×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IP SLA issues - 2900 series

Unanswered Question

Hello all. I'm running a 2900 series router and I'm trying to get SLA to work. I have a few issues. The main one is I can not seem to ping from either g0/0 or g0/0/0 using ping 8.8.8.8 sou g0/0. Just fails. I can however ping from g0/1 which tells me that it's probably something messed up in my routes. I'm at a loss though.

Second issue I am having is that for some reason my VoIP system (192.) is wide open to the outside world on port 80 and 25, when it shouldn't be. None of those ports are open to the public that I can tell.

Here is the basics of the current running config:

boot-start-marker

boot-end-marker

!

!

enable secret 5 

enable password 

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

ip name-server 208.xxx.xxx.xxx

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2901/K9 sn 

license boot module c2900 technology-package datak9

!

!

!

redundancy

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description Suddenlink

 ip address 66.xxx.xxx.xxx 255.255.255.0 secondary

 ip address 66.xxx.xxx.xxx 255.255.255.0

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

 no mop enabled

!

interface GigabitEthernet0/1

 description Inside LAN

 ip address 172.xxx.xxx.254 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1.10

 description MITEL

 encapsulation dot1Q 10

 ip address 192.168.200.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

interface GigabitEthernet0/0/0

 description Verizon LTE

 ip address 166.xxx.xxx.xxx 255.255.255.252

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

!

ip local policy route-map LocalPolicy

ip forward-protocol nd

!

no ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat pool FTP 172.xxx.xxx.61 172.xxx.xxx.61 netmask 255.255.255.0 type rotary

ip nat inside source static tcp 172.xxx.xxx.61 1723 interface GigabitEthernet0/0 1723

ip nat inside source static udp 172.xxx.xxx.61 500 interface GigabitEthernet0/0 500

ip nat inside source route-map nonat interface GigabitEthernet0/0 overload

ip nat inside source static udp 192.xxx.xxx.xxx 67 66.xxx.xxx.xxx 67 extendable

ip nat inside source static udp 192.xxx.xxx.xxx 68 66.xxx.xxx.xxx 68 extendable

ip nat inside source static udp 192.xxx.xxx.xxx 69 66.xxx.xxx.xxx 69 extendable

ip nat inside source static udp 192.xxx.xxx.xxx 100 66.xxx.xxx.xxx 100 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 3998 66.xxx.xxx.xxx 3998 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 3999 66.xxx.xxx.xxx 3999 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 4000 66.xxx.xxx.xxx 4000 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 5566 66.xxx.xxx.xxx 5566 extendable

ip nat inside source static udp 192.xxx.xxx.xxx 5567 66.xxx.xxx.xxx 5567 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 6800 66.xxx.xxx.xxx 6800 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 6801 66.xxx.xxx.xxx 6801 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 6802 66.xxx.xxx.xxx 6802 extendable

ip nat inside source static udp 192.xxx.xxx.xxx 20001 66.xxx.xxx.xxx 20001 extendable

ip nat inside source static tcp 192.xxx.xxx.xxx 44000 66.xxx.xxx.xxx 44000 extendable

ip nat inside source static 192.xxx.xxx.xxx 66.xxx.xxx.xxx route-map nonat

ip nat inside source static tcp 172.xxx.xxx.154 25 66.xxx.xxx.xxx3 25 extendable

ip nat inside source static tcp 172.xxx.xxx.154 443 66.xxx.xxx.xxx3 443 extendable

ip nat inside source static tcp 172.xxx.xxx.154 25 166.xxx.xxx.xxx 25 extendable

ip nat inside source static tcp 172.xxx.xxx.154 443 166.xxx.xxx.xxx 443 extendable

ip nat inside destination list 104 pool FTP

ip route 0.0.0.0 0.0.0.0 66.xxx.xxx.xxx track 100

ip route 0.0.0.0 0.0.0.0 66.xxx.xxx.xxx 250

ip route 172.xxx.xxx.0 255.255.255.0 66.76.12.0

ip route 192.168.1.0 255.255.255.0 172.xxx.xxx.10

!

ip sla responder

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 102 permit ip 172.xxx.xxx.0 0.0.0.255 172.16.4.0 0.0.0.255

access-list 103 permit ip 172.xxx.xxx.0 0.0.0.255 any

access-list 103 deny   ip 172.xxx.xxx.0 0.0.0.255 172.16.4.0 0.0.0.255

access-list 103 deny   ip 172.xxx.xxx.0 0.0.0.255 172.16.6.0 0.0.0.255

access-list 104 permit tcp any any range 12200 12300

access-list 105 permit tcp any any range 6800 6802

access-list 106 permit udp any any range 6004 6261

access-list 107 permit udp any any range 5004 5007

access-list 108 permit udp any any range 50098 50508

!

!

!

!

route-map MITEL permit 10

 match ip address 105 106 107 108

!

route-map nonat permit 10

 match ip address 103

!

!

snmp-server community public RO

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 password 

 login

 transport input all

!

scheduler allocate 20000 1000

end

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion