunnel0
 ip address 10.10.11.1 255.255.255.0
 tunnel destination 1.1.1.1
 tunnel source Dialer0

But it's not working.  I wanted to clean up my config anyway, so I posted this thread for help cleaning my config up.


Building configuration...

Current configuration : 7373 bytes
!
! Last configuration change at 07:17:36 PCTime Mon Jan 2 2006 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$74UL$tNevwIWQ5nQA53O4XyG.s.
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1824105787
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1824105787
 revocation-check none
 rsakeypair TP-self-signed-1824105787
!
!
crypto pki certificate chain TP-self-signed-1824105787
 certificate self-signed 01
  30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31383234 31303537 3837301E 170D3036 30313032 31323030 
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38323431 
  30353738 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100D7FF 976E3C96 5A034BD5 8D762354 6713E90F AE67A19B 296C02FA 7158CDA8 
  43E24FED 37D55659 2D97670A D662595E 1E447A6D 77E3FF59 3C5045AF CED941F2 
  9A3106EE 6CABA7F3 AB8BB984 E7928019 EDD6CB58 6A1ADEE3 18E943A5 B55C0529 
  3890293D FE8406A5 DC5D00F0 1AD4B5EA C3382D05 E121CC00 A7DF6091 B888E1D5 
  2F9D0203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603 
  551D1104 14301282 10726F75 7465722E 7574696C 6974796E 77301F06 03551D23 
  04183016 8014C77C 9156AD9E 90533EC1 39638D85 A9AF6671 63D9301D 0603551D 
  0E041604 14C77C91 56AD9E90 533EC139 638D85A9 AF667163 D9300D06 092A8648 
  86F70D01 01040500 03818100 3C65CDFC 3107B54B 63A6F7FB CED3ECDB F1D54DCF 
  5A5D5A92 67E20DDC C671FC41 A61CFB1B F395F2B5 7A18E480 B714A56A 9A17BAF3 
  AB81C5C5 ADF963AC A9620D1D BEA0C616 2DF8F5FA B71C28DE 2A7700FD 5E6991CD 
  4275340B 05838776 9DA0DC4A F6567437 5B9719FB F23176C4 2092C89D BF2EE0AB 
  8B15B702 DE1C0F05 3612AF84
  	quit
no ip source-route
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.201 10.10.10.254
!
ip dhcp pool ccp-pool1
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 4.2.2.1 8.8.8.8 
   default-router 10.10.10.1 
!
!
ip cef
no ip bootp server
ip domain name *******
ip name-server 4.2.2.1
ip name-server 8.8.8.8
!
!
license udi pid CISCO861-K9 sn ********************
!
!
username admin privilege 15 secret 5 *************************
!
!
ip tcp synwait-time 10
!
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
match protocol imap
 match protocol pop3
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
! 
!
!
!
!
!
!
interface Tunnel0
 ip address 10.10.11.1 255.255.255.0
 tunnel source Dialer0
 tunnel destination ****************** (Let's use 1.1.1.1 for example sake)
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 duplex auto
 speed auto
 pppoe-client dial-pool-number 1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
zone-member security in-zone
 ip tcp adjust-mss 1412
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username ***********@windstream.net password 7 ***********************
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.3.0 255.255.255.0 Tunnel0
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run

!
control-plane
!
banner exec

Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you 
want to use.
 
banner login Authorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
router#
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros