Shark Attack
asked on
can't ssh to external IP
why can't I access ssh on my exyernal IP when the internal VLAN1 is NOT reachable but the external IP IS REACHABLE. Also, when the internal vlan 1 IS reachable, I am ablt to ssh to the external. Is it something with tacas?
!
hostname
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 65535
logging console informational
enable secret 5
!
aaa new-model
!
!
aaa authentication password-prompt "Password_: "
aaa authentication username-prompt "Username_: "
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
clock timezone cst -6 0
clock summer-time cdt recurring
!
crypto pki trustpoint TP-self-signed-51760073
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-51760073
revocation-check none
rsakeypair TP-self-signed-51760073
!
!
crypto pki certificate chain TP-self-signed-51760073
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.50.28.104
ip dhcp excluded-address 10.50.28.103
ip dhcp excluded-address 10.50.28.1 10.50.28.68
ip dhcp excluded-address 10.50.28.125 10.50.28.254
!
ip dhcp pool CLIENT
network 10.50.28.0 255.255.255.0
dns-server 10.255.0.190 10.1.0.190 10.255.0.191
netbios-name-server 10.255.0.190 10.1.0.190 10.255.0.191
domain-name alcco.com
default-router 10.50.28.254
lease 2
!
ip dhcp pool Walker-1
host 10.50.28.101 255.255.255.0
client-identifier
dns-server 10.255.0.190 10.255.0.191
default-router 10.50.28.254
domain-name alcco.com
netbios-name-server 10.255.0.190 10.1.0.190 10.255.0.191
lease 0 12
!
ip dhcp pool Walker-2
host 10.50.28.102 255.255.255.0
client-identifier
dns-server 10.255.0.190 10.255.0.191
default-router 10.50.28.254
domain-name alcco.com
netbios-name-server 10.255.0.190 10.1.0.190 10.255.0.191
lease 0 12
!
!
!
ip domain list alcco.com
ip domain lookup source-interface Vlan1
ip domain name alcco.com
ip name-server 10.255.0.190
ip name-server 10.255.0.191
ip cef
no ipv6 cef
ipv6 spd queue min-threshold 30
ipv6 spd queue max-threshold 31
!
parameter-map type waas waas_global
tfo optimize full
tfo auto-discovery blacklist enable
lz entropy-check
dre upload
accelerator http-express
enable
accelerator cifs-express
enable
accelerator ssl-express
enable
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license feature MEM-8XX-512U1GB
license udi pid C891F-K9 sn FTX191180YP
!
!
username privilege 15 secret 5
username privilege 15 password 7
username password 7
!
!
!
!
lldp run
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
track 3 ip sla 3 reachability
!
ip tftp source-interface Vlan1
ip ssh version 2
!
class-map type waas match-any BFTP
match tcp destination port 152
class-map type waas match-any proshare
match tcp destination port 5713 5717
class-map type waas match-any msnp
match tcp destination port 1863
match tcp destination port 6891 6900
class-map type waas match-any Laplink-surfup-HTTPS
match tcp destination port 1184
class-map type waas match-any msmq
match tcp destination port 1801
match tcp destination port 2101
match tcp destination port 2103
match tcp destination port 2105
class-map type waas match-any rrac
match tcp destination port 5678
class-map type waas match-any nameserver
match tcp destination port 42
class-map type waas match-any ms-sql-s
match tcp destination port 1433
class-map type waas match-any WINS
match tcp destination port 1512
class-map type waas match-any NNTP
match tcp destination port 119
class-map type waas match-any PPTP
match tcp destination port 1723
class-map type waas match-any hp-pdl-datastr
match tcp destination port 9100
class-map type waas match-any RTSP
match tcp destination port 554
match tcp destination port 8554
class-map type waas match-any VocalTec
match tcp destination port 1490
match tcp destination port 6670
match tcp destination port 25793
match tcp destination port 22555
class-map type waas match-any PostgreSQL
match tcp destination port 5432
class-map type waas match-any Danware-NetOp
match tcp destination port 6502
class-map type waas match-any TACACS
match tcp destination port 49
class-map type waas match-any isns
match tcp destination port 3205
class-map type waas match-any klogin
match tcp destination port 543
class-map type waas match-any auth
match tcp destination port 113
class-map type waas match-any Cisco-CallManager
match tcp destination port 2748
match tcp destination port 2443
class-map type waas match-any sunrpc
match tcp destination port 111
class-map type waas match-any ccmail
match tcp destination port 3264
class-map type waas match-any netrjs-3
match tcp destination port 73
class-map type waas match-any orasrv
match tcp destination port 1525
match tcp destination port 1521
class-map type waas match-any ircs
match tcp destination port 994
class-map type waas match-any PDMWorks
match tcp destination port 30000
match tcp destination port 40000
class-map type waas match-any eTrust-policy-Compliance
match tcp destination port 1267
class-map type waas match-any ircu
match tcp destination port 531
match tcp destination port 6660 6665
match tcp destination port 6667 6669
class-map type waas match-any timbuktu
match tcp destination port 407
class-map type waas match-any sshell
match tcp destination port 614
class-map type waas match-any corba-iiop-ssl
match tcp destination port 684
class-map type waas match-any sametime
match tcp destination port 1533
class-map type waas match-any Laplink-ShareDirect
match tcp destination port 2705
class-map type waas match-any EMC-SRDFA-IP
match tcp destination port 1748
class-map type waas match-any FTPS
match tcp source port 989
class-map type waas match-any ftps
match tcp destination port 990
class-map type waas match-any novadigm
match tcp destination port 3460
match tcp destination port 3461
match tcp destination port 3464
class-map type waas match-any tell
match tcp destination port 754
class-map type waas match-any sftp
match tcp destination port 115
class-map type waas match-any talk
match tcp destination port 517
class-map type waas match-any Veritas-NetBackup
match tcp destination port 13720
match tcp destination port 13721
match tcp destination port 13782
match tcp destination port 13785
class-map type waas match-any Basic-TCP-services
match tcp destination port 1 19
class-map type waas match-any cvspserver
match tcp destination port 2401
class-map type waas match-any imap
match tcp destination port 143
class-map type waas match-any kshell
match tcp destination port 544
class-map type waas match-any ms-olap4
match tcp destination port 2383
class-map type waas match-any TFTP
match tcp destination port 69
class-map type waas match-any svrloc
match tcp destination port 427
class-map type waas match-any HTTP
match tcp destination port 80
match tcp destination port 8080
match tcp destination port 8000
match tcp destination port 8088
match tcp destination port 3128
class-map type waas match-any pcanywheredata
match tcp destination port 5631 5632
match tcp destination port 65301
class-map type waas match-any QMTP
match tcp destination port 209
class-map type waas match-any LDAP
match tcp destination port 389
match tcp destination port 8404
class-map type waas match-any sqlsrv
match tcp destination port 156
class-map type waas match-any smtp
match tcp destination port 25
class-map type waas match-any BitTorrent
match tcp destination port 6881 6889
match tcp destination port 6969
class-map type waas match-any exec
match tcp destination port 512
class-map type waas match-any FCIP
match tcp destination port 3225
class-map type waas match-any UniSQL
match tcp destination port 1978
match tcp destination port 1979
class-map type waas match-any openmail
match tcp destination port 5755
match tcp destination port 5757
match tcp destination port 5766
match tcp destination port 5767
match tcp destination port 5768
match tcp destination port 5729
class-map type waas match-any ssql
match tcp destination port 3352
class-map type waas match-any SoulSeek
match tcp destination port 2234
match tcp destination port 5534
class-map type waas match-any WBEM
match tcp destination port 5987 5990
class-map type waas match-any ms-sql-m
match tcp destination port 1434
class-map type waas match-any afpovertcp
match tcp destination port 548
class-map type waas match-any CIFS
match tcp destination port 139
match tcp destination port 445
class-map type waas match-any IBM-TSM
match tcp destination port 1500 1502
class-map type waas match-any xmpp-client
match tcp destination port 5222
class-map type waas match-any pcsync-http
match tcp destination port 8444
class-map type waas match-any xprint-server
match tcp destination port 8100
class-map type waas match-any Telnet
match tcp destination port 23
match tcp destination port 107
class-map type waas match-any Remote-Anything
match tcp destination port 3999 4000
class-map type waas match-any Double-Take
match tcp destination port 1105
match tcp destination port 1100
class-map type waas match-any cisco-q931-backhaul
match tcp destination port 2428
class-map type waas match-any msft-gc
match tcp destination port 3268
class-map type waas match-any net-assistant
match tcp destination port 3283
class-map type waas match-any imap3
match tcp destination port 220
class-map type waas match-any ms-content-repl-srv
match tcp destination port 560
match tcp destination port 507
class-map type waas match-any netapp-snapmirror
match tcp destination port 10565 10569
class-map type waas match-any Amanda
match tcp destination port 10080
class-map type waas match-any gds_db
match tcp destination port 3050
class-map type waas match-any radmin-port
match tcp destination port 4899
class-map type waas match-any PSOM-MTLS
match tcp destination port 8057
class-map type waas match-any sybase-sqlany
match tcp destination port 1498
match tcp destination port 2638
match tcp destination port 2439
match tcp destination port 3968
class-map type waas match-any print-srv
match tcp destination port 170
class-map type waas match-any EMC-Celerra-Replicator
match tcp destination port 8888
class-map type waas match-any ftps-data
match tcp source port 20
class-map type waas match-any Gnutella
match tcp destination port 6346 6349
match tcp destination port 6355
match tcp destination port 5634
class-map type waas match-any HP-OpenView
match tcp destination port 7426 7431
match tcp destination port 7501
match tcp destination port 7510
class-map type waas match-any sip-tls
match tcp destination port 5061
class-map type waas match-any Yahoo-Messenger
match tcp destination port 5000 5001
match tcp destination port 5050
match tcp destination port 5100
class-map type waas match-any pop3s
match tcp destination port 995
class-map type waas match-any Apple-iChat
match tcp destination port 5297
match tcp destination port 5298
class-map type waas match-any Siebel
match tcp destination port 8448
match tcp destination port 2320
match tcp destination port 2321
class-map type waas match-any Kerberos
match tcp destination port 88
match tcp destination port 888
match tcp destination port 2053
class-map type waas match-any MS-GROOVE
match tcp destination port 2492
class-map type waas match-any MS-NetMeeting
match tcp destination port 522
match tcp destination port 1503
match tcp destination port 1731
class-map type waas match-any Oracle
match tcp destination port 66
class-map type waas match-any ssc-agent
match tcp destination port 2847
match tcp destination port 2848
match tcp destination port 2967
match tcp destination port 2968
match tcp destination port 38037
match tcp destination port 38292
class-map type waas match-any soap-http
match tcp destination port 7627
class-map type waas match-any Pervasive-SQL
match tcp destination port 1583
class-map type waas match-any iFCP
match tcp destination port 3420
class-map type waas match-any sql-net
match tcp destination port 150
class-map type waas match-any xmpp-server
match tcp destination port 5269
class-map type waas match-any pcmail-srv
match tcp destination port 158
class-map type waas match-any AOL
match tcp destination port 5190 5193
class-map type waas match-any SAP
match tcp destination port 3200 3204
match tcp destination port 3206 3219
match tcp destination port 3390 3399
match tcp destination port 3284 3305
match tcp destination port 3226 3259
match tcp destination port 3261 3263
match tcp destination port 3265 3267
match tcp destination port 3662 3699
match tcp destination port 3221 3224
match tcp destination port 3270 3282
match tcp destination port 3307 3351
match tcp destination port 3353 3388
match tcp destination port 3600 3658
class-map type waas match-any waas-default
match tcp any
class-map type waas match-any TFTPS
match tcp destination port 3713
class-map type waas match-any WinMX
match tcp destination port 6699
class-map type waas match-any ezMeeting
match tcp destination port 10101 10103
match tcp destination port 26260 26261
class-map type waas match-any afs3
match tcp destination port 7000 7009
class-map type waas match-any NetIQ
match tcp destination port 2220
match tcp destination port 2735
match tcp destination port 10113 10116
class-map type waas match-any Grouper
match tcp destination port 8038
class-map type waas match-any apple-sasl
match tcp destination port 3659
class-map type waas match-any SSH
match tcp destination port 22
class-map type waas match-any h323hostcallsc
match tcp destination port 1300
class-map type waas match-any IPP
match tcp destination port 631
class-map type waas match-any NTP
match tcp destination port 123
class-map type waas match-any VoIP-Control
match tcp destination port 1718 1719
match tcp destination port 11000 11999
class-map type waas match-any HTTPS
match tcp destination port 443
class-map type waas match-any mgcp-gateway
match tcp destination port 2427
class-map type waas match-any Clearcase
match tcp destination port 371
class-map type waas match-any novell-zen
match tcp destination port 1761 1763
match tcp destination port 2544
match tcp destination port 8039
match tcp destination port 2037
class-map type waas match-any iso-tsap
match tcp destination port 102
class-map type waas match-any ms-streaming
match tcp destination port 1755
class-map type waas match-any Napster
match tcp destination port 8875
match tcp destination port 7777
match tcp destination port 6700
match tcp destination port 6666
match tcp destination port 6677
match tcp destination port 6688
class-map type waas match-any mgcp-callagent
match tcp destination port 2727
class-map type waas match-any Kazaa
match tcp destination port 1214
class-map type waas match-any kerberos-adm
match tcp destination port 749
class-map type waas match-any Telnets
match tcp destination port 992
class-map type waas match-any pcsync-https
match tcp destination port 8443
class-map type waas match-any WASTE
match tcp destination port 1337
class-map type waas match-any BGP
match tcp destination port 179
class-map type waas match-any BMC-Patrol
match tcp destination port 6161
match tcp destination port 6162
match tcp destination port 8160
match tcp destination port 8161
match tcp destination port 6767
match tcp destination port 6768
match tcp destination port 10128
class-map type waas match-any Rsync
match tcp destination port 873
class-map type waas match-any Qnext
match tcp destination port 44
match tcp destination port 5555
class-map type waas match-any Liquid-Audio
match tcp destination port 18888
class-map type waas match-any timbuktu-srv
match tcp destination port 1417 1420
class-map type waas match-any eDonkey
match tcp destination port 4661 4662
class-map type waas match-any h323hostcall
match tcp destination port 1720
class-map type waas match-any DNS
match tcp destination port 53
class-map type waas match-any Filenet
match tcp destination port 32768 32774
class-map type waas match-any backup-express
match tcp destination port 6123
class-map type waas match-any ControlIT
match tcp destination port 799
class-map type waas match-any NFS
match tcp destination port 2049
class-map type waas match-any Netopia-netOctopus
match tcp destination port 1917
match tcp destination port 1921
class-map type waas match-any VNC
match tcp destination port 5800 5809
match tcp destination port 5900 5909
class-map type waas match-any Vmware-VMConsole
match tcp destination port 902
class-map type waas match-any cisco-sccp
match tcp destination port 2000 2002
class-map type waas match-any intersys-cache
match tcp destination port 1972
class-map type waas match-any pop3
match tcp destination port 110
class-map type waas match-any Other-Secure
match tcp destination port 261
match tcp destination port 448
match tcp destination port 695
match tcp destination port 2252
match tcp destination port 2478
match tcp destination port 2479
match tcp destination port 2482
match tcp destination port 2484
match tcp destination port 2679
match tcp destination port 2762
match tcp destination port 2998
match tcp destination port 3077
match tcp destination port 3078
match tcp destination port 3183
match tcp destination port 3191
match tcp destination port 3220
match tcp destination port 3410
match tcp destination port 3424
match tcp destination port 3471
match tcp destination port 3496
match tcp destination port 3509
match tcp destination port 3529
match tcp destination port 3539
match tcp destination port 3660
match tcp destination port 3661
match tcp destination port 3747
match tcp destination port 3864
match tcp destination port 3885
match tcp destination port 3896
match tcp destination port 3897
match tcp destination port 3995
match tcp destination port 4031
match tcp destination port 5007
match tcp destination port 7674
match tcp destination port 9802
match tcp destination port 12109
class-map type waas match-any IBM-DB2
match tcp destination port 523
class-map type waas match-any citriximaclient
match tcp destination port 2598
class-map type waas match-any Legato-RepliStor
match tcp destination port 7144
match tcp destination port 7145
class-map type waas match-any lotusnote
match tcp destination port 1352
class-map type waas match-any MDaemon
match tcp destination port 3000
match tcp destination port 3001
class-map type waas match-any dmdocbroker
match tcp destination port 1489
class-map type waas match-any ftp
match tcp destination port 21
class-map type waas match-any Altiris-CarbonCopy
match tcp destination port 1680
class-map type waas match-any login
match tcp destination port 513
class-map type waas match-any iscsi
match tcp destination port 3260
class-map type waas match-any msft-gc-ssl
match tcp destination port 3269
class-map type waas match-any objcall
match tcp destination port 94
match tcp destination port 627
match tcp destination port 1965
match tcp destination port 1580
match tcp destination port 1581
class-map type waas match-any imaps
match tcp destination port 993
class-map type waas match-any printer
match tcp destination port 515
class-map type waas match-any netbios
match tcp destination port 137
class-map type waas match-any smtps
match tcp destination port 465
class-map type waas match-any kpasswd
match tcp destination port 464
class-map type waas match-any epmap
match tcp destination port 135
class-map type waas match-any ldaps
match tcp destination port 636
class-map type waas match-any cmd
match tcp destination port 514
class-map type waas match-any sip
match tcp destination port 5060
class-map type waas match-any ica
match tcp destination port 1494
class-map type waas match-any cuseeme
match tcp destination port 7640
match tcp destination port 7642
match tcp destination port 7648
match tcp destination port 7649
class-map type waas match-any Legato-NetWorker
match tcp destination port 7937
match tcp destination port 7938
match tcp destination port 7939
class-map type waas match-any citrixadmin
match tcp destination port 2513
class-map type waas match-any sqlexec
match tcp destination port 9088 9089
class-map type waas match-any CommVault
match tcp destination port 8400 8403
class-map type waas match-any Veritas-BackupExec
match tcp destination port 6101
match tcp destination port 6102
match tcp destination port 6106
match tcp destination port 3527
match tcp destination port 1125
class-map type waas match-any nntps
match tcp destination port 563
class-map type waas match-any groupwise
match tcp destination port 1677
match tcp destination port 9850
match tcp destination port 7205
match tcp destination port 3800
match tcp destination port 7100
match tcp destination port 7180
match tcp destination port 7101
match tcp destination port 7181
match tcp destination port 2800
class-map type waas match-any x11
match tcp destination port 6000 6063
class-map type waas match-any citrixima
match tcp destination port 2512
class-map type waas match-any L2TP
match tcp destination port 1701
class-map type waas match-any LANDesk
match tcp destination port 9535
match tcp destination port 9593 9595
class-map type waas match-any ms-wbt-server
match tcp destination port 3389
class-map type waas match-any MySQL
match tcp destination port 3306
class-map type waas match-any netviewdm
match tcp destination port 729 731
class-map type waas match-any OpenVPN
match tcp destination port 1194
class-map type waas match-any sqlserv
match tcp destination port 118
class-map type waas match-any HotLine
match tcp destination port 5500 5503
class-map type waas match-any laplink
match tcp destination port 1547
class-map type waas match-any ncp
match tcp destination port 524
class-map type waas match-any flowmonitor
match tcp destination port 7878
class-map type waas match-any connected
match tcp destination port 16384
!
policy-map type waas waas_global
class afs3
optimize tfo dre lz application File-System
class AOL
passthrough application Instant-Messaging
class Altiris-CarbonCopy
passthrough application Remote-Desktop
class Amanda
optimize tfo application Backup
class hp-pdl-datastr
optimize tfo dre lz application Printing
class afpovertcp
optimize tfo dre lz application File-System
class net-assistant
passthrough application Remote-Desktop
class Apple-iChat
passthrough application Instant-Messaging
class BFTP
optimize tfo dre lz application File-Transfer
class BGP
passthrough application Other
class BMC-Patrol
passthrough application Systems-Management
class backup-express
optimize tfo application Backup
class Basic-TCP-services
passthrough application Other
class BitTorrent
passthrough application P2P
class gds_db
optimize tfo dre lz application SQL
class CIFS
optimize tfo dre lz application CIFS accelerate cifs-express
class cuseeme
passthrough application Conferencing
class cvspserver
optimize tfo dre lz application Version-Management
class Cisco-CallManager
passthrough application Call-Management
class ica
optimize tfo dre lz application Remote-Desktop
class citriximaclient
optimize tfo dre lz application Remote-Desktop
class Clearcase
optimize tfo dre lz application Version-Management
class CommVault
optimize tfo application Backup
class connected
optimize tfo application Backup
class ControlIT
optimize tfo application Remote-Desktop
class DNS
passthrough application Name-Services
class Danware-NetOp
optimize tfo application Remote-Desktop
class dmdocbroker
optimize tfo dre lz application Content-Management
class Double-Take
optimize tfo dre lz application Replication
class EMC-Celerra-Replicator
optimize tfo dre lz application Replication
class EMC-SRDFA-IP
optimize tfo dre lz application Storage
class FCIP
optimize tfo lz application Storage
class ftp
passthrough application File-Transfer
class ftps-data
optimize tfo dre lz application File-Transfer
class FTPS
passthrough application File-Transfer
class ftps
optimize tfo application File-Transfer
class Filenet
optimize tfo dre lz application Content-Management
class Gnutella
passthrough application P2P
class Grouper
passthrough application P2P
class openmail
optimize tfo dre lz application Email-and-Messaging
class HP-OpenView
passthrough application Systems-Management
class novadigm
optimize tfo dre lz application Systems-Management
class HTTP
optimize tfo dre lz application Web accelerate http-express
class HTTPS
optimize tfo application SSL
class HotLine
passthrough application P2P
class IBM-DB2
optimize tfo dre lz application SQL
class netviewdm
passthrough application Systems-Management
class IBM-TSM
optimize tfo dre lz application Backup
class objcall
optimize tfo dre lz application Systems-Management
class IPP
optimize tfo dre lz application Printing
class proshare
passthrough application Conferencing
class intersys-cache
optimize tfo dre lz application SQL
class imap
optimize tfo dre lz application Email-and-Messaging
class imap3
optimize tfo dre lz application Email-and-Messaging
class pop3
optimize tfo dre lz application Email-and-Messaging
class smtp
optimize tfo dre lz application Email-and-Messaging
class imaps
optimize tfo application Email-and-Messaging
class pop3s
optimize tfo application Email-and-Messaging
class smtps
optimize tfo application Email-and-Messaging
class xmpp-client
passthrough application Instant-Messaging
class xmpp-server
passthrough application Instant-Messaging
class Kazaa
passthrough application P2P
class Kerberos
passthrough application Authentication
class kerberos-adm
passthrough application Authentication
class klogin
passthrough application Authentication
class kshell
passthrough application Authentication
class tell
passthrough application Authentication
class kpasswd
passthrough application Authentication
class L2TP
optimize tfo application VPN
class LANDesk
optimize tfo dre lz application Systems-Management
class LDAP
optimize tfo dre lz application Directory-Services
class msft-gc
optimize tfo dre lz application Directory-Services
class msft-gc-ssl
passthrough application Directory-Services
class ldaps
passthrough application Directory-Services
class laplink
optimize tfo dre lz application Remote-Desktop
class pcsync-http
optimize tfo dre lz application Replication
class pcsync-https
optimize tfo application Replication
class Laplink-ShareDirect
passthrough application P2P
class Laplink-surfup-HTTPS
optimize tfo application Remote-Desktop
class Legato-NetWorker
optimize tfo application Backup
class Legato-RepliStor
optimize tfo application Backup
class Liquid-Audio
optimize tfo dre lz application Streaming
class lotusnote
optimize tfo dre lz application Email-and-Messaging
class sametime
passthrough application Instant-Messaging
class MDaemon
optimize tfo dre lz application Email-and-Messaging
class ms-content-repl-srv
optimize tfo application Replication
class epmap
optimize tfo application Other
class MS-GROOVE
optimize tfo application Enterprise-Applications
class msmq
optimize tfo dre lz application Other
class MS-NetMeeting
passthrough application Conferencing
class ms-streaming
optimize tfo dre lz application Streaming
class msnp
passthrough application Instant-Messaging
class ms-olap4
optimize tfo application SQL
class ms-sql-s
optimize tfo dre lz application SQL
class ms-wbt-server
optimize tfo application Remote-Desktop
class MySQL
optimize tfo dre lz application SQL
class NFS
optimize tfo dre lz application File-System
class NNTP
optimize tfo dre lz application Email-and-Messaging
class nntps
optimize tfo application Email-and-Messaging
class NTP
passthrough application Other
class Napster
passthrough application P2P
class netapp-snapmirror
optimize tfo dre lz application Replication
class NetIQ
passthrough application Systems-Management
class timbuktu
optimize tfo application Remote-Desktop
class timbuktu-srv
optimize tfo application Remote-Desktop
class Netopia-netOctopus
passthrough application Systems-Management
class groupwise
optimize tfo dre lz application Email-and-Messaging
class ncp
optimize tfo dre lz application File-System
class novell-zen
optimize tfo dre lz application Systems-Management
class talk
passthrough application Instant-Messaging
class OpenVPN
optimize tfo application VPN
class Oracle
optimize tfo dre lz application SQL
class orasrv
optimize tfo dre lz application SQL
class Other-Secure
passthrough application Other
class corba-iiop-ssl
passthrough application Other
class ircs
passthrough application Other
class netrjs-3
optimize tfo application Remote-Desktop
class pcanywheredata
optimize tfo application Remote-Desktop
class pcmail-srv
optimize tfo dre lz application Email-and-Messaging
class PDMWorks
optimize tfo dre lz application CAD
class PPTP
optimize tfo application VPN
class PSOM-MTLS
passthrough application Conferencing
class Pervasive-SQL
optimize tfo dre lz application SQL
class PostgreSQL
optimize tfo dre lz application SQL
class QMTP
optimize tfo dre lz application Email-and-Messaging
class Qnext
passthrough application P2P
class radmin-port
optimize tfo application Remote-Desktop
class RTSP
optimize tfo dre lz application Streaming
class Remote-Anything
optimize tfo application Remote-Desktop
class rrac
optimize tfo application Replication
class Rsync
optimize tfo dre lz application Replication
class apple-sasl
passthrough application Authentication
class sip-tls
passthrough application Call-Management
class soap-http
optimize tfo dre lz application Web
class sqlsrv
optimize tfo dre lz application SQL
class SSH
optimize tfo application SSH
class sshell
passthrough application Console
class xprint-server
optimize tfo dre lz application Printing
class ssql
optimize tfo dre lz application SQL
class svrloc
passthrough application Name-Services
class Siebel
optimize tfo dre lz application Enterprise-Applications
class sftp
optimize tfo dre lz application File-Transfer
class SoulSeek
passthrough application P2P
class sunrpc
passthrough application File-System
class sybase-sqlany
optimize tfo dre lz application SQL
class ssc-agent
optimize tfo dre lz application Other
class TACACS
passthrough application Authentication
class TFTP
optimize tfo dre lz application File-Transfer
class TFTPS
optimize tfo application File-Transfer
class Telnet
passthrough application Console
class login
passthrough application Console
class Telnets
passthrough application Console
class UniSQL
optimize tfo dre lz application SQL
class printer
optimize tfo dre lz application Printing
class print-srv
optimize tfo dre lz application Printing
class cmd
passthrough application Console
class exec
passthrough application Console
class Veritas-BackupExec
optimize tfo application Backup
class Veritas-NetBackup
optimize tfo application Backup
class Vmware-VMConsole
optimize tfo application Remote-Desktop
class VoIP-Control
passthrough application Call-Management
class cisco-q931-backhaul
passthrough application Call-Management
class cisco-sccp
passthrough application Call-Management
class h323hostcall
passthrough application Call-Management
class h323hostcallsc
passthrough application Call-Management
class sip
passthrough application Call-Management
class VocalTec
passthrough application Conferencing
class flowmonitor
optimize tfo lz application Systems-Management
class WASTE
passthrough application P2P
class WBEM
passthrough application Systems-Management
class WINS
passthrough application Name-Services
class nameserver
passthrough application Name-Services
class netbios
passthrough application Name-Services
class WinMX
passthrough application P2P
class iso-tsap
optimize tfo dre lz application Email-and-Messaging
class x11
optimize tfo application Remote-Desktop
class Yahoo-Messenger
passthrough application Instant-Messaging
class eDonkey
passthrough application P2P
class eTrust-policy-Compliance
optimize tfo application Systems-Management
class ezMeeting
passthrough application Conferencing
class iFCP
optimize tfo dre lz application Storage
class iscsi
optimize tfo dre lz application Storage
class isns
passthrough application Name-Services
class ircu
passthrough application Instant-Messaging
class SAP
optimize tfo dre lz application Enterprise-Applications
class VNC
optimize tfo application Remote-Desktop
class auth
passthrough application Authentication
class citrixadmin
optimize tfo dre lz application Remote-Desktop
class citrixima
optimize tfo dre lz application Remote-Desktop
class mgcp-callagent
passthrough application Call-Management
class mgcp-gateway
passthrough application Call-Management
class ms-sql-m
optimize tfo dre lz application SQL
class sqlexec
optimize tfo dre lz application SQL
class sql-net
optimize tfo dre lz application SQL
class sqlserv
optimize tfo dre lz application SQL
class ccmail
optimize tfo dre lz application Email-and-Messaging
class waas-default
optimize tfo dre lz application waas-default
!
!
crypto keyring keyring
pre-shared-key address 0.0.0.0 0.0.0.0 key
!
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp keepalive 10 periodic
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile AES-SHA
set transform-set AES-SHA
!
!
!
!
!
!
!
!
interface Tunnel0
description DMVPN
ip address 10.255.14.31 255.255.254.0
no ip redirects
ip mtu 1400
ip nhrp authentication enlivant
ip nhrp map 10.255.14.1 38.69.52.4
ip nhrp map multicast x.x.x.x
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.255.14.1
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly in
ip virtual-reassembly out
ip tcp adjust-mss 1360
keepalive 5 3
tunnel source GigabitEthernet8
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile AES-SHA shared
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
description CANON
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
description TRENDNET
no ip address
!
interface GigabitEthernet8
description INTERNET-STATIC
ip address x.x.x.x.255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Vlan1
description INSIDE Interface
ip address 10.50.28.254 255.255.255.0
ip mtu 1460
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip policy route-map PBR
hold-queue 32 in
!
interface Async3
no ip address
encapsulation slip
!
!
router eigrp 2
network 10.0.0.0
passive-interface default
no passive-interface Tunnel0
eigrp stub connected summary
!
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x.x
ip tacacs source-interface Vlan1
!
ip access-list extended NAT
permit ip 10.50.28.224 0.0.0.15 any
ip access-list extended PBR
deny ip 10.50.28.224 0.0.0.15 any
deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
permit ip 10.0.0.0 0.255.255.255 any
!
!
ip prefix-list BLOCK-EIGRP-DEFAULT seq 5 deny 0.0.0.0/0
ip prefix-list BLOCK-EIGRP-DEFAULT seq 10 permit 0.0.0.0/0 le 32
ip sla 1
icmp-echo 10.50.28.254
threshold 2
timeout 1000
frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.50.28.254 source-interface GigabitEthernet8
threshold 2
timeout 1000
frequency 3
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 10.50.28.226 source-interface Vlan1
threshold 2
timeout 1000
frequency 3
ip sla schedule 3 life forever start-time now
kron occurrence MONTHLY_BACKUP at 9:00 10 recurring
policy-list CONFIG_BACKUP
!
kron policy-list CONFIG_BACKUP
cli copy running-config tftp://10.255.0.150/
!
!
route-map PBR permit 10
match ip address PBR
set ip next-hop 10.255.14.1
!
snmp-server community RO
snmp-server community RW
snmp-server location Walker Place
snmp-server contact
snmp-server enable traps tty
tacacs server tacacs1
address ipv4 10.255.0.3
key 7
tacacs server tacacs2
address ipv4 10.255.0.4
key 7
access-list 2 permit myoutsideIP 0.0.0.0
access-list 2 permit 10.6.0.0 0.0.255.255
access-list 2 permit 10.20.0.0 0.0.255.255
access-list 2 permit 10.40.0.0 0.0.255.255
access-list 2 permit 10.50.0.0 0.0.255.255
access-list 2 permit 10.90.0.0 0.0.255.255
access-list 2 permit 10.255.0.0 0.0.255.255
access-list 2 permit x.x.x.x. 0.0.0.63
access-list 2 permit 88888888 0.0.0.7
access-list 2 deny any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
banner motd ^CCC
********** ATTENTION **********
STATE AND FEDERAL STATUTES MAKE IT A CRIME TO
GAIN UNAUTHORIZED ACCESS INTO THIS SYSTEM.
VIOLATORS WILL BE PROSECUTED.
This session is being monitored.
^C
!
line con 0
exec-timeout 20 0
logging synchronous
no modem enable
stopbits 1
line aux 0
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
access-class 2 in
exec-timeout 120 0
logging synchronous
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
logging synchronous
transport input all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp source Vlan1
ntp server
ntp server
!
end
ASKER
oooh, i have few routers that dont have that statement and they are OK. You know of anything that could cause this again? I did added the line you asked though to the router. There is not much plugged in to it other than a small unmanagged switch.
access-list 2 permit myoutsideIP 0.0.0.0This is what is list of IP address ranges that are permitted to access to your device. If address from where you are trying to establish connection is not listed there you will not be able to access the device.
access-list 2 permit 10.6.0.0 0.0.255.255
access-list 2 permit 10.20.0.0 0.0.255.255
access-list 2 permit 10.40.0.0 0.0.255.255
access-list 2 permit 10.50.0.0 0.0.255.255
access-list 2 permit 10.90.0.0 0.0.255.255
access-list 2 permit 10.255.0.0 0.0.255.255
access-list 2 permit x.x.x.x. 0.0.0.63
access-list 2 permit 88888888 0.0.0.7
access-list 2 deny any
!
line vty 0 4
access-class 2 in
Interface VLAN can go down only in the case that there are no active ports in VLAN 1 if switch is attached - it should never go down. No autostate if it is configured unter interface will always keep SVI up.
ASKER
it's on there, its the 10.255. Will see what happens, I will monitor it . Thanks for your help!
ASKER
thats what I thought
Don't forget that if you are accessing through WAN it can happen that you are trying to access via your public IP address, not private (not via DMVPN), so address may not be listed above.
ASKER
aaah, i see what you're saying, that might be too
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
interface vlan 1
no autostate
Since VLAN 1 is configured as source interface for tacacs and some other... it should never go down...