cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
792
Views
0
Helpful
4
Replies

891 DNS Help

Eddie.brown1986
Level 1
Level 1

Hello community,

I am having trouble's with getting DNS to work on my inside interface of my router. It is translating from the external interface but when I put in a source vlan 1 ping to say google.com I get no reply.  the following output displays the previous:

ROMUUTCI01#ping google.com


Translating "google.com"...domain server (198.6.100.140) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.228.69, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/72/72 ms


ROMUUTCI01#ping google.com source vlan 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.228.69, timeout is 2 seconds:
Packet sent with a source address of 192.168.134.1
.....
Success rate is 0 percent (0/5)

Here is the current configuration on the router. I have inheritated this mess of a configuration and the last person has not been able to get DNS working. I have been looking at this for about a month and so much of it doesn't make sence. Any input would be helpful.

endCurrent configuration : 43736 bytes
!
! Last configuration change at 21:36:54 UTC Wed Jul 25 2012
! NVRAM config last updated at 15:41:46 UTC Fri Jun 29 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROMUUTCI01
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$BZsW$MGzuVysqOryPeoKqQzo7t0
!
no aaa new-model
!
!
!
!
crypto pki trustpoint TP-self-signed-3562076813
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3562076813
revocation-check none
rsakeypair TP-self-signed-3562076813
!
!
crypto pki certificate chain TP-self-signed-3562076813
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353632 30373638 3133301E 170D3132 30363238 31393534
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35363230
37363831 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D763 D9D9BBD0 61681005 FBC97989 CF9AE4ED 4DCF3139 CB3245CD CBAEFA5D
4EDCDE53 BF9516FB 13BDC222 9D8A5308 AE4853C4 71D2B20F 53A67DEE 9E0D77C0
E97C524C 39EC3BE6 0E4E2E08 93B6FAB3 22C09643 1703E877 2D0049FE 31C52DB9
896D3476 B644FE1F F0206E94 8465B3F8 B45D4ED8 688288A2 95BFBADC 55316FF6
53350203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 806F39F2
C192744B 37A75125 62DE241A 71F2494B 301D0603 551D0E04 16041480 6F39F2C1
92744B37 A7512562 DE241A71 F2494B30 0D06092A 864886F7 0D010104 05000381
810080F2 8E9A31AE E205239E 2E4F2CFE DF2DAB0F CF596B62 11B89B42 6A267662
434C456E 79F9FCC9 6CB27DC4 7CF4E405 B9C8861C 75BC9F8D F80D6F5F 0913AF46
36C6E954 3453B147 79F16DBE 9F944B2A 8BDB9798 BBEAE57D 1B287D28 ADD862B3
B991A452 4C1E7842 BF9C8C6F C0690A54 BD1D95D1 31B6D4BD 7AEED043 682A4E85 21F8
quit
ip source-route
!
!
ip dhcp excluded-address 192.168.134.1 192.168.134.49
ip dhcp excluded-address 192.168.134.151 192.168.134.254
!
ip dhcp pool SLC-Pool
import all
network 192.168.134.0 255.255.255.0
dns-server 198.6.100.140 172.16.3.69
default-router 192.168.134.1
lease 3
!
!
ip cef
ip domain name pure.local
ip name-server 198.6.100.140
ip name-server 172.16.3.69
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FTX160784EK
!
!
object-group network og-L1-DNS-Servers
description Allowed external DNS servers
host 198.6.100.140
host 172.16.3.69
!
username eddieb privilege 15 secret 5 $1$nFgG$sY3LZlSv/.mcQdV6g5O6j/
!
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 112
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 110
class-map type inspect match-all sdm-cls-VPNOutsideToInside-5
match access-group 116
class-map type inspect match-all sdm-cls-VPNOutsideToInside-4
match access-group 114
class-map type inspect match-all sdm-cls-VPNOutsideToInside-6
match access-group 118
class-map type inspect match-all sdm-cls-VPNOutsideToInside-9
match access-group 124
class-map type inspect match-all sdm-cls-VPNOutsideToInside-8
match access-group 122
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 105
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all sdm-nat--1
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-all sdm-cls-VPNOutsideToInside-10
match access-group 126
class-map type inspect match-all sdm-cls-VPNOutsideToInside-23
match access-group 149
class-map type inspect match-all sdm-cls-VPNOutsideToInside-11
match access-group 128
class-map type inspect match-all sdm-cls-VPNOutsideToInside-22
match access-group 147
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-cls-VPNOutsideToInside-12
match access-group 130
class-map type inspect match-all sdm-cls-VPNOutsideToInside-21
match access-group 145
match access-group 149
class-map type inspect match-all sdm-cls-VPNOutsideToInside-13
match access-group 132
class-map type inspect match-all sdm-cls-VPNOutsideToInside-20
match access-group 143
match access-group 147
class-map type inspect match-any Ping_SLC
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-cls-VPNOutsideToInside-14
match access-group 134
class-map type inspect match-all sdm-cls-VPNOutsideToInside-27
match access-group 156
class-map type inspect match-all sdm-cls-VPNOutsideToInside-15
match access-group 136
class-map type inspect match-all sdm-cls-VPNOutsideToInside-26
match access-group 154
class-map type inspect match-all sdm-cls-VPNOutsideToInside-25
match access-group 153
class-map type inspect match-all sdm-cls-VPNOutsideToInside-17
match access-group 139
class-map type inspect match-all sdm-cls-VPNOutsideToInside-24
match access-group 151
class-map type inspect match-all sdm-cls-VPNOutsideToInside-19
match access-group 141
class-map type inspect match-all sdm-cls-VPNOutsideToInside-29
match access-group 165
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any IASL_PING
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-all ccp-cls-ccp-permit-2
match class-map Ping_SLC
match access-group name Ping_SLC
class-map type inspect match-all ccp-cls-ccp-permit-1
match class-map IASL_PING
match access-group name IASL
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 101
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all cm-Allow-DNS-Replies
description Allow DNS replies
match access-group name acl-Allow-DNS-Replies
match protocol dns
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat--1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class type inspect sdm-cls-VPNOutsideToInside-4
inspect
class type inspect sdm-cls-VPNOutsideToInside-5
inspect
class type inspect sdm-cls-VPNOutsideToInside-6
inspect
class type inspect sdm-cls-VPNOutsideToInside-8
inspect
class type inspect sdm-cls-VPNOutsideToInside-14
inspect
class type inspect sdm-cls-VPNOutsideToInside-15
inspect
class type inspect sdm-cls-VPNOutsideToInside-16
inspect
class type inspect sdm-cls-VPNOutsideToInside-17
pass
class type inspect sdm-cls-VPNOutsideToInside-19
inspect
class type inspect sdm-cls-VPNOutsideToInside-27
inspect
class type inspect sdm-cls-VPNOutsideToInside-9
inspect
class type inspect sdm-cls-VPNOutsideToInside-10
inspect
class type inspect sdm-cls-VPNOutsideToInside-11
inspect
class type inspect sdm-cls-VPNOutsideToInside-12
inspect
class type inspect sdm-cls-VPNOutsideToInside-13
inspect
class type inspect sdm-cls-VPNOutsideToInside-20
inspect
class type inspect sdm-cls-VPNOutsideToInside-21
inspect
class type inspect sdm-cls-VPNOutsideToInside-22
inspect
class type inspect sdm-cls-VPNOutsideToInside-23
inspect
class type inspect sdm-cls-VPNOutsideToInside-24
inspect
class type inspect sdm-cls-VPNOutsideToInside-25
inspect
class type inspect sdm-cls-VPNOutsideToInside-26
inspect
class type inspect sdm-cls-VPNOutsideToInside-29
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-cls-ccp-permit-1
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_VPN_PT
pass
class type inspect ccp-cls-ccp-permit-2
inspect
class type inspect ccp-cls-ccp-permit-1
inspect
class type inspect cm-Allow-DNS-Replies
pass
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-
ne
service-policy type inspect sdm-pol-NATOutsideToInside-1
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
crypto isakmp key ****** address 67.210.213.116
crypto isakmp key ******* address 206.210.110.114
crypto isakmp key ******* address 208.253.69.194
crypto isakmp key ******* address 65.107.185.2
!
!
crypto ipsec transform-set SLC-CoLo esp-3des esp-sha-hmac
crypto ipsec transform-set SLC-Miss esp-3des esp-sha-hmac
crypto ipsec transform-set SLC-COLUM esp-3des esp-sha-hmac
crypto ipsec transform-set SLC-Dal esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to67.210.213.116
set peer 67.210.213.116
set transform-set SLC-CoLo
match address 175
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to206.210.110.114
set peer 206.210.110.114
set transform-set SLC-Miss
match address 119
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to208.253.69.194
set peer 208.253.69.194
set transform-set SLC-COLUM
match address 120
crypto map SDM_CMAP_1 4 ipsec-isakmp
description Tunnel to65.107.185.2
set peer 65.107.185.2
set transform-set SLC-Dal
match address 125
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8

!
!
interface GigabitEthernet0
ip address 63.78.135.250 255.255.255.252
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
!
!
interface Vlan1
ip address 192.168.134.1 255.255.255.0
ip dns view-group DNSlist
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server view-group DNS
ip dns server
ip nat pool SLC-pool 63.78.135.250 63.78.135.250 prefix-length 30
ip nat inside source route-map SDM_RMAP_1 pool SLC-pool
ip route 0.0.0.0 0.0.0.0 63.78.135.249
!
ip access-list extended IASL
remark CCP_ACL Category=128
permit ip host 198.6.100.140 any
ip access-list extended Ping_SLC
remark CCP_ACL Category=128
permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
permit ip 192.168.131.0 0.0.0.255 192.168.122.0 0.0.0.255
permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_HTTPS
remark CCP_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_IP
remark CCP_ACL Category=0
permit ip any any
ip access-list extended SDM_SHELL
remark CCP_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark CCP_ACL Category=1
permit tcp any any eq 22
ip access-list extended SLC-Utah
remark CCP_ACL Category=18
remark IPSec Rule
deny ip 192.168.134.0 0.0.0.255 192.168.122.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.134.0 0.0.0.255 192.168.131.0 0.0.0.255
remark IPSec Rule
deny ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip 192.168.134.0 0.0.0.255 any
ip access-list extended acl-Allow-DNS-Replies
permit udp object-group og-L1-DNS-Servers eq domain any
ip access-list extended manage
remark CCP_ACL Category=128
permit ip 192.168.129.0 0.0.0.255 host 192.168.131.1
permit ip 192.168.122.0 0.0.0.255 host 192.168.131.1
permit ip 172.16.0.0 0.0.255.255 host 192.168.131.1
!
logging trap debugging
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.131.0 0.0.0.255
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.134.0 0.0.0.255
access-list 2 remark ACL-inbound
access-list 2 remark CCP_ACL Category=1
access-list 2 permit any
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.131.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.134.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.0.0.0 0.255.255.255
access-list 10 permit 192.168.131.0 0.0.0.255
access-list 10 permit 192.168.134.0 0.0.0.255
access-list 100 remark ACL-outbound
access-list 100 remark CCP_ACL Category=1
access-list 100 permit ip any any
access-list 101 permit ip 127.0.0.0 0.0.0.255 any
access-list 101 permit ip 66.11.76.56 0.0.0.7 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.131.254
access-list 102 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip any any
access-list 104 remark IPSec Rule
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 105 remark CCP_ACL Category=128
access-list 105 permit ip host 208.253.69.194 any
access-list 105 permit ip host 208.255.104.58 any
access-list 105 permit ip host 76.74.235.66 any
access-list 105 permit ip host 63.87.75.170 any
access-list 105 permit ip host 67.210.213.116 any
access-list 105 permit ip host 216.13.189.226 any
access-list 105 permit ip host 26.210.110.114 any
access-list 105 permit ip host 206.210.110.114 any
access-list 105 permit ip host 23.24.111.225 any
access-list 105 permit ip host 65.107.185.2 any
access-list 105 permit ip host 184.69.6.38 any
access-list 105 permit ip host 63.78.135.250 any
access-list 105 permit ip any any
access-list 106 remark CCP_ACL Category=2
access-list 106 permit ip any any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.134.0 0.0.0.255 192.168.123.0 0.0.0.255
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.131.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.131.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.120.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 108 permit ip 192.168.134.0 0.0.0.255 any
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.123.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.134.0 0.0.0.255 192.168.122.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip 192.168.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 108 remark IPSec Rule
access-list 108 deny ip host 192.168.0.2 host 10.0.39.31
access-list 108 permit ip 192.168.0.0 0.0.0.255 any
access-list 110 remark CCP_ACL Category=0
access-list 110 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 110 permit ip 192.168.129.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 110 remark CCP_ACL Category=0
access-list 110 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 110 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 111 remark CCP_ACL Category=4
access-list 111 remark IPSec Rule
access-list 111 permit ip 192.168.134.0 0.0.0.255 192.168.120.0 0.0.0.255
access-list 112 remark CCP_ACL Category=0
access-list 112 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 112 permit ip 192.168.129.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 112 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 112 remark CCP_ACL Category=0
access-list 112 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 112 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 112 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 113 remark CCP_ACL Category=4
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 114 permit ip 172.16.0.0 0.0.255.255 192.168.131.0 0.0.0.255
access-list 114 permit ip 192.168.129.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 114 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 114 remark CCP_ACL Category=0
access-list 114 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 114 remark CCP_ACL Category=0
access-list 114 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 114 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 114 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 114 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 115 remark CCP_ACL Category=4
access-list 115 remark IPSec Rule
access-list 115 permit ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 116 remark CCP_ACL Category=0
access-list 116 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 116 permit ip 172.16.0.0 0.0.255.255 192.168.131.0 0.0.0.255
access-list 116 remark CCP_ACL Category=0
access-list 116 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 116 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 116 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 116 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 117 remark IPSec Rule
access-list 117 remark CCP_ACL Category=4
access-list 117 permit ip 192.168.134.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 118 remark CCP_ACL Category=0
access-list 118 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 118 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 118 permit ip 192.168.129.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 118 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 118 remark CCP_ACL Category=0
access-list 118 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 119 remark CCP_ACL Category=4
access-list 119 remark IPSec Rule
access-list 119 permit ip 192.168.134.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 119 remark CCP_ACL Category=4
access-list 119 remark IPSec Rule
access-list 119 permit ip host 192.168.0.2 host 10.0.39.31
access-list 120 remark CCP_ACL Category=4
access-list 120 remark IPSec Rule
access-list 120 permit ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 120 remark CCP_ACL Category=0
access-list 120 permit ip host 10.0.39.31 host 192.168.0.2
access-list 120 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 120 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 120 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 121 remark CCP_ACL Category=4
access-list 121 remark IPSec Rule
access-list 121 permit ip host 192.168.0.2 host 10.0.39.31
access-list 122 remark CCP_ACL Category=0
access-list 122 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 122 remark CCP_ACL Category=0
access-list 122 permit ip host 10.0.39.31 host 192.168.0.2
access-list 122 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 122 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 122 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 123 remark CCP_ACL Category=4
access-list 123 remark IPSec Rule
access-list 123 permit ip host 192.168.0.2 host 10.0.39.31
access-list 124 remark CCP_ACL Category=0
access-list 124 permit ip host 10.0.39.31 host 192.168.0.2
access-list 124 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 124 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 124 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 125 remark CCP_ACL Category=4
access-list 125 remark IPSec Rule
access-list 125 permit ip 192.168.134.0 0.0.0.255 192.168.122.0 0.0.0.255
access-list 125 remark CCP_ACL Category=4
access-list 125 remark IPSec Rule
access-list 125 permit ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 126 remark CCP_ACL Category=0
access-list 126 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 126 permit ip host 10.0.39.31 host 192.168.0.2
access-list 126 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 127 remark CCP_ACL Category=4
access-list 127 remark IPSec Rule
access-list 127 permit ip 192.168.134.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 128 remark CCP_ACL Category=0
access-list 128 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 128 remark CCP_ACL Category=0
access-list 128 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 128 permit ip host 10.0.39.31 host 192.168.0.2
access-list 128 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 129 remark CCP_ACL Category=4
access-list 129 remark IPSec Rule
access-list 129 permit ip 192.168.134.0 0.0.0.255 192.168.120.0 0.0.0.255
access-list 130 remark CCP_ACL Category=0
access-list 130 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 130 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 130 permit ip host 10.0.39.31 host 192.168.0.2
access-list 130 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 131 remark IPSec Rule
access-list 131 remark CCP_ACL Category=4
access-list 131 permit ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 132 remark CCP_ACL Category=0
access-list 132 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 132 remark CCP_ACL Category=0
access-list 132 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 132 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 132 permit ip host 10.0.39.31 host 192.168.0.2
access-list 132 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 132 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 133 remark CCP_ACL Category=4
access-list 133 remark IPSec Rule
access-list 133 permit ip 192.168.134.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 134 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 134 permit ip 172.16.0.0 0.0.255.255 192.168.131.0 0.0.0.255
access-list 134 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 134 remark CCP_ACL Category=0
access-list 134 permit ip host 10.0.39.31 host 192.168.0.2
access-list 134 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 134 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 134 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 134 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 134 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 135 remark CCP_ACL Category=4
access-list 135 remark IPSec Rule
access-list 135 permit ip 192.168.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 136 remark CCP_ACL Category=0
access-list 136 permit ip host 10.0.39.31 host 192.168.0.2
access-list 136 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 136 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 136 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 136 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 136 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 136 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 137 remark IPSec Rule
access-list 137 remark CCP_ACL Category=4
access-list 137 permit ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 138 remark CCP_ACL Category=0
access-list 138 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 138 remark CCP_ACL Category=0
access-list 138 permit ip host 10.0.39.31 host 192.168.0.2
access-list 138 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 138 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 138 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 138 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 138 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 139 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 139 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 139 remark CCP_ACL Category=0
access-list 139 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 139 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 139 permit ip host 10.0.39.31 host 192.168.0.2
access-list 139 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 139 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 139 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 140 remark CCP_ACL Category=4
access-list 140 remark IPSec Rule
access-list 140 permit ip 192.168.134.0 0.0.0.255 192.168.122.0 0.0.0.255
access-list 141 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 141 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 141 permit ip 172.16.0.0 0.0.255.255 192.168.131.0 0.0.0.255
access-list 141 permit ip 192.168.120.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 141 remark CCP_ACL Category=0
access-list 141 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 141 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 141 permit ip host 10.0.39.31 host 192.168.0.2
access-list 141 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 141 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 141 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 141 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 remark CCP_ACL Category=0
access-list 142 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 142 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 142 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 permit ip host 10.0.39.31 host 192.168.0.2
access-list 142 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 142 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 143 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 143 remark CCP_ACL Category=2
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.122.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.123.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip host 192.168.0.2 host 10.0.39.31
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.120.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.134.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 143 remark IPSec Rule
access-list 143 deny ip 192.168.0.0 0.0.0.255 192.168.128.0 0.0.0.255
access-list 143 permit ip 192.168.130.0 0.0.0.255 any
access-list 144 remark CCP_ACL Category=4
access-list 144 remark IPSec Rule
access-list 144 permit ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 145 remark CCP_ACL Category=0
access-list 145 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 145 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip host 10.0.39.31 host 192.168.0.2
access-list 145 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 145 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 146 permit ip 192.168.134.0 0.0.0.255 192.168.123.0 0.0.0.255
access-list 146 remark CCP_ACL Category=4
access-list 146 remark IPSec Rule
access-list 146 permit ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 147 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 147 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 147 remark CCP_ACL Category=0
access-list 147 permit ip 192.168.131.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 remark CCP_ACL Category=0
access-list 147 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 147 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip host 10.0.39.31 host 192.168.0.2
access-list 147 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 147 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 148 remark CCP_ACL Category=4
access-list 148 remark IPSec Rule
access-list 148 permit ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 149 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 149 remark CCP_ACL Category=0
access-list 149 permit ip 192.168.131.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 remark CCP_ACL Category=0
access-list 149 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 149 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip host 10.0.39.31 host 192.168.0.2
access-list 149 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 149 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 150 remark CCP_ACL Category=4
access-list 150 remark IPSec Rule
access-list 150 permit ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 151 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 151 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 permit ip 192.168.128.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 151 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 remark CCP_ACL Category=0
access-list 151 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 151 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 151 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 permit ip host 10.0.39.31 host 192.168.0.2
access-list 151 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 151 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 152 remark CCP_5 192.168.134.0 0.0.0.255
access-list 152 remark CCP_ACL Category=4
access-list 152 remark IPSec Rule
access-list 152 permit ip 192.168.134.0 0.0.0.255 192.168.132.0 0.0.0.255
access-list 153 permit ip 192.168.131.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 153 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 remark CCP_ACL Category=0
access-list 153 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 153 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip host 10.0.39.31 host 192.168.0.2
access-list 153 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 153 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.131.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 154 remark CCP_ACL Category=0
access-list 154 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 154 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 154 permit ip host 10.0.39.31 host 192.168.0.2
access-list 154 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 155 remark CCP_ACL Category=4
access-list 155 remark IPSec Rule
access-list 155 permit ip 192.168.134.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 156 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.131.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 156 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 remark CCP_ACL Category=0
access-list 156 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 156 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip host 10.0.39.31 host 192.168.0.2
access-list 156 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 156 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 157 remark CCP_ACL Category=4
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 157 remark CCP_ACL Category=4
access-list 157 remark IPSec Rule
access-list 157 permit ip 192.168.134.0 0.0.0.255 192.168.129.0 0.0.0.255
access-list 158 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 158 permit ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 remark CC55
access-list 158 permit ip 192.168.121.0 0.0.0.255 192.168.131.0 0.0.0.255
access-list 158 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 remark CCP_ACL Category=0
access-list 158 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 158 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 permit ip host 10.0.39.31 host 192.168.0.2
access-list 158 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 158 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 159 remark CCP_ACL Category=4
access-list 159 remark IPSec Rule
access-list 159 permit ip 192.168.134.0 0.0.0.255 192.168.121.0 0.0.0.255
access-list 160 remark CCP_ACL Category=0
access-list 160 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 160 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip host 10.0.39.31 host 192.168.0.2
access-list 160 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 160 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 161 remark CCP_ACL Category=4
access-list 161 permit gre host 206.210.110.114 host 63.78.135.250
access-list 162 remark CCP_ACL Category=4
access-list 162 remark IPSec Rule
access-list 162 permit ip 192.168.134.0 0.0.0.255 192.168.135.0 0.0.0.255
access-list 163 remark CCP_ACL Category=0
access-list 163 permit ip 192.168.135.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 163 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 163 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 163 permit ip host 10.0.39.31 host 192.168.0.2
access-list 164 remark CCP_ACL Category=4
access-list 164 remark IPSec Rule
access-list 164 permit ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 remark CCP_ACL Category=0
access-list 165 permit ip 192.168.123.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.122.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.128.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 165 permit ip 192.168.128.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 172.16.0.0 0.0.255.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.120.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip host 10.0.39.31 host 192.168.0.2
access-list 165 permit ip 192.168.134.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.129.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.121.0 0.0.0.255 192.168.134.0 0.0.0.255
access-list 165 permit ip 192.168.132.0 0.0.0.255 192.168.134.0 0.0.0.255
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address SLC-Utah
!
!
!
control-plane
!
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
exec-timeout 30 0
password cityutah
logging synchronous
login
line vty 5 15
exec-timeout 30 0
password cityutah
logging synchronous
login
!
scheduler max-task-time 5000
end

Current configuration : 43736 bytes

4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

Eddie,

This configuration is a horrible mess indeed. My question is: is the DNS unreachable only from the router itself? Can the PCs in the Vlan1 access the DNS?

Best regards,

Peter

Peter,

I asked myself the same question and had someone connect up to the switch where the router is connected too.

Unfortunately not even the computer itself could make the translation. Which leads me to believe that it is an Inside- Outside Zone problem which is strange because I opened that Zone right up. The traffic that originates from the router doesn't really need a filter.

Another thing I have discovered is I can ping Google.com from the router but if I try to ping my network it fails. Yet I can ping the device from the network. The networks are joined by a IPSEC VPN tunnel.

I have a friend who says that DNS is not even possible on this lower grade model. But I need to prove that before I anyone will put a dedicated DNS server at the location.

Thanks,

Eddie

Eddie,

A couple of comments:

  • Sadly, the number of zones, ACLs and other objects in your configuration is so vast that I would need a fair share of time sorting out all the details. Therefore, only generic comments follow.
  • I have noticed that the IP addresses of DNS servers are described in an object group and subsequently referenced in an ACL. Can you avoid using the object group and instead modify the ACL so that it references the DNS servers directly by their IP addresses?
  • Do you believe it would be feasible for you to create a new configuration for the router, removing the unused parts and reducing the useless complexity? Ideally, the configuration should be made completely anew according to requirements defined beforehand. Currently, the configuration is complicated beyond reasonable limits of troubleshooting it.
  • Regarding the statement of your friend that "DNS is not even possible" - perhaps this router is not capable of acting like a caching DNS server (try if the ip dns server command is available in your global configuration mode) but if your stations should use external DNS servers, this does not matter.

Best regards,

Peter

Peter,

Please do not look into whats going on thats is my job. I have resolved why the DNS was working in the mysterious way it was. This command was missing the overload statement at the end of it:

ip nat inside source route-map SDM_RMAP_1 pool SLC-pool Overload

Because of this it was able to only have one address be resolved from the 63.x.x.x  which is why the external was able to resolve the ping.

My next step is to clean this mess up and get rid of the redundant ACL's and Zone's.

Appreciate your time regardless.

Thanks,

Eddie

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: