08-16-2010 01:51 PM - edited 03-04-2019 09:26 AM
Hi,
I'm currently setting up a second line on our Router and intend to send all traffic for networks other than our own private networks (say 10.10.0.0/16) on a remote site with a VPN in between.
So I was thinking first get rid of the current route:
no ip route 10.10.0.0 255.255.0.0 82.211.60.1
Then adding the new routes
ip route 10.10.0.0 255.255.0.0 82.211.60.1
ip route 0.0.0.0 0.0.0.0 82.211.60.2
But I have tried this and neither VPN traffic or the second line seem to work, now I think the routes are right(?) but I'm still very new to setting up routes.
If the routes are correct, why wouldn't the VPN connect reconnect? Plus is there a way I could test the new line before configuring the routes?
Any other information your need let me know, any help would be appreciated.
Thanks,
David.
Solved! Go to Solution.
08-17-2010 03:24 AM
Hello David,
change or mask public ip addresses and remove lines of usernames with passwords
you should be able to access the public link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
Hope to help
Giuseppe
08-17-2010 10:00 AM
David,
You should be able to access the link that Giuseppe posted
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
this should help understand Basic Natting and routing requirements for your setup.
Manish.
08-16-2010 02:02 PM
Hello David,
you should post your configuration in order to understand what type of VPN you would like to use ( IPSec VPN protected point to point tunnel or other type?)
my first impression is that it is strange to see a private IP subnet 10.10.0.0/16 with a public IP address as IP next-hop.
let me provide an example:
if you use a GRE tunnel you specify a static route like
ip route 10.10.0.0 255.255.0.0 tunnel5
interface tunnel5
tunnel source x.x.x.x
tunnel destination y.y.y.y
ip address 10.20.0.1 255.255.255.252
no shut
!
x.x.x.x is a local IP address of the WAN interface (public) and y.y.y.y is defined on the router in the remote site and it is typically public if the VPN is over the public internet
you still refer to the tunnel 5 even if GRE packets are encrypted by IPSec using a crypto map
the ACL used by ipsec becomes
access-list 113 permit gre host x.x.x.x host y.y.y.y
A static route may be needed for setting up the tunnel
ip route y.y.y.y 255.255.255.255 x.x.x.k
and on remote site you can have a default static route in order to use main site for internet access (if desired)
ip route 0.0.0.0 0.0.0.0 tunnel 5
interface tunnel 5
tunnel source y.y.y.y
tunnel destination x.x.x.x
ip address 10.20.0.2 255.255.255.252
where x.x.x.k is the ip next-hop in same ip subnet of x.x.x.x
Hope to help
Giuseppe
08-17-2010 01:47 AM
Hi Giuseppe,
Thanks for the information, I see what you mean about the routes with a private IP. I'm happy to provide my running config but what parts should I take out for security to be on the safe side?
Thanks,
David.
08-17-2010 03:24 AM
Hello David,
change or mask public ip addresses and remove lines of usernames with passwords
you should be able to access the public link:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
Hope to help
Giuseppe
08-16-2010 03:25 PM
Hello David,
you can check if this link helps you.
Manish.
08-17-2010 01:49 AM
Hi Manish,
Unfortunately I don't have access, as I only have a very basic account. Is there any sites that I would be able to use their resources to help improve my understanding?
Thanks,
David.
08-17-2010 10:00 AM
David,
You should be able to access the link that Giuseppe posted
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
this should help understand Basic Natting and routing requirements for your setup.
Manish.
08-18-2010 06:59 AM
Hey Guys,
Thanks for the links, I'm going to read then now as I have been troubleshooting another issue this morning and I think I might be wanting to setup routing groups to achieve the goal of sending traffic down one of two connections depending on it's destination.
Below is an edited copy of our config; please let me know if I need to make more edits to ensure it is safe to post online.
Thanks,
David.
!
! Last configuration change at 14:12:13 London Mon Aug 16 2010 by root
! NVRAM config last updated at 17:29:40 London Mon Aug 16 2010 by root
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FW
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 informational
enable password
!
aaa new-model
!
!
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
memory-size iomem 20
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip icmp rate-limit unreachable 100
ip icmp rate-limit unreachable DF 1
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.50.254
ip dhcp excluded-address 192.168.50.10 192.168.50.11
!
ip dhcp pool Wireless
import all
network 192.168.50.0 255.255.255.0
dns-server 192.168.10.1 192.168.10.2
default-router 192.168.50.254
lease 3
!
!
no ip bootp server
ip domain name tolhurst.com
ip name-server 192.168.10.1
ip name-server 192.168.10.2
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name outbound esmtp
ip inspect name outbound tcp
ip inspect name outbound udp
!
!
crypto pki trustpoint TP-self-signed-337632103
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-337632103
revocation-check none
rsakeypair TP-self-signed-337632103
!
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
lifetime 28800
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key mushroom address 140.82.120.21
crypto isakmp keepalive 20 10
crypto isakmp xauth timeout 20
!
crypto isakmp client configuration group VPNCLIENTGROUP
key timerightnow
dns 192.168.10.1 192.168.10.2
domain tolhurst.com
pool vpn1
acl tolhurstvpn_splitTunnelAcl
crypto isakmp profile VPNclient
description VPN clients profile
match identity group VPNCLIENTGROUP
client authentication list userlist
isakmp authorization list groupauthor
client configuration address respond
!
!
crypto ipsec transform-set 3des esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set HiRemote esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set 3des
set isakmp-profile VPNclient
reverse-route
!
!
crypto map map1 10 ipsec-isakmp
set peer 140.82.120.21
set transform-set HiRemote
match address 100
crypto map map1 20 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
!
interface FastEthernet0/0
description $ETH-WAN$
bandwidth 2048
ip address 81.134.145.210 255.255.255.240
ip access-group outside_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect outbound in
ip inspect outbound out
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
duplex auto
speed auto
no cdp enable
arp timeout 1800
no mop enabled
crypto map map1
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.10.254 255.255.255.0
ip access-group inside_acl in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip inspect outbound in
ip inspect outbound out
ip virtual-reassembly
ip tcp adjust-mss 1452
speed 100
full-duplex
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dot11Radio0/1/0
description Wireless interface
no ip address
no ip redirects
ip local-proxy-arp
ip virtual-reassembly
!
broadcast-key vlan 1 change 45
!
broadcast-key vlan 2 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers tkip
!
encryption mode ciphers tkip
!
ssid tolhurst01
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2452
station-role root
no cdp enable
!
interface Dot11Radio0/1/0.1
description tolhurst UnSecure
encapsulation dot1Q 1 native
ip virtual-reassembly
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dialer0
bandwidth 8192
ip address 72.201.145.44 255.255.240.0
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname
ppp chap password 7
ppp pap sent-username
!
interface BVI1
description Wireless LAN
ip address 192.168.50.254 255.255.255.0
ip access-group inside_acl in
ip nat inside
ip virtual-reassembly
!
interface BVI2
mtu 1514
ip address 192.168.51.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpn1 192.168.11.1 192.168.11.20
ip route 0.0.0.0 0.0.0.0 81.134.145.209
ip route 140.82.111.30 255.255.255.255 81.134.145.209
!
ip flow-top-talkers
top 20
sort-by bytes
!
ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool pool1 81.134.145.211 81.134.145.211 netmask 255.255.255.240
ip nat inside source list 111 pool pool1 overload
ip nat inside source static tcp 192.168.10.204 25 81.134.145.212 25 route-map nonat extendable
ip nat inside source static tcp 192.168.10.160 80 81.134.145.212 80 route-map nonat extendable
ip nat inside source static tcp 192.168.10.204 443 81.134.145.212 443 route-map nonat extendable
ip nat inside source static tcp 192.168.10.204 587 81.134.145.212 587 route-map nonat extendable
ip nat inside source static tcp 192.168.10.204 993 81.134.145.212 993 route-map nonat extendable
ip nat inside source static tcp 192.168.10.204 995 81.134.145.212 995 route-map nonat extendable
ip nat inside source static tcp 192.168.10.110 80 81.134.145.213 80 route-map nonat extendable
ip nat inside source static tcp 192.168.10.166 80 81.134.145.214 80 route-map nonat extendable
ip nat inside source static tcp 192.168.10.190 8080 81.134.145.214 8080 route-map nonat extendable
ip nat inside source static tcp 192.168.10.210 80 81.134.145.215 80 route-map nonat extendable
ip nat inside source static tcp 192.168.10.210 443 81.134.145.215 443 route-map nonat extendable
ip nat inside source static tcp 192.168.10.135 80 81.134.145.216 80 route-map nonat extendable
!
ip access-list extended tolhurstvpn_splitTunnelAcl
permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended general
permit ip any any
ip access-list extended inside_acl
permit udp host 192.168.10.1 host 172.16.1.78 eq domain
permit udp host 192.168.10.1 host 172.16.1.80 eq domain
permit udp host 192.168.10.2 host 172.16.1.78 eq domain
permit udp host 192.168.10.2 host 172.16.1.80 eq domain
permit tcp host 192.168.10.50 host 172.16.1.90 eq 8080
permit tcp host 192.168.10.50 host 172.16.1.90 eq 8081
permit tcp host 192.168.10.48 host 172.16.1.92 eq 8080
permit tcp host 192.168.10.48 host 172.16.1.92 eq 8081
permit tcp host 192.168.10.63 host 172.16.1.92 eq 8080
permit tcp host 192.168.10.54 host 172.16.1.10 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.11 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.13 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.14 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.15 eq 3389
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.20 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.22 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.24 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.26 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.28 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.30 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.32 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.34 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.36 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.100 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.2.118 eq 1433
permit ip host 192.168.10.50 172.16.0.0 0.0.255.255
permit ip host 192.168.10.51 172.16.0.0 0.0.255.255
permit ip host 192.168.10.57 172.16.0.0 0.0.255.255
permit ip host 192.168.10.66 172.16.0.0 0.0.255.255
permit ip host 192.168.10.61 172.16.0.0 0.0.255.255
permit ip host 192.168.10.67 172.16.0.0 0.0.255.255
permit ip host 192.168.10.83 172.16.0.0 0.0.255.255
permit ip host 192.168.10.84 172.16.0.0 0.0.255.255
permit ip host 192.168.10.55 172.16.0.0 0.0.255.255
permit ip host 192.168.10.160 172.16.0.0 0.0.255.255
permit ip host 192.168.10.163 172.16.0.0 0.0.255.255
permit ip host 192.168.10.203 172.16.0.0 0.0.255.255
permit tcp 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255 eq www
permit tcp 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 443
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.90 eq 7099
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.93 eq ftp
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.93 eq 22
deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.11.0 0.0.0.255 172.16.0.0 0.0.255.255
deny tcp any any eq 4662
deny tcp any 128.121.20.0 0.0.0.15 eq www
deny tcp any 128.121.4.0 0.0.0.255 eq www
permit ip any any
permit icmp 192.168.10.0 0.0.0.255 any echo
permit icmp 192.168.10.0 0.0.0.255 any echo-reply
ip access-list extended outside_acl
permit ahp host 140.82.111.30 host 81.134.145.210
permit ahp any host 81.134.145.210
permit esp host 140.82.111.30 host 81.134.145.210
permit esp any host 81.134.145.210
permit udp host 140.82.111.30 host 81.134.145.210 eq isakmp
permit udp any host 81.134.145.210 eq isakmp
permit udp host 140.82.111.30 host 81.134.145.210 eq non500-isakmp
permit udp any host 81.134.145.210 eq non500-isakmp
permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit udp host 140.82.111.30 any eq isakmp
permit udp host 140.82.111.30 eq isakmp any
permit esp host 140.82.111.30 any
permit udp any eq isakmp any
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit ahp any any
permit esp any any
permit tcp any host 81.134.145.212 eq 995
permit tcp any host 81.134.145.212 eq 587
permit tcp any host 81.134.145.212 eq www
permit tcp any host 81.134.145.212 eq 443
permit tcp any host 81.134.145.212 eq smtp
permit tcp any host 81.134.145.212 eq 993
permit tcp any host 81.134.145.213 eq www
permit tcp any host 81.134.145.214 eq www
permit tcp any host 81.134.145.215 eq www
permit tcp any host 81.134.145.215 eq 443
permit tcp any host 81.134.145.216 eq www
permit tcp any host 81.134.145.216 eq 443
permit tcp host 80.177.153.32 host 81.134.145.214 eq 8080
permit tcp host 140.82.111.30 host 81.134.145.214 eq 8080
permit icmp any any
deny ip any any log
!
logging 192.168.10.203
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 101 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 101 permit ip any host 146.101.162.209
access-list 101 permit ip any host 146.101.250.35
access-list 101 permit ip any host 80.64.57.160
access-list 101 permit ip any host 80.64.57.161
access-list 101 permit ip any host 146.101.121.78
access-list 101 permit ip any host 146.101.121.79
access-list 101 deny ip host 192.168.10.203 any
access-list 101 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 101 deny ip any 192.168.11.0 0.0.0.255
access-list 101 deny ip 192.168.10.50 0.0.0.1 any
access-list 101 deny ip 192.168.10.52 0.0.0.3 any
access-list 101 deny ip 192.168.10.56 0.0.0.7 any
access-list 101 deny ip 192.168.10.64 0.0.0.31 any
access-list 101 deny ip 192.168.10.96 0.0.0.3 any
access-list 101 deny ip host 192.168.10.100 any
access-list 101 deny ip host 192.168.10.204 any
access-list 101 deny ip host 192.168.10.205 any
access-list 101 deny ip host 192.168.10.206 any
access-list 101 deny ip host 192.168.10.207 any
access-list 101 deny ip host 192.168.10.208 any
access-list 101 deny ip host 192.168.10.209 any
access-list 101 deny ip host 192.168.10.210 any
access-list 101 deny ip host 192.168.10.220 any
access-list 101 deny ip host 192.168.10.221 any
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.31 any
access-list 101 permit ip 192.168.10.32 0.0.0.15 any
access-list 101 permit ip 192.168.10.48 0.0.0.1 any
access-list 101 permit ip host 192.168.10.101 any
access-list 101 permit ip 192.168.10.102 0.0.0.1 any
access-list 101 permit ip 192.168.10.104 0.0.0.7 any
access-list 101 permit ip 192.168.10.112 0.0.0.15 any
access-list 101 permit ip 192.168.10.128 0.0.0.63 any
access-list 101 permit ip 192.168.10.192 0.0.0.31 any
access-list 101 permit ip 192.168.10.224 0.0.0.15 any
access-list 101 permit ip 192.168.10.240 0.0.0.7 any
access-list 101 permit ip 192.168.10.248 0.0.0.3 any
access-list 101 permit ip 192.168.10.252 0.0.0.1 any
access-list 102 permit ip any any
access-list 103 deny ip any any dscp 1 log
access-list 103 permit ip any any
access-list 104 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 104 deny ip host 192.168.10.203 172.16.0.0 0.0.255.255
access-list 104 deny ip host 192.168.10.203 192.168.11.0 0.0.0.255
access-list 104 deny ip any 192.168.11.0 0.0.0.255
access-list 104 permit ip host 192.168.10.203 any
access-list 104 permit ip host 192.168.10.204 any
access-list 104 permit ip host 192.168.10.205 any
access-list 104 permit ip host 192.168.10.206 any
access-list 104 permit ip host 192.168.10.207 any
access-list 104 permit ip host 192.168.10.208 any
access-list 104 permit ip host 192.168.10.209 any
access-list 104 permit ip host 192.168.10.210 any
access-list 104 permit ip host 192.168.10.220 any
access-list 104 permit ip host 192.168.10.221 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 deny ip host 192.168.10.203 any
access-list 105 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 105 deny ip any 192.168.11.0 0.0.0.255
access-list 105 deny ip 192.168.10.0 0.0.0.31 any
access-list 105 deny ip 192.168.10.32 0.0.0.15 any
access-list 105 deny ip 192.168.10.48 0.0.0.1 any
access-list 105 deny ip host 192.168.10.101 any
access-list 105 deny ip 192.168.10.102 0.0.0.1 any
access-list 105 deny ip 192.168.10.104 0.0.0.7 any
access-list 105 deny ip 192.168.10.112 0.0.0.15 any
access-list 105 deny ip 192.168.10.128 0.0.0.63 any
access-list 105 deny ip 192.168.10.192 0.0.0.31 any
access-list 105 deny ip 192.168.10.224 0.0.0.15 any
access-list 105 deny ip 192.168.10.240 0.0.0.7 any
access-list 105 deny ip 192.168.10.248 0.0.0.3 any
access-list 105 deny ip 192.168.10.252 0.0.0.1 any
access-list 105 deny ip host 192.168.10.204 any
access-list 105 deny ip host 192.168.10.205 any
access-list 105 deny ip host 192.168.10.206 any
access-list 105 deny ip host 192.168.10.207 any
access-list 105 deny ip host 192.168.10.208 any
access-list 105 deny ip host 192.168.10.209 any
access-list 105 deny ip host 192.168.10.210 any
access-list 105 deny ip host 192.168.10.220 any
access-list 105 deny ip host 192.168.10.221 any
access-list 105 permit ip 192.168.10.50 0.0.0.1 any
access-list 105 permit ip 192.168.10.52 0.0.0.3 any
access-list 105 permit ip 192.168.10.56 0.0.0.7 any
access-list 105 permit ip 192.168.10.64 0.0.0.31 any
access-list 105 permit ip 192.168.10.96 0.0.0.3 any
access-list 105 permit ip host 192.168.10.100 any
access-list 105 permit ip 192.168.50.0 0.0.0.255 any
access-list 106 permit ip any any
access-list 107 permit ip any any
access-list 109 permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0
access-list 109 permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.255.0
access-list 109 permit ip any 0.0.0.0 255.255.255.0
access-list 109 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 111 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 111 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 111 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 111 deny ip any 192.168.11.0 0.0.0.255
access-list 111 permit ip 192.168.10.0 0.0.0.255 any
access-list 111 permit ip 192.168.50.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community
snmp-server host 192.168.10.203
arp 192.168.10.110 03bf.c0a8.0a6e ARPA
arp 192.168.10.111 03bf.c0a8.0a6e ARPA
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
line con 0
line aux 0
scheduler allocate 20000 1000
end
08-18-2010 09:40 AM
Small update,
I have tried to create a route-map to direct just my machine alone down the dialer0 interface but it doesn't appear to have worked, although I have Internet and no VPN if I do a trace route to www.bbc.co.uk it shows my packets still going via the FastEthernet0/0. So I don't understand what is happening now, as I have the Internet but no VPN but if I were going out on the FastEthernet0/0 interface I would expect to be allowed to access the VPN still. I haven't set this firewall up just inherited it, and have to learn quickly.
Thanks,
David.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: