Bad_1710#sh ver Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1710-K9O3SY-M), Version 12.3(1a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Fri 06-Jun-03 19:50 by dchih Image text-base: 0x80008120, data-base: 0x80F0625C ROM: System Bootstrap, Version 12.2(1r)XE1, RELEASE SOFTWARE (fc1) Trexlertown uptime is 1 hour, 7 minutes System returned to ROM by reload System restarted at 13:03:16 UTC Tue Jun 17 2008 System image file is "flash:c1710-k9o3sy-mz.123-1a.bin" cisco 1710 (MPC855T) processor (revision 0x200) with 49152K/16384K bytes of memory. Processor board ID JAD072800VZ (2205510933), with hardware revision 0000 MPC855T processor: part number 5, mask 2 Bridging software. X.25 software, Version 3.0.0. 1 Ethernet/IEEE 802.3 interface(s) 1 FastEthernet/IEEE 802.3 interface(s) 1 Virtual Private Network (VPN) Module(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 ++++++++++++++++++++++++++++++ == End of show version == ++++++++++++++++++++++++++++++ Bad_1710#sh start Using 2848 out of 29688 bytes ! ! Last configuration change at 14:01:43 UTC Tue Jun 17 2008 by lantek ! NVRAM config last updated at 14:01:45 UTC Tue Jun 17 2008 by lantek ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Bad_1710 ! enable secret 5 enable password 7 ! memory-size iomem 25 ip subnet-zero ! ! ! ip inspect name myfw http java-list 98 ip inspect name myfw tcp ip inspect name myfw udp ip inspect name myfw tftp ip inspect name myfw ftp ip inspect name myfw realaudio ip inspect name myfw fragment maximum 256 timeout 1 ip inspect name myfw cuseeme ip inspect name myfw vdolive ip inspect name myfw sqlnet ip inspect name myfw streamworks ip inspect name myfw smtp ip inspect name myfw h323 ip inspect name myfw rcmd ip inspect name fwin tcp ip inspect name fwin udp ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! crypto isakmp policy 11 hash md5 authentication pre-share crypto isakmp key private_key address 63.XXX.XXX.242 ! ! crypto ipsec transform-set strong esp-des esp-md5-hmac crypto ipsec df-bit clear ! crypto map mymap 11 ipsec-isakmp set peer 63.XXX.XXX.242 set transform-set strong match address 120 ! ! ! ! interface Ethernet0 ip address dhcp ip access-group 110 in ip nat outside ip inspect myfw out half-duplex crypto map mymap ! interface FastEthernet0 description connected to Trexlertown LAN ip address 10.7.0.1 255.255.255.0 ip nat inside speed auto ! router rip version 2 passive-interface Ethernet0 network 10.0.0.0 no auto-summary ! ip nat inside source route-map nonat interface Ethernet0 overload ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 no ip http server ip http secure-server ! ! access-list 98 permit 10.1.0.0 0.0.0.255 access-list 101 deny ip 10.7.0.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 101 permit ip 10.7.0.0 0.0.0.255 any access-list 110 permit esp any any access-list 110 permit udp any any eq isakmp access-list 110 permit icmp any any echo-reply access-list 110 permit icmp any any echo access-list 110 permit icmp any any unreachable access-list 110 permit icmp any any time-exceeded access-list 110 permit ip 10.0.0.0 0.0.0.255 any access-list 110 permit ahp any any access-list 110 permit udp any any range bootps bootpc access-list 120 permit ip 10.7.0.0 0.0.0.255 10.0.0.0 0.0.0.255 ! route-map nonat permit 5 match ip address 101 ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 30 0 privilege level 15 password 7 login local transport input telnet ssh ! no scheduler allocate ! end ++++++++++++++++++++++++++++++ == End of Configuration == ++++++++++++++++++++++++++++++ Trexlertown#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 10.0.0.0/24 is subnetted, 1 subnets C 10.7.0.0 is directly connected, FastEthernet0 C 207.172.224.0/24 is directly connected, Ethernet0 S* 0.0.0.0/0 is directly connected, Ethernet0 ++++++++++++++++++++++++++++++ == End of show ip route == ++++++++++++++++++++++++++++++ Trexlertown#traceroute 10.0.0.110 Type escape sequence to abort. Tracing the route to 10.0.0.110 1 10.19.48.1 8 msec 8 msec 8 msec 2 208.59.252.1 12 msec 24 msec 12 msec 3 * * * +++++++++++++++++++++++++++ == End of traceroute == +++++++++++++++++++++++++++ THIS IS A WORKING EXAMPLE OF ANOTHER VPN TUNNEL ROUTING PROPERLY ++++++++++++++++++++++++++++++ == Start of show ip route that works ++++++++++++++++++++++++++++++ Good_1710#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 0.0.0.0 to network 0.0.0.0 68.0.0.0/24 is subnetted, 1 subnets C 68.162.87.0 is directly connected, Ethernet0 10.0.0.0/24 is subnetted, 1 subnets C 10.5.0.0 is directly connected, FastEthernet0 S* 0.0.0.0/0 is directly connected, Ethernet0 ++++++++++++++++++++++++++++++ == End of show ip route == ++++++++++++++++++++++++++++++ Good_1710#traceroute 10.0.0.110 Type escape sequence to abort. Tracing the route to 10.0.0.110 1 68.162.87.1 24 msec 24 msec 24 msec 2 * * * 3