Solved

Dropped Ping Randomness

Posted on 2011-09-22
1
325 Views
Last Modified: 2012-05-12
We currently have two Cisco 1800s Routers. Setup on each is a site-to-site vpn

This works fine but about twice a week the connection starts dropping every other packet, the only way to resolve the issue is by a reboot of ROUTER B in the remote location or just wait for the connection to sort its self out. Which can be anywhere from 15mins to a few hours.

Below is a Running config of each router. ROUTER A being the local and ROUTER B being the remote.

Thanks


ROUTER A

Building configuration...

Current configuration : 27366 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Hixon_Acc
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$I3m7$6GZtaBYC3hpdcIPjCQ36I.
!
aaa new-model
!
!
aaa group server radius sdm-vpn-server-group-1
 server 10.0.0.251 auth-port 1645 acct-port 1646
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authentication login sdm_vpn_xauth_ml_3 passwd-expiry group sdm-vpn-server-group-1
aaa authentication login sdm_vpn_xauth_ml_4 group radius
aaa authorization exec default local 
aaa authorization network sdm_vpn_group_ml_1 local 
aaa authorization network sdm_vpn_group_ml_2 local 
aaa authorization network sdm_vpn_group_ml_3 local 
!
!
aaa session-id common
clock timezone PCTime 0
!
crypto pki trustpoint TP-self-signed-2370942559
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2370942559
 revocation-check none
 rsakeypair TP-self-signed-2370942559
!
!
crypto pki certificate chain TP-self-signed-2370942559
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32333730 39343235 3539301E 170D3039 30333235 30383235 
  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33373039 
  34323535 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100DD55 82377F7D B7C3D59C 3323EE63 0EAB4FE9 F1E3BDAE A28CC418 106D62F1 
  60A771B1 2E5C6917 A4373AE5 52B3127C 1F8FF92C D7181EA6 31355D64 492783FD 
  09D05B09 11D4726B 904FE3F4 0745BA36 37A534C0 88E32355 74CE2871 B7C12345 
  709A16C8 FC659688 8C519CB7 E996B51F 43DCF5BC F8A33675 936D78D4 D9AF06F0 
  87E30203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 
  551D1104 17301582 13486978 6F6E5F41 63632E61 6C652E6C 6F63616C 301F0603 
  551D2304 18301680 142F8E0F 96A01EDC DF051F32 E09D52A4 6A6C807A 71301D06 
  03551D0E 04160414 2F8E0F96 A01EDCDF 051F32E0 9D52A46A 6C807A71 300D0609 
  2A864886 F70D0101 04050003 8181008E 68F7F65A EDAC4588 59EB9C7C B28BA170 
  6AC10203 38CCA444 46E00AEE DC07B277 BF454B99 B9555483 CA9B0439 E7F99036 
  21CE2873 AEBF19B7 9B13EF7C FAE4F445 032EA2FB C109507A EF477D1B 71742F83 
  FDF862CE 6267C7FB FD615F6A 50849BEC D2BF1DB9 2019624C 7F417EB3 0C59A030 
  36715780 873DC203 5047A247 587C4C
  	quit
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain name ale.local
ip name-server 10.0.0.251
ip name-server 213.120.104.241
ip ddns update method sdm_ddns1
 DDNS both
!
ip ddns update method sdm_ddns2
 DDNS both
!
!
multilink bundle-name authenticated
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com

parameter-map type regex sdm-regex-nonascii
 pattern [^\x00-\x80]

!
!
username Admin privilege 15 secret 5 $1$C/sD$kokxW.L25eXnoMeOk88uU/
username test secret 5 $1$.ACo$dkQI8o1b53N2HsIT6cuho.
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key A3LH34VY11FT address 60.52.250.73
crypto isakmp key A3LH34VY11FT address 212.241.41.58
crypto isakmp key Ent3rpr1se address 62.6.166.2
crypto isakmp fragmentation
!
crypto isakmp client configuration group ALE_HALL
 key Ent3rpr1se
 dns 10.0.0.251
 domain ALE.local
 pool SDM_POOL_2
 acl 109
 include-local-lan
 max-users 90
 banner ^CCWelcome to Abnormal Load Engineering                  ^C
crypto isakmp profile sdm-ike-profile-1
   match identity group ALE_HALL
   client authentication list sdm_vpn_xauth_ml_3
   isakmp authorization list sdm_vpn_group_ml_3
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA7 esp-3des esp-sha-hmac 
!
crypto ipsec profile SDM_Profile1
 set security-association idle-time 7140
 set transform-set ESP-3DES-SHA3 
 set isakmp-profile sdm-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 description Tunnel to60.52.250.73
 set peer 60.52.250.73
 set transform-set ESP-3DES-SHA2 
 match address 102
crypto map SDM_CMAP_1 2 ipsec-isakmp 
 description Tunnel to212.241.41.58
 set peer 212.241.41.58
 set transform-set ESP-3DES-SHA6 
 match address 117
crypto map SDM_CMAP_1 3 ipsec-isakmp 
 description Tunnel to62.6.166.2
 set peer 62.6.166.2
 set transform-set ESP-3DES-SHA7 
 match address 119
!
crypto ctcp port 10000 
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 104
class-map type inspect smtp match-any sdm-app-smtp
 match  data-length gt 5000000
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
 match access-group 111
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 107
class-map type inspect match-all sdm-cls-VPNOutsideToInside-5
 match access-group 115
class-map type inspect match-any ICMP
 match protocol icmp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-3
 match class-map ICMP
 match access-group name ICMP
class-map type inspect http match-any sdm-app-nonascii
 match  req-resp header regex sdm-regex-nonascii
class-map type inspect match-all sdm-nat-http-1
 match access-group 101
 match protocol ftp
 match access-group name FTP
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
 match access-group 113
class-map type inspect match-any HTTPS
 match protocol http
 match protocol https
 match protocol snmp
 match protocol snmptrap
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-2
 match class-map HTTPS
 match access-group name HTTPS
class-map type inspect match-any EXCHANGE
 match protocol http
 match protocol https
 match protocol smtp
 match protocol icmp
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
 match class-map EXCHANGE
 match access-group name Exchange
class-map type inspect match-all sdm-cls-VPNOutsideToInside-7
 match access-group 118
class-map type inspect match-all sdm-cls-VPNOutsideToInside-6
 match access-group 116
class-map type inspect match-all sdm-cls-VPNOutsideToInside-8
 match access-group 120
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect match-any sdm-cls-protocol-p2p
 match protocol gnutella signature
 match protocol kazaa2 signature
 match protocol fasttrack signature
 match protocol bittorrent signature
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol dns
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
 match access-group 103
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any VPN
 match protocol gdoi
 match protocol isakmp
 match protocol ipsec-msft
 match protocol ssp
 match protocol tcp
 match protocol udp
 match protocol pptp
 match protocol dns
 match protocol icmp
 match protocol citrix
 match protocol citriximaclient
 match protocol ica
 match protocol icabrowser
class-map type inspect match-all sdm-cls--3
 match class-map VPN
 match access-group name vpn
class-map type inspect match-all sdm-cls--2
 match class-map VPN
 match access-group name vpn
class-map type inspect match-all sdm-cls--1
 match class-map VPN
 match access-group name vpn
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-all sdm-cls--4
 match class-map VPN
class-map type inspect match-all SDM_VPN_PT0
 match access-group 106
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-all SDM_VPN_PT1
 match access-group 110
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-all sdm-protocol-pop3
 match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
 match protocol ymsgr
class-map type inspect match-any sdm-service-sdm-inspect-1
 match protocol http
 match protocol https
 match protocol snmp
 match protocol snmptrap
class-map type inspect match-any FTP
 match protocol ftp
class-map type inspect match-all sdm-cls-sdm-inspect-1
 match class-map FTP
 match access-group name FTP
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map type inspect match-all sdm-protocol-p2p
 match class-map sdm-cls-protocol-p2p
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  request port-misuse tunneling
class-map type inspect match-all sdm-protocol-im
 match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-icmp-access
 match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
 match access-group 100
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method post
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect match-all sdm-protocol-http
 match class-map sdm-service-sdm-inspect-1
class-map type inspect match-all sdm-protocol-smtp
 match protocol smtp
class-map type inspect match-all sdm-protocol-imap
 match protocol imap
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect sdm-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-3
  inspect
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-2
  inspect
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
  inspect
 class type inspect sdm-nat-http-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-5
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-6
  pass
 class type inspect sdm-cls-VPNOutsideToInside-7
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-8
  inspect
 class class-default
  drop
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
  reset
 class class-default
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
  reset
 class class-default
policy-map type inspect sdm-inspect
 class type inspect sdm-cls-sdm-inspect-1
  inspect
 class type inspect sdm-invalid-src
  drop
 class type inspect sdm-protocol-http
  inspect
 class type inspect sdm-protocol-smtp
  inspect
 class type inspect sdm-protocol-imap
  inspect
  service-policy imap sdm-action-imap
 class type inspect sdm-protocol-pop3
  inspect
  service-policy pop3 sdm-action-pop3
 class type inspect sdm-protocol-im
  inspect
 class type inspect sdm-insp-traffic
  inspect
 class type inspect SDM-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  allow
 class type inspect http sdm-app-nonascii
  log
  reset
 class class-default
policy-map type inspect sdm-permit
 class type inspect SDM_VPN_PT1
  pass
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class class-default
policy-map type inspect sdm-policy-sdm-cls--4
 class type inspect sdm-cls--4
  pass
 class class-default
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-4
  inspect
 class class-default
  drop log
policy-map type inspect smtp sdm-action-smtp
 class type inspect smtp sdm-app-smtp
  reset
 class class-default
!
zone security 1
zone security VPN
zone security vpn
zone security ezvpn-zone
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-VPN-1 source VPN destination 1
 service-policy type inspect sdm-policy-sdm-cls--4
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0
 description $ETH-LAN$
 ip address 62.6.248.98 255.255.255.240
 ip access-group I2E in
 ip access-group E2I out
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 ip route-cache flow
 speed 100
 full-duplex
 crypto map SDM_CMAP_1
!
interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation hdlc
 ip route-cache flow
 shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.6 point-to-point
 shutdown
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet0
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
 crypto ipsec df-bit clear
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
 ip address 10.0.0.230 255.255.255.0
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip route-cache flow
!
interface Dialer5
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group I2E in
 ip access-group E2I out
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 shutdown
 dialer pool 2
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname B458315@hg43.btclick.com
 ppp chap password 7 11081B0B1800060D082624252C6364
 ppp pap sent-username B458315@hg43.btclick.com password 7 141610050316272A28243C34264356
!
interface Dialer6
 no ip address
 shutdown
 no cdp enable
!
interface Dialer1
 ip ddns update sdm_ddns1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 shutdown
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname B458315@hg43.btclick.com
 ppp chap password 7 045A09080033414F05150A16165B5D
 ppp pap sent-username B458315@hg43.btclick.com password 7 094D4C0716171A1307000B2B2F7479
!
ip local pool SDM_POOL_1 10.1.8.1 10.1.8.50
ip local pool SDM_POOL_2 10.1.6.0 10.1.6.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0
!
ip flow-top-talkers
 top 5
 sort-by bytes
 cache-timeout 500
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.0.0.228 80 interface FastEthernet0 80
ip nat inside source static tcp 10.0.0.228 443 interface FastEthernet0 443
ip nat inside source static tcp 10.0.0.242 21 interface FastEthernet0 21
ip nat inside source static tcp 10.0.0.242 20 interface FastEthernet0 20
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static 10.0.0.219 62.6.248.99
!
ip access-list extended E2I
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended Exchange
 remark SDM_ACL Category=128
 permit ip any host 10.0.0.219
ip access-list extended FTP
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended HTTPS
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended I2E
 remark SDM_ACL Category=1
 remark IPSec Rule
 permit ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
 permit udp host 62.6.166.2 host 62.6.248.98 eq non500-isakmp
 permit udp host 62.6.166.2 host 62.6.248.98 eq isakmp
 permit esp host 62.6.166.2 host 62.6.248.98
 permit ahp host 62.6.166.2 host 62.6.248.98
 remark IPSec Rule
 permit ip 172.16.205.0 0.0.0.255 10.0.0.0 0.0.0.255
 permit udp host 212.241.41.58 host 62.6.248.98 eq non500-isakmp
 permit udp host 212.241.41.58 host 62.6.248.98 eq isakmp
 permit esp host 212.241.41.58 host 62.6.248.98
 permit ahp host 212.241.41.58 host 62.6.248.98
 permit ip any host 62.6.248.98
 remark IPSec Rule
 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
 permit udp host 60.52.250.73 host 62.6.248.98 eq non500-isakmp
 permit udp host 60.52.250.73 host 62.6.248.98 eq isakmp
 permit esp host 60.52.250.73 host 62.6.248.98
 permit ahp host 60.52.250.73 host 62.6.248.98
 permit tcp any any eq www
 permit udp host 213.120.104.241 eq domain any
 permit ip any any
ip access-list extended ICMP
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended any
 remark SDM_ACL Category=4
 permit ip any any
ip access-list extended vpn
 remark SDM_ACL Category=128
 permit ip any any
!
ip radius source-interface Vlan1 
logging trap debugging
logging 10.0.0.41
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 10.0.0.242
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip host 60.52.250.73 any
access-list 104 remark SDM_ACL Category=0
access-list 104 remark IPSec Rule
access-list 104 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 105 remark SDM_ACL Category=2
access-list 105 remark IPSec Rule
access-list 105 deny   ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 105 remark IPSec Rule
access-list 105 deny   ip 10.0.0.0 0.0.0.255 172.16.205.0 0.0.0.255
access-list 105 remark IPSec Rule
access-list 105 deny   ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 105 permit ip 10.0.0.0 0.0.0.255 any
access-list 106 remark SDM_ACL Category=128
access-list 106 permit ip host 60.52.250.73 any
access-list 107 remark SDM_ACL Category=0
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 108 remark SDM_ACL Category=4
access-list 108 permit ip 10.0.0.0 0.0.0.255 any
access-list 108 permit ip 192.168.128.0 0.0.0.255 any
access-list 109 remark SDM_ACL Category=4
access-list 109 permit ip 10.0.0.0 0.0.0.255 any
access-list 110 remark SDM_ACL Category=128
access-list 110 permit ip host 60.52.250.73 any
access-list 110 permit ip host 212.241.41.58 any
access-list 110 permit ip host 62.6.166.2 any
access-list 111 remark SDM_ACL Category=0
access-list 111 remark IPSec Rule
access-list 111 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 112 remark SDM_ACL Category=4
access-list 112 remark IPSec Rule
access-list 112 permit ip 62.6.248.96 0.0.0.15 212.241.41.56 0.0.0.7
access-list 113 remark SDM_ACL Category=0
access-list 113 remark IPSec Rule
access-list 113 permit ip 212.241.41.56 0.0.0.7 62.6.248.96 0.0.0.15
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 114 remark SDM_ACL Category=4
access-list 114 remark IPSec Rule
access-list 114 permit ip 10.0.0.0 0.0.0.255 172.16.205.0 0.0.0.255
access-list 115 remark SDM_ACL Category=0
access-list 115 remark IPSec Rule
access-list 115 permit ip 172.16.205.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 115 remark IPSec Rule
access-list 115 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 116 remark SDM_ACL Category=0
access-list 116 remark IPSec Rule
access-list 116 permit ip 172.16.205.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 116 remark IPSec Rule
access-list 116 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 117 remark SDM_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.0.0.0 0.0.0.255 172.16.205.0 0.0.0.255
access-list 118 remark SDM_ACL Category=0
access-list 118 remark IPSec Rule
access-list 118 permit ip 172.16.205.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 119 remark SDM_ACL Category=4
access-list 119 remark IPSec Rule
access-list 119 permit ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 120 remark SDM_ACL Category=0
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 172.16.205.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 105
!
!
!
radius-server host 10.0.0.251 auth-port 1645 acct-port 1646 timeout 30 key 7 1436412724577E1D1D79621316
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn gateway gateway_1
 ip address 62.6.248.98 port 443
 http-redirect port 80
 ssl trustpoint TP-self-signed-2370942559
 inservice
 !
webvpn context ALE_SSL
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 !
 !
 policy group policy_1
   functions svc-enabled
   svc address-pool "SDM_POOL_2"
   svc default-domain "ale.local"
   svc keep-client-installed
   svc dns-server primary 10.0.0.251
 default-group-policy policy_1
 aaa authentication list sdm_vpn_xauth_ml_4
 gateway gateway_1 domain ale.local
 inservice
!
end

Open in new window

Router B

Current configuration : 13267 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ALE-MB
!
boot-start-marker
boot system flash:c180x-advipservicesk9-mz.124-15.T7.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$2nV1$/6FemaJnKHpXyJDwXpKYy/
!
clock timezone PCTime 0
!
crypto pki trustpoint TP-self-signed-2370942559
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2370942559
 revocation-check none
 rsakeypair TP-self-signed-2370942559
!
!
crypto pki certificate chain TP-self-signed-2370942559
 certificate self-signed 01
  30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32333730 39343235 3539301E 170D3131 30383031 31303139
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33373039
  34323535 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100FC3B 4598A786 5CA16510 8320B9E9 6FBBDAD6 1ADCF0F4 60A920E2 8DB19ED9
  5209B520 F52CB3BB 157AF9E8 AD71FE7A BB902DDB 59554883 E077F105 58B4AF28
  7424F3B7 85859B4E 4A87726B B53D7C4B 63CC82E5 6EF397B3 85BD8D54 30F784B3
  C057C705 CAEFD8D7 412D33E1 89162AE8 22689D76 E45BE428 5FC0EB87 B110053A
  63650203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
  551D1104 14301282 10414C45 2D4D422E 616C652E 6C6F6361 6C301F06 03551D23
  04183016 80144AC4 C8F457DD 7334E472 9F702396 0CAA250C 71A1301D 0603551D
  0E041604 144AC4C8 F457DD73 34E4729F 7023960C AA250C71 A1300D06 092A8648
  86F70D01 01040500 03818100 6C431F15 955CCE88 81BC6C93 71D49482 65FF5537
  EE509A94 CBCA9586 EA1B3221 5A2F33EF DE9849A5 A11C08D1 4B1A0AA3 9B4DD883
  9F8C6BFF 31208B61 55812594 6C71FE5D 4EAEC29D 683B508B 61C944A9 BB47CBDB
  7189CC42 E3BBA92D 941E4155 50B913E9 3D6CA515 3B9956E7 FE6F605C CDC02126
  5646C695 CA06284E 890DD43D
        quit
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip bootp server
ip domain list word
ip domain name ale.local
ip name-server 192.168.128.5
!
multilink bundle-name authenticated
!
!
username Admin privilege 15 secret 5 $1$QCTD$AR81NeLYDv9UVS99DGn4E/
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key Ent3rpr1se address 62.6.248.98
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto ipsec profile SDM_Profile1
 set security-association idle-time 28800
 set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to62.6.248.98
 set peer 62.6.248.98
 set transform-set ESP-3DES-SHA
 match address 101
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 103
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
 match access-group 106
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 105
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
 match access-group 107
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
 match protocol udp
 match protocol tcp
class-map type inspect match-all SDM_VPN_PT
 match access-group 102
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ICMP
 match protocol icmp
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map match-any SDM-Transactional-1
 match  dscp af21
 match  dscp af22
 match  dscp af23
class-map match-any SDM-Signaling-1
 match  dscp cs3
 match  dscp af31
class-map match-any SDM-Routing-1
 match  dscp cs6
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-service-sdm-inspect-1
 match protocol http
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 103
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
 match access-group 106
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 105
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
 match access-group 107
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
 match protocol udp
 match protocol tcp
class-map type inspect match-all SDM_VPN_PT
 match access-group 102
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ICMP
 match protocol icmp
class-map type inspect match-any SDM-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map match-any SDM-Transactional-1
 match  dscp af21
 match  dscp af22
 match  dscp af23
class-map match-any SDM-Signaling-1
 match  dscp cs3
 match  dscp af31
class-map match-any SDM-Routing-1
 match  dscp cs6
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-service-sdm-inspect-1
 match protocol http
  pass
 class type inspect sdm-cls-VPNOutsideToInside-3
  pass
 class type inspect sdm-cls-VPNOutsideToInside-4
  inspect
 class class-default
policy-map type inspect sdm-permit
 class type inspect SDM_VPN_PT
  pass
 class type inspect sdm-cls-sdm-permit-1
  inspect
 class class-default
  pass
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-zone-in-zone source out-zone destination in-zone
 service-policy type inspect sdm-policy-VID
!
!
!
interface FastEthernet0
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 62.6.166.2 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 ip route-cache flow
 speed 100
 full-duplex
 crypto map SDM_CMAP_1
 service-policy output SDM-QoS-Policy-1
!
interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation hdlc
 ip route-cache flow
 shutdown
!
interface FastEthernet1
 duplex full
 speed 100
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
 ip address 192.168.128.230 255.255.255.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip route-cache flow
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0 permanent
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.128.240 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.128.240 161 interface FastEthernet0 161
ip nat inside source static tcp 192.168.128.240 162 interface FastEthernet0 162
ip nat inside source static tcp 192.168.128.240 443 interface FastEthernet0 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
ip access-list extended OUT2IN
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended VC
 remark SDM_ACL Category=128
 permit ip any host 192.168.128.240
ip access-list extended any
 remark SDM_ACL Category=4
 permit ip any any
ip access-list extended icmp
 remark SDM_ACL Category=128
 permit ip any any
ip access-list extended mb-hx
 remark SDM_ACL Category=128
 permit ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.128.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 remark ICMP
access-list 101 permit icmp 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 102 remark SDM_ACL Category=128
access-list 102 permit ip host 62.6.248.98 any
access-list 103 remark SDM_ACL Category=0
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 104 remark SDM_ACL Category=2
access-list 104 remark ICMP
access-list 104 deny   icmp 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 104 remark IPSec Rule
access-list 104 deny   ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 104 permit ip 192.168.128.0 0.0.0.255 any
access-list 104 remark IPSec Rule
access-list 104 deny   ip 192.168.128.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 104 permit ip 192.168.128.0 0.0.0.255 any
access-list 105 remark SDM_ACL Category=0
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 105 remark ICMP
access-list 105 permit icmp 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 106 remark SDM_ACL Category=0
access-list 106 remark IPSec Rule
access-list 106 permit ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 106 remark ICMP
access-list 106 permit icmp 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 107 remark SDM_ACL Category=0
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 107 remark ICMP
access-list 107 permit icmp 10.0.0.0 0.0.0.255 192.168.128.0 0.0.0.255
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 104
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
end

Open in new window

0
Comment
Question by:A_Walsh
1 Comment
 
LVL 45

Accepted Solution

by:
Craig Beck earned 250 total points
Comment Utility
Ok first thing, not really going to cause a problem, but you have this...

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA7 esp-3des esp-sha-hmac

You don't need all that - the transform-sets are all the same so you can use the same one for multiple policies.



On router1 you have this...

crypto ipsec profile SDM_Profile1
 set security-association idle-time 7140


On router2 you have this...

crypto ipsec profile SDM_Profile1
 set security-association idle-time 28800


At a guess I'd say that the SA is expiring at router1 prematurely, which makes router2 think that the SA is still valid when in fact it is no longer in use.
Try setting the value on both routers to 28800 and see what effect that has.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now