09-23-2014 02:28 AM - edited 03-04-2019 11:48 PM
Hi,
I have EIGRP over DMVPN with 1 hub and 15 spokes, suddenly the routes on 1 of the spokes disappeared.
After troubleshooting the issue, i have found that everything is working fine (ISAKMP, IPSEC, GRE...). Even i am able to ping the hub GRE ip.
When i checked the EIGRP neighbors, i discovered that there is no neighbor.
As a temporary solution i have used static routes on the GRE tunnel.
09-23-2014 06:05 AM
This describes an interesting problem but does not give us much to work with. Have there been any changes on either the hub or the spoke router? Were there any log messages about events that might have impacted EIGRP? Can you ping 224.0.0.10 from the spoke? Are there any access lists on the interfaces? Perhaps posting the config from the hub and the spoke might help us find the issue?
HTH
Rick
09-23-2014 06:37 AM
HUB:
----------
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LEB-RTR-IDM
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.154-3.M.bin
boot-end-marker
!
!
logging buffered 512000
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
!
clock timezone UTC 2 0
clock summer-time BeirutSummer recurring last Sun Mar 0:00 last Sun Oct 2:00
!
no ipv6 cef
ip source-route
ip cef
!
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3631214335
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3631214335
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-3631214335
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363331 32313433 3335301E 170D3134 30353034 31373031
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36333132
31343333 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BCF6 9F1647C3 8DB7E0AD 2649C5CE 7F22D909 EEDAFD3F 9727F3C8 3F3546B6
2A1A205F F63709A3 F3A96651 3680FDBF 355C6FDB 2F05A3D2 3015D3E4 32B9971A
98CFC7BC 06FF369E 9D9FB502 5FC9D4B5 BDA5B20F 7BAB6E46 899345AD CE7F1AD3
064C1561 3630FE5C FB80A288 D3C9489A 2FC62EE5 95C896FB 0355930C CE03F9AF
98810203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 149DDDD3 15E84F97 B7EA5988 9BDA0203 D6B4EFFC F1301D06
03551D0E 04160414 9DDDD315 E84F97B7 EA59889B DA0203D6 B4EFFCF1 300D0609
2A864886 F70D0101 04050003 81810031 97186FE2 F2F58612 1AE12869 B377640A
331FAF76 8BB36F7B 976255C8 11EED80E 109C36EA 729E4BFB 75456AD7 1A6377AB
6334EF1F 6F33EFF6 52BD5503 0A4C053D C6FA207E A6C1D886 4EAB4590 68E95B36
9DB5352A 0FFAAEA1 76441626 A011CA7F 9D1994E0 BB78D15B 6C11B5F4 B769E3FB
74110D4D 6E7A9B71 7FAFED33 0C50AE
quit
license udi pid CISCO2911/K9 sn FCZ1447205E
!
!
!
redundancy
!
!
!
!
ip ssh time-out 60
ip ssh version 2
!
track 1 ip sla 1
delay down 30 up 30
!
track 2 ip sla 2
delay down 30 up 30
!
track 3 ip sla 3
delay down 30 up 30
!
track 4 ip sla 4
delay down 30 up 30
!
track 10 ip sla 10
delay down 30 up 30
!
track 11 ip sla 11
delay down 30 up 30
!
track 12 ip sla 12
delay down 30 up 30
!
track 20 ip sla 20
delay down 30 up 30
!
track 21 ip sla 21
delay down 30 up 30
!
track 22 ip sla 22
delay down 30 up 30
!
track 100 list boolean or
object 1
object 2
!
track 101 list boolean or
object 3
object 4
!
track 200 list boolean or
object 10
object 11
object 12
!
track 300 list boolean or
object 20
object 21
object 22
!
class-map match-all voice-signaling
match access-group name AXA-VOIP-Signaling
class-map match-all voice-traffic
match access-group name AXA-VOIP-RTP
class-map match-all VPN-Data
match access-group name VPN-Bahrain-Data
!
!
policy-map VPN-Data
class VPN-Data
set dscp af11
policy-map VOICE-POLICY
class voice-traffic
priority 90
class voice-signaling
bandwidth 10
class class-default
fair-queue
!
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
!
crypto isakmp policy 7
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 30
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 70
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 90
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 95
encr aes 256
authentication pre-share
group 5
crypto isakmp key *********** address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set encryption esp-des esp-md5-hmac
crypto ipsec transform-set encryption2 esp-3des esp-md5-hmac
crypto ipsec transform-set encryption3 esp-3des esp-sha-hmac
crypto ipsec transform-set VPN-BDL esp-3des esp-md5-hmac
crypto ipsec transform-set mednetgic esp-des esp-md5-hmac
crypto ipsec transform-set Bahrain-TS esp-3des esp-md5-hmac
crypto ipsec transform-set KSA-TS esp-3des esp-md5-hmac
crypto ipsec transform-set UAE-TS esp-des esp-md5-hmac
crypto ipsec transform-set SYR-TS esp-des esp-md5-hmac
crypto ipsec transform-set CTM esp-3des esp-md5-hmac
crypto ipsec transform-set vpn-bankmed esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-LIBANOSUISSE esp-aes 256 esp-sha-hmac
crypto ipsec transform-set Qatar-TS esp-3des esp-md5-hmac
crypto ipsec transform-set TS-VPN-NICE esp-3des esp-sha-hmac
crypto ipsec transform-set GUI esp-aes 256 esp-sha-hmac
crypto ipsec transform-set KSA-ITC esp-aes 256 esp-sha-hmac
!
crypto ipsec profile WAN
set transform-set KSA-TS
!
!
crypto map VPN-BDL local-address Vlan200
crypto map VPN-BDL 50 ipsec-isakmp
set peer 172.31.31.2
set transform-set VPN-BDL
match address VPN-BDL
!
crypto map VPN-LIBANOSUISSE 70 ipsec-isakmp
set peer 192.168.147.162
set transform-set VPN-LIBANOSUISSE
match address VPN-LIBANOSUISSE
!
crypto map VPN-over-DSL 5 ipsec-isakmp
set peer 85.112.68.3
set transform-set vpn-bankmed
match address bankmed-vpn
crypto map VPN-over-DSL 35 ipsec-isakmp
set peer 212.98.144.210
set transform-set CTM
match address CTM-VPN
!
crypto map VPN-over-GDS+IDM 15 ipsec-isakmp
set peer 197.246.10.38
set transform-set VPN-LIBANOSUISSE
match address Libano-Suisse-Egypt
crypto map VPN-over-GDS+IDM 25 ipsec-isakmp
set peer 217.26.199.62
set transform-set TS-VPN-NICE
match address VPN-NICE
crypto map VPN-over-GDS+IDM 35 ipsec-isakmp
set peer 83.244.54.26
set transform-set GUI
match address GUI
crypto map VPN-over-GDS+IDM 45 ipsec-isakmp
set peer 5.42.225.78
set transform-set KSA-ITC
match address VPN-ITC
!
crypto map mednetksa local-address GigabitEthernet0/0.1
crypto map mednetksa 40 ipsec-isakmp
set peer 91.140.224.1
set transform-set encryption2
match address 140
!
!
!
!
!
interface Loopback10
description USED FOR BGP WITH IDM
ip address 213.175.177.217 255.255.255.255
!
interface Loopback20
description USED FOR SODETEL BGP TRACKING
ip address 10.222.222.222 255.255.255.255
!
interface Loopback666
no ip address
!
interface Tunnel0
description DUAL HUB DMVPN CLOUD FOR DATA TRAFFIC - IDM MW
ip address 172.16.18.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 10
ip nhrp authentication medvpn
ip nhrp map multicast dynamic
ip nhrp network-id 90
ip nhrp holdtime 300
ip tcp adjust-mss 1240
no ip split-horizon eigrp 10
load-interval 30
keepalive 10 3
tunnel source GigabitEthernet0/2
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile WAN
max-reserved-bandwidth 100
!
interface Tunnel1
description DUAL HUB DMVPN CLOUD FOR VOICE TRAFFIC - IDM DLL
ip address 172.16.19.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 11
ip nhrp authentication medvpn
ip nhrp map multicast dynamic
ip nhrp network-id 90
ip nhrp holdtime 300
ip tcp adjust-mss 1240
no ip split-horizon eigrp 11
load-interval 30
keepalive 10 3
tunnel source 213.175.183.14
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile WAN
max-reserved-bandwidth 100
!
interface Tunnel23
description TUNNEL TO AXA THROUGH GDS (Serial0/3/0.2)
ip address 192.168.100.6 255.255.255.252
tunnel source 192.168.100.2
tunnel destination 172.20.1.2
!
interface Tunnel50
description TUNNEL TO LIBANO-SUISSE (Serial0/3/1.1)
ip address 172.23.1.1 255.255.255.252
ip access-group LIBANOSWISS-SEC in
load-interval 30
keepalive 2 5
tunnel source 192.168.147.70
tunnel destination 192.168.147.162
!
interface GigabitEthernet0/0
description CONNECTED TO OUTSIDE-SWITCH
no ip address
ip nat inside
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/0.1
description OUTSIDE-SWITCH (ASAs + RTR-SOD)
encapsulation dot1Q 2
ip address 193.227.164.9 255.255.255.0
ip policy route-map ISA
service-policy input VPN-Data
!
interface GigabitEthernet0/0.100
description OUTSIDE-SWITCH MANAGEMENT
encapsulation dot1Q 100
ip address 172.31.1.1 255.255.255.0
!
interface GigabitEthernet0/1
description GDS-IDM (BGP)
ip address 213.175.187.22 255.255.255.252
ip access-group Inbound in
ip nat outside
ip virtual-reassembly in
rate-limit input access-group 199 2048000 24000 48000 conform-action transmit exceed-action drop
rate-limit output access-group 199 1024000 12000 24000 conform-action transmit exceed-action drop
load-interval 30
duplex full
speed 100
no cdp enable
crypto map VPN-over-GDS+IDM
!
interface GigabitEthernet0/2
description PESCO-IDM
ip address 193.227.163.14 255.255.255.252
ip access-group Inbound in
ip nat outside
no ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
no cdp enable
crypto map VPN-over-DSL
!
interface Serial0/2/0
description BPU Leased-Line IDM 768K
bandwidth 768
ip address 192.168.129.94 255.255.255.252
ip access-group Inbound in
ip nat outside
ip virtual-reassembly in
load-interval 30
crypto map mednetksa
!
interface Serial0/2/1
description DLL-IDM
ip address 213.175.183.14 255.255.255.252
ip access-group Inbound in
ip nat outside
no ip virtual-reassembly in
rate-limit input access-group 199 1024000 12000 24000 conform-action transmit exceed-action drop
load-interval 30
fair-queue
crypto map mednetksa
!
interface Serial0/3/0
description DM WAN link
no ip address
encapsulation frame-relay IETF
load-interval 30
frame-relay lmi-type ansi
!
interface Serial0/3/0.2 point-to-point
description Connection to AXA through GlobalCom
ip address 192.168.100.2 255.255.255.252
frame-relay interface-dlci 100
class VOIPFR-AXA
!
interface Serial0/3/0.4 point-to-point
description Connection to IPT
ip nat inside
ip virtual-reassembly in
shutdown
frame-relay interface-dlci 25
class VOIPFR-IPT
!
interface Serial0/3/0.5 point-to-point
description Connection to BLF Hamra
ip address 172.16.4.13 255.255.255.252
frame-relay interface-dlci 109
class VOIPFR-BLF
!
interface Serial0/3/0.7 point-to-point
description Connection to HDF
ip address 172.16.4.9 255.255.255.252
ip policy route-map ISA
frame-relay interface-dlci 108
class VOIPFR-HDF
!
interface Serial0/3/0.8 point-to-point
description Connection to AUB
ip address 172.16.1.18 255.255.255.252
frame-relay interface-dlci 130
class VOIPFR-AUB
!
interface Serial0/3/0.9 point-to-point
description Connection to BDL
shutdown
frame-relay interface-dlci 26
crypto ipsec df-bit clear
!
interface Serial0/3/1
no ip address
encapsulation frame-relay
!
interface Serial0/3/1.1 point-to-point
description Connection to Libano Swiss
ip address 192.168.147.70 255.255.255.252
frame-relay interface-dlci 310
crypto map VPN-LIBANOSUISSE
!
interface GigabitEthernet0/1/0
description Backup over DSL GDS (Vlan200)
switchport access vlan 200
load-interval 30
!
interface GigabitEthernet0/1/1
description Connection to Remote-Offices Through GDS (Vlan127)
switchport access vlan 127
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
no ip address
shutdown
!
interface Vlan127
description Connection to Remote-Offices Through GDS
ip address 192.168.101.118 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface Vlan200
description Backup over DSL GDS (GigabitEthernet0/1/0)
ip address 192.168.101.122 255.255.255.252
load-interval 30
crypto map VPN-BDL
crypto ipsec df-bit clear
!
!
router eigrp 10
network 172.16.18.0 0.0.0.255
redistribute static route-map redist-static
!
!
router eigrp 11
network 172.16.18.0 0.0.0.255
network 172.16.19.0 0.0.0.255
redistribute static route-map redist-static-voice
!
router bgp 51938
bgp log-neighbor-changes
network 46.19.192.0 mask 255.255.255.0
network 185.54.96.0 mask 255.255.255.0
network 185.54.97.0 mask 255.255.255.0
network 185.54.98.0 mask 255.255.255.0
network 185.54.99.0 mask 255.255.255.0
neighbor 212.36.211.9 remote-as 9051
neighbor 212.36.211.9 ebgp-multihop 10
neighbor 212.36.211.9 update-source Loopback10
neighbor 212.36.211.9 soft-reconfiguration inbound
neighbor 212.36.211.9 route-map Internet-in in
neighbor 212.36.211.9 route-map GLOBEMED out
no auto-summary
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip flow-cache timeout active 1
ip flow-export version 5
!
ip nat pool nat-pool 185.54.99.253 185.54.99.253 netmask 255.255.255.0
ip nat inside source list NAT pool nat-pool overload
ip route 84.235.53.233 255.255.255.255 213.175.183.13 track 100
ip route 213.178.246.166 255.255.255.255 213.175.183.13 track 100
ip route 77.69.181.51 255.255.255.255 213.175.183.13 track 100
ip route 212.77.221.11 255.255.255.255 213.175.183.13 track 100
ip route 83.244.91.234 255.255.255.255 213.175.183.13 track 100
ip route 41.33.169.19 255.255.255.255 213.175.183.13 track 100
ip route 194.165.141.61 255.255.255.255 213.175.183.13 track 100
ip route 197.255.53.164 255.255.255.255 213.175.183.13 track 100
ip route 213.178.246.161 255.255.255.255 213.175.183.13 10 track 100
ip route 84.235.53.209 255.255.255.255 213.175.183.13 10 track 100
ip route 77.69.181.50 255.255.255.255 213.175.183.13 10 track 100
ip route 212.77.221.10 255.255.255.255 213.175.183.13 10 track 100
ip route 83.244.91.233 255.255.255.255 213.175.183.13 10 track 100
ip route 41.33.169.18 255.255.255.255 213.175.183.13 10 track 100
ip route 197.255.53.163 255.255.255.255 213.175.183.13 10 track 100
ip route 86.62.248.115 255.255.255.255 213.175.183.13 10 track 100
ip route 62.173.41.123 255.255.255.255 213.175.183.13 track 100
ip route 62.173.41.122 255.255.255.255 213.175.183.13 10 track 100
ip route 78.100.140.147 255.255.255.255 213.175.183.13 track 100
ip route 78.100.140.146 255.255.255.255 213.175.183.13 10 track 100
ip route 94.200.77.161 255.255.255.255 213.175.183.13 10 track 100
ip route 94.56.106.41 255.255.255.255 213.175.183.13 track 100
ip route 91.140.233.50 255.255.255.255 213.175.183.13 10 track 100
ip route 91.74.59.86 255.255.255.255 213.175.183.13 track 100
ip route 94.56.106.40 255.255.255.255 213.175.183.13 10 track 100
ip route 5.42.225.78 255.255.255.255 213.175.183.13 10 track 100
ip route 84.235.53.233 255.255.255.255 193.227.163.13 10 track 101
ip route 213.178.246.161 255.255.255.255 193.227.163.13 track 101
ip route 213.178.246.166 255.255.255.255 193.227.163.13 10 track 101
ip route 84.235.53.209 255.255.255.255 193.227.163.13 track 101
ip route 194.165.141.59 255.255.255.255 193.227.163.13 track 101
ip route 77.69.181.51 255.255.255.255 193.227.163.13 10 track 101
ip route 77.69.181.50 255.255.255.255 193.227.163.13 track 101
ip route 212.77.221.11 255.255.255.255 193.227.163.13 10 track 101
ip route 212.77.221.10 255.255.255.255 193.227.163.13 track 101
ip route 83.244.91.233 255.255.255.255 193.227.163.13 track 101
ip route 83.244.91.234 255.255.255.255 193.227.163.13 10 track 101
ip route 41.33.169.18 255.255.255.255 193.227.163.13 track 101
ip route 41.33.169.19 255.255.255.255 193.227.163.13 10 track 101
ip route 197.255.53.164 255.255.255.255 193.227.163.13 10 track 101
ip route 197.255.53.163 255.255.255.255 193.227.163.13 track 101
ip route 86.62.248.115 255.255.255.255 193.227.163.13 track 101
ip route 62.173.41.123 255.255.255.255 193.227.163.13 10 track 101
ip route 62.173.41.122 255.255.255.255 193.227.163.13 track 101
ip route 78.100.140.147 255.255.255.255 193.227.163.13 10 track 101
ip route 78.100.140.146 255.255.255.255 193.227.163.13 track 101
ip route 91.140.233.51 255.255.255.255 193.227.163.13 track 101
ip route 94.125.228.164 255.255.255.255 193.227.163.13 10 track 101
ip route 94.200.77.161 255.255.255.255 193.227.163.13 track 101
ip route 94.56.106.41 255.255.255.255 193.227.163.13 10 track 101
ip route 91.140.233.50 255.255.255.255 193.227.163.13 track 101
ip route 78.100.151.58 255.255.255.255 193.227.163.13 10 track 101
ip route 91.74.59.86 255.255.255.255 193.227.163.13 10 track 101
ip route 94.56.106.40 255.255.255.255 193.227.163.13 track 101
ip route 0.0.0.0 0.0.0.0 213.175.187.21 track 101
ip route 5.42.225.78 255.255.255.255 193.227.163.13 20 track 101
ip route 0.0.0.0 0.0.0.0 193.227.163.13 5 track 200
ip route 0.0.0.0 0.0.0.0 213.175.183.13 10
ip route 4.2.2.2 255.255.255.255 213.175.183.13
ip route 4.2.2.3 255.255.255.255 213.175.187.21
ip route 4.2.2.4 255.255.255.255 213.175.187.21
ip route 4.2.2.5 255.255.255.255 193.227.164.99
ip route 4.2.2.6 255.255.255.255 193.227.164.99
ip route 4.69.143.238 255.255.255.255 213.175.187.21
ip route 8.8.4.4 255.255.255.255 213.175.183.13
ip route 10.1.1.0 255.255.255.0 172.16.254.2
ip route 10.1.2.0 255.255.255.0 192.168.147.69
ip route 10.8.8.12 255.255.255.252 193.227.164.99
ip route 10.10.10.0 255.255.255.0 192.168.101.117
ip route 10.10.20.0 255.255.255.0 192.168.101.117
ip route 10.128.133.64 255.255.255.192 192.168.101.117
ip route 10.134.141.64 255.255.255.192 192.168.101.117
ip route 46.19.192.0 255.255.255.0 193.227.164.6
ip route 85.112.68.3 255.255.255.255 193.227.163.13
ip route 91.140.224.1 255.255.255.255 213.175.183.13
ip route 91.140.233.51 255.255.255.255 213.175.183.13 10
ip route 100.100.100.1 255.255.255.255 192.168.100.5
ip route 100.100.100.2 255.255.255.255 192.168.100.5
ip route 100.100.100.3 255.255.255.255 192.168.100.5
ip route 100.100.100.102 255.255.255.255 192.168.100.5
ip route 100.100.100.103 255.255.255.255 192.168.100.5
ip route 100.100.100.104 255.255.255.255 192.168.100.5
ip route 100.100.100.105 255.255.255.255 192.168.100.5
ip route 172.16.1.0 255.255.255.0 193.227.164.6
ip route 172.16.1.23 255.255.255.255 193.227.188.130
ip route 172.16.2.0 255.255.255.0 193.227.164.6
ip route 172.16.3.0 255.255.255.0 193.227.164.6
ip route 172.16.5.32 255.255.255.248 172.16.4.10
ip route 172.16.5.40 255.255.255.248 172.16.4.10
ip route 172.16.5.64 255.255.255.248 172.16.4.14
ip route 172.16.6.0 255.255.255.0 193.227.164.6
ip route 172.16.7.0 255.255.255.0 192.168.101.117
ip route 172.16.11.0 255.255.255.0 192.168.101.117
ip route 172.16.13.0 255.255.255.0 192.168.101.117
ip route 172.16.14.0 255.255.255.0 192.168.101.117
ip route 172.16.15.0 255.255.255.0 192.168.101.117
ip route 172.16.16.0 255.255.255.0 192.168.101.117
ip route 172.16.17.0 255.255.255.0 192.168.101.117
ip route 172.16.100.0 255.255.255.0 172.16.1.17
ip route 172.16.160.0 255.255.255.0 192.168.101.117
ip route 172.16.255.0 255.255.255.0 197.246.10.38
ip route 172.17.1.20 255.255.255.255 213.175.183.13
ip route 172.20.1.0 255.255.255.252 192.168.100.1
ip route 172.20.1.21 255.255.255.255 213.175.183.13
ip route 172.31.31.0 255.255.255.248 192.168.101.121
ip route 185.54.96.0 255.255.255.0 185.54.96.254
ip route 185.54.97.0 255.255.255.0 193.227.164.6
ip route 185.54.98.0 255.255.255.0 193.227.164.6
ip route 185.54.99.0 255.255.255.0 193.227.164.6
ip route 192.168.1.0 255.255.255.0 193.227.164.6
ip route 192.168.1.21 255.255.255.255 193.227.163.13
ip route 192.168.1.30 255.255.255.255 193.227.163.13
ip route 192.168.3.0 255.255.255.128 193.227.164.6
ip route 192.168.4.0 255.255.255.0 193.227.164.6
ip route 192.168.6.0 255.255.255.0 193.227.164.6
ip route 192.168.7.0 255.255.255.0 193.227.164.6
ip route 192.168.55.0 255.255.255.0 193.227.164.6
ip route 192.168.58.0 255.255.255.0 193.227.164.6
ip route 192.168.59.0 255.255.255.0 193.227.164.6
ip route 192.168.60.0 255.255.255.0 193.227.164.6
ip route 192.168.147.162 255.255.255.255 192.168.147.69
ip route 192.168.147.166 255.255.255.255 192.168.147.69
ip route 192.168.160.0 255.255.255.0 193.227.164.6
ip route 192.168.160.141 255.255.255.255 192.168.147.69
ip route 192.168.160.142 255.255.255.255 192.168.147.69
ip route 192.168.194.0 255.255.255.0 172.23.1.2
ip route 192.168.204.0 255.255.255.0 193.227.163.13
ip route 192.168.213.0 255.255.255.0 192.168.147.69
ip route 193.188.128.0 255.255.252.0 213.175.187.21
ip route 193.188.128.0 255.255.252.0 172.16.1.17 10
ip route 193.227.164.155 255.255.255.255 GigabitEthernet0/0.1
ip route 193.227.188.128 255.255.255.192 193.227.164.6
ip route 193.227.188.134 255.255.255.255 193.227.188.130
ip route 193.227.189.24 255.255.255.248 193.227.164.6
ip route 194.165.141.59 255.255.255.255 213.175.183.13 10
ip route 194.165.141.61 255.255.255.255 193.227.163.13 10
ip route 198.6.1.5 255.255.255.255 193.227.163.13
ip route 208.67.220.220 255.255.255.255 193.227.164.99
ip route 212.36.211.9 255.255.255.255 213.175.187.21
ip route 212.98.144.210 255.255.255.255 193.227.163.13
ip route 213.175.164.112 255.255.255.248 192.168.100.5
ip route 213.175.173.149 255.255.255.255 213.175.187.21
ip route 213.175.174.0 255.255.255.252 192.168.1.6
ip route 217.26.199.62 255.255.255.255 193.227.163.13
ip tacacs source-interface GigabitEthernet0/0.1
!
ip access-list standard Filter-in
permit 0.0.0.0
ip access-list standard NO-PREPEND
permit 185.54.98.0 0.0.0.255
permit 185.54.99.0 0.0.0.255
ip access-list standard PREPEND
permit 46.19.192.0 0.0.0.255
permit 185.54.96.0 0.0.0.255
permit 185.54.97.0 0.0.0.255
ip access-list standard REDIST-DMVPN
permit 192.168.3.0 0.0.0.255
permit 192.168.55.0 0.0.0.255
permit 192.168.1.0 0.0.0.255
permit 172.16.6.0 0.0.0.255
permit 172.16.1.0 0.0.0.255
permit 192.168.7.0 0.0.0.255
permit 192.168.4.0 0.0.0.255
permit 192.168.160.0 0.0.0.255
permit 192.168.6.0 0.0.0.255
permit 172.16.160.0 0.0.0.255
ip access-list standard REDIST-DMVPN-VOICE
permit 192.168.58.0 0.0.0.255
permit 192.168.59.0 0.0.0.255
permit 192.168.60.0 0.0.0.255
permit 172.16.2.0 0.0.0.255
ip access-list standard VTY-ACCESS
permit 192.168.3.0 0.0.0.255
permit 46.19.192.0 0.0.0.255
permit 185.54.96.0 0.0.3.255
!
ip access-list extended AUB
permit ip 193.227.188.128 0.0.0.63 any
ip access-list extended AXA-VOIP-RTP
permit udp host 193.227.164.9 host 100.100.100.1 range 16384 32767
ip access-list extended AXA-VOIP-Signaling
permit tcp host 193.227.164.9 host 100.100.100.1 eq 1720
ip access-list extended BGP-libanosuisse
permit ip host 46.19.192.20 192.168.213.0 0.0.0.255
permit ip host 46.19.192.22 192.168.213.0 0.0.0.255
permit ip host 192.168.1.140 host 192.168.213.1
ip access-list extended CTM-VPN
permit ip host 172.16.1.114 host 192.168.1.30
permit ip host 172.16.1.114 host 192.168.1.21
ip access-list extended GDS-AXA
permit ip 46.19.192.0 0.0.0.255 host 100.100.100.2
permit ip 46.19.192.0 0.0.0.255 host 100.100.100.3
permit ip host 192.168.1.140 host 100.100.100.2
permit ip host 192.168.1.140 host 100.100.100.3
ip access-list extended GDS-BDL
permit ip host 46.19.192.22 172.31.31.0 0.0.0.7
permit ip host 192.168.1.140 host 172.31.31.1
ip access-list extended GDS-Offices
permit ip host 46.19.192.11 host 172.16.17.5
permit ip host 46.19.192.11 host 172.16.16.3
permit ip 46.19.192.0 0.0.0.255 10.10.20.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 10.10.20.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 10.10.10.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 10.20.10.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 10.20.10.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 10.128.133.64 0.0.0.63
permit ip 185.54.96.0 0.0.3.255 10.128.133.64 0.0.0.63
permit ip 46.19.192.0 0.0.0.255 172.16.7.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.7.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.9.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.9.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.10.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.10.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.11.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.11.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.12.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.12.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.13.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.13.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.14.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.14.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.15.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.15.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.16.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.16.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 172.16.17.0 0.0.0.255
permit ip 185.54.96.0 0.0.3.255 172.16.17.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 10.134.141.64 0.0.0.63
permit ip 185.54.96.0 0.0.3.255 10.134.141.64 0.0.0.63
ip access-list extended GDS-Offices1
permit ip 46.19.192.0 0.0.0.255 172.16.5.32 0.0.0.7
permit ip 185.54.96.0 0.0.3.255 172.16.5.32 0.0.0.7
permit ip 46.19.192.0 0.0.0.255 172.16.5.40 0.0.0.7
permit ip 185.54.96.0 0.0.3.255 172.16.5.40 0.0.0.7
ip access-list extended GDS-Offices2
permit ip 46.19.192.0 0.0.0.255 172.16.5.64 0.0.0.7
permit ip 185.54.96.0 0.0.3.255 172.16.5.64 0.0.0.7
ip access-list extended GUI
permit ip host 192.168.1.151 host 192.168.101.130
ip access-list extended IDM-BGP
permit ip host 46.19.192.100 any
permit ip 46.19.192.0 0.0.0.255 80.77.185.0 0.0.0.255
permit ip 46.19.192.0 0.0.0.255 80.79.152.0 0.0.7.255
permit ip 46.19.192.0 0.0.0.255 93.185.80.0 0.0.15.255
permit ip 46.19.192.0 0.0.0.255 193.227.160.0 0.0.31.255
permit ip 46.19.192.0 0.0.3.255 194.126.0.0 0.0.31.255
permit ip 46.19.192.0 0.0.0.255 194.126.136.0 0.0.7.255
permit ip 46.19.192.0 0.0.0.255 212.36.192.0 0.0.31.255
permit ip 46.19.192.0 0.0.0.255 213.175.160.0 0.0.31.255
permit ip 185.54.96.0 0.0.0.255 80.77.185.0 0.0.0.255
permit ip 185.54.96.0 0.0.0.255 80.79.152.0 0.0.7.255
permit ip 185.54.96.0 0.0.3.255 93.185.80.0 0.0.15.255
permit ip 185.54.96.0 0.0.0.255 193.227.160.0 0.0.31.255
permit ip 185.54.96.0 0.0.3.255 194.126.0.0 0.0.31.255
permit ip 185.54.96.0 0.0.0.255 194.126.136.0 0.0.7.255
permit ip 185.54.96.0 0.0.0.255 212.36.192.0 0.0.31.255
permit ip 185.54.96.0 0.0.0.255 213.175.160.0 0.0.31.255
deny ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
deny ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
deny ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
deny ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
deny ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
deny ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
deny ip 193.227.164.0 0.0.0.255 193.227.164.0 0.0.0.255
deny ip 193.227.164.0 0.0.0.255 185.54.96.0 0.0.3.255
deny ip 193.227.164.0 0.0.0.255 46.19.192.0 0.0.0.255
deny ip 193.227.164.0 0.0.0.255 193.227.188.128 0.0.0.63
deny ip 193.227.188.128 0.0.0.63 193.227.188.128 0.0.0.63
deny ip 193.227.188.128 0.0.0.63 185.54.96.0 0.0.3.255
deny ip 193.227.188.128 0.0.0.63 46.19.192.0 0.0.0.255
deny ip 193.227.188.128 0.0.0.63 193.227.164.0 0.0.0.255
permit ip host 46.19.192.25 any
permit ip host 46.19.192.21 any
ip access-list extended IDM-DLL-GDS
permit ip host 193.227.164.57 any
ip access-list extended IDM-GDS-PESCO
deny ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
deny ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
deny ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
deny ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
deny ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
deny ip 193.227.164.0 0.0.0.255 185.54.96.0 0.0.3.255
deny ip 193.227.164.0 0.0.0.255 46.19.192.0 0.0.0.255
deny ip 193.227.164.0 0.0.0.255 193.227.164.0 0.0.0.255
deny ip 193.227.164.0 0.0.0.255 193.227.188.128 0.0.0.63
deny ip 193.227.188.128 0.0.0.63 185.54.96.0 0.0.3.255
deny ip 193.227.188.128 0.0.0.63 193.227.188.128 0.0.0.63
deny ip 193.227.188.128 0.0.0.63 46.19.192.0 0.0.0.255
deny ip 193.227.188.128 0.0.0.63 193.227.164.0 0.0.0.255
permit ip host 192.168.1.151 172.16.255.0 0.0.0.255
permit ip 193.227.188.128 0.0.0.63 any
permit ip 185.54.98.0 0.0.0.255 any
permit ip 185.54.99.0 0.0.0.255 any
ip access-list extended Inbound
deny udp any any eq 1433
deny tcp any any eq 1433
deny udp any any eq 1434
deny tcp any any eq 1434
deny udp any any eq 5060
deny tcp any any eq 5060
deny udp any any eq 5064
deny tcp any any eq 5064
deny udp any any eq 5080
deny tcp any any eq 5080
permit ip any any
ip access-list extended LIBANOSWISS-SEC
permit gre host 192.168.147.70 host 192.168.147.162
permit tcp host 192.168.194.160 host 172.16.58.10 eq 5060
permit udp host 192.168.194.160 host 172.16.58.10 eq 5060
permit udp host 192.168.194.160 host 172.16.58.10 range 16384 32767
permit tcp host 192.168.194.160 host 172.16.58.10 eq 2000
permit tcp host 192.168.194.160 host 172.16.58.10 eq 1720
permit tcp host 192.168.194.160 host 172.16.58.11 eq 5060
permit udp host 192.168.194.160 host 172.16.58.11 eq 5060
permit udp host 192.168.194.160 host 172.16.58.11 range 16384 32767
permit tcp host 192.168.194.160 host 172.16.58.11 eq 2000
permit tcp host 192.168.194.160 host 172.16.58.11 eq 1720
permit tcp host 192.168.194.161 host 172.16.58.10 eq 5060
permit udp host 192.168.194.161 host 172.16.58.10 eq 5060
permit udp host 192.168.194.161 host 172.16.58.10 range 16384 32767
permit tcp host 192.168.194.161 host 172.16.58.10 eq 2000
permit tcp host 192.168.194.161 host 172.16.58.10 eq 1720
permit tcp host 192.168.194.161 host 172.16.58.11 eq 5060
permit udp host 192.168.194.161 host 172.16.58.11 eq 5060
permit udp host 192.168.194.161 host 172.16.58.11 range 16384 32767
permit tcp host 192.168.194.161 host 172.16.58.11 eq 2000
ip access-list extended LL-BPU
permit ip 193.227.189.24 0.0.0.7 any
ip access-list extended Libano-Suisse-Egypt
permit ip host 192.168.1.151 host 172.16.255.237
permit ip host 192.168.1.151 host 172.16.255.245
permit ip host 192.168.1.151 host 172.16.255.230
ip access-list extended NAT
deny ip 172.16.160.0 0.0.0.255 192.168.25.0 0.0.0.255
deny ip 172.16.160.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 10.10.20.0 0.0.0.255 any
permit ip 172.16.160.0 0.0.0.255 any
ip access-list extended SODETEL-BGP
permit ip 185.54.96.0 0.0.3.255 5.8.128.0 0.0.63.255
permit ip 185.54.96.0 0.0.3.255 89.108.128.0 0.0.63.255
permit ip 185.54.96.0 0.0.3.255 93.126.128.0 0.0.127.255
permit ip 185.54.96.0 0.0.3.255 212.40.128.0 0.0.31.255
permit ip 185.54.96.0 0.0.3.255 212.101.224.0 0.0.31.255
deny ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
deny ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
deny ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
deny ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
deny ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
deny ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
deny ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
deny ip host 46.19.192.250 host 192.168.7.175
deny ip host 192.168.1.151 172.16.255.0 0.0.0.255
permit ip host 193.227.164.251 host 212.101.225.1
permit ip 46.19.192.0 0.0.0.255 any
permit ip 185.54.96.0 0.0.0.255 any
permit ip 185.54.97.0 0.0.0.255 any
ip access-list extended VPN-BDL
permit ip host 46.19.192.22 host 172.31.31.3
permit ip host 193.227.164.5 host 172.31.31.3
permit ip host 193.227.164.17 host 172.31.31.3
permit ip host 193.227.164.16 host 172.31.31.3
permit tcp host 192.168.1.105 host 172.31.31.6 eq 1521
ip access-list extended VPN-ITC
permit ip 172.16.1.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 172.16.160.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.58.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 172.16.160.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 192.168.58.0 0.0.0.255 192.168.24.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 172.16.160.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.58.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 172.16.1.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 172.16.6.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 172.16.160.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 192.168.26.0 0.0.0.255
permit ip 192.168.58.0 0.0.0.255 192.168.26.0 0.0.0.255
ip access-list extended VPN-LIBANOSUISSE
permit gre host 192.168.147.70 host 192.168.147.162
ip access-list extended VPN-NICE
permit ip 192.168.1.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.67.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.67.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.55.0 0.0.0.255 192.168.67.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.65.0 0.0.0.255
permit ip 192.168.58.0 0.0.0.255 192.168.65.0 0.0.0.255
ip access-list extended bankmed-vpn
permit ip 172.16.1.0 0.0.0.255 192.168.204.0 0.0.0.255
!
ip sla 1
icmp-echo 4.2.2.2 source-interface Serial0/2/1
frequency 20
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.4.4 source-interface Serial0/2/1
frequency 20
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 198.6.1.5 source-interface GigabitEthernet0/2
frequency 20
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
frequency 20
ip sla schedule 4 life forever start-time now
ip sla 10
icmp-echo 4.2.2.3 source-interface GigabitEthernet0/1
frequency 30
ip sla schedule 10 life forever start-time now
ip sla 11
icmp-echo 4.2.2.4 source-interface GigabitEthernet0/1
frequency 30
ip sla schedule 11 life forever start-time now
ip sla 12
icmp-echo 4.69.143.238 source-interface GigabitEthernet0/1
frequency 30
ip sla schedule 12 life forever start-time now
ip sla 20
icmp-echo 4.2.2.5 source-interface Loopback20
frequency 30
ip sla schedule 20 life forever start-time now
ip sla 21
icmp-echo 4.2.2.6 source-interface Loopback20
frequency 30
ip sla schedule 21 life forever start-time now
ip sla 22
icmp-echo 208.67.220.220 source-interface Loopback20
frequency 30
ip sla schedule 22 life forever start-time now
!
map-class frame-relay VOIPFR-AXA
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
service-policy output VOICE-POLICY
!
map-class frame-relay VOIPFR-IPT
frame-relay cir 1024000
frame-relay bc 10240
frame-relay be 0
frame-relay mincir 1024000
!
map-class frame-relay VOIPFR-BLF
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
!
map-class frame-relay VOIPFR-HDF
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
!
map-class frame-relay VOIPFR-AUB
frame-relay cir 512000
frame-relay bc 5120
frame-relay be 0
frame-relay mincir 512000
!
map-class frame-relay Mednet
frame-relay cir 256000
frame-relay bc 256000
frame-relay mincir 256000
frame-relay traffic-rate 256000 256000
!
map-class frame-relay VOIPFR-Bankers
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 128000
access-list 100 permit ip 193.227.188.128 0.0.0.63 any
access-list 140 permit ip host 192.168.1.41 host 172.20.1.21
access-list 140 permit ip host 192.168.1.41 host 172.17.1.20
access-list 197 permit ip any host 193.227.188.133
access-list 197 deny ip any any
access-list 198 permit ip host 192.168.3.3 host 192.168.25.69
access-list 198 permit ip host 192.168.3.3 host 192.168.25.111
access-list 199 permit ip any host 193.227.164.251
access-list 199 permit ip any host 193.227.164.250
access-list 199 permit ip any 46.19.192.248 0.0.0.7
access-list 199 permit ip 46.19.192.248 0.0.0.7 any
access-list 199 permit ip any host 46.19.192.27
access-list 199 permit ip host 46.19.192.27 any
access-list 199 permit ip host 46.19.192.100 any
access-list 199 permit ip any host 46.19.192.100
access-list 199 permit ip any 185.54.97.248 0.0.0.7
access-list 199 permit ip 185.54.97.248 0.0.0.7 any
!
route-map redist-static-backup permit 10
match ip address REDIST-DMVPN-BACKUP
!
route-map GLOBEMED permit 10
match ip address PREPEND
set as-path prepend 51938 51938 51938 51938 51938 51938 51938 51938
!
route-map GLOBEMED permit 20
match ip address NO-PREPEND
!
route-map Internet-in permit 10
match ip address Filter-in
!
route-map redist-static permit 10
match ip address REDIST-DMVPN
!
route-map ISA permit 2
match ip address GDS-AXA
set ip default next-hop 192.168.100.2
!
route-map ISA permit 3
match ip address GDS-BDL
set ip default next-hop 192.168.101.121
!
route-map ISA permit 4
match ip address GDS-Offices2
set ip default next-hop 172.16.4.14
!
route-map ISA permit 5
match ip address GDS-Offices1
set ip default next-hop 172.16.4.10
!
route-map ISA permit 6
match ip address GDS-Offices
set ip default next-hop 192.168.101.117
!
route-map ISA permit 7
match ip address BGP-libanosuisse
set ip default next-hop 192.168.147.69
!
route-map ISA permit 8
match ip address IDM-DLL-GDS
set ip next-hop verify-availability 213.175.183.13 1 track 100
set ip next-hop verify-availability 213.175.187.21 2 track 200
set ip next-hop 193.227.163.13
!
route-map ISA permit 9
match ip address IDM-GDS-PESCO
set ip next-hop verify-availability 213.175.187.21 1 track 200
set ip next-hop verify-availability 193.227.163.13 2 track 101
set ip next-hop 193.227.163.13 213.175.183.13
!
route-map ISA permit 10
match ip address IDM-BGP
set ip next-hop verify-availability 213.175.187.21 1 track 200
set ip next-hop 193.227.164.99
!
route-map ISA permit 11
match ip address SODETEL-BGP
set ip next-hop verify-availability 193.227.164.99 1 track 300
set ip next-hop 213.175.187.21
!
route-map ISA permit 30
match ip address AUB
set ip next-hop 193.227.163.13
!
route-map ISA permit 40
match ip address LL-BPU
set ip default next-hop 192.168.129.93
!
route-map redist-static-voice permit 10
match ip address REDIST-DMVPN-VOICE
!
control-plane
.....
--------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------
SPOKE:
--------------
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
crypto isakmp key ************* address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-ts esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-ts-2 esp-3des esp-sha-hmac
crypto ipsec transform-set VPN-GIC esp-3des esp-md5-hmac
crypto ipsec transform-set HO-TS esp-3des esp-md5-hmac
crypto ipsec transform-set TS-AES256-SHA esp-aes 256 esp-sha-hmac
!
crypto ipsec profile WAN
set transform-set HO-TS
!
!
crypto map MednetKSA local-address GigabitEthernet0/1
crypto map MednetKSA 20 ipsec-isakmp
set peer 5.42.225.78
set transform-set TS-AES256-SHA
match address VPN-ITC
crypto map MednetKSA 30 ipsec-isakmp
set peer 46.235.90.122
set transform-set VPN-ts
match address VPN-Jeddah
crypto map MednetKSA 40 ipsec-isakmp
set peer 46.235.92.26
set transform-set VPN-ts
match address VPN-damam
crypto map MednetKSA 50 ipsec-isakmp
set peer 91.140.224.1
set transform-set VPN-GIC
match address VPNTOGIC
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
!
!
ip ssh time-out 60
ip ssh version 2
!
class-map match-all COPP-CM-TTL-0/1
match access-group name ACL-MATCH-TTL-0/1
class-map type port-filter match-any pf-class
match closed-ports
!
!
policy-map type port-filter pf-policy
class pf-class
drop
policy-map COPP-PM
class COPP-CM-TTL-0/1
drop
!
!
interface Tunnel0
description DUAL HUB DMVPN CLOUD FOR DATA TRAFFIC
ip address 172.16.18.2 255.255.255.0
no ip redirects
ip nhrp authentication medvpn
ip nhrp map multicast dynamic
ip nhrp map multicast 193.227.163.14
ip nhrp map 172.16.18.1 193.227.163.14
ip nhrp network-id 90
ip nhrp holdtime 300
ip nhrp nhs 172.16.18.1
ip tcp adjust-mss 1240
load-interval 30
keepalive 10 3
tunnel source 84.235.53.209
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile WAN
!
interface Tunnel1
description DUAL HUB DMVPN CLOUD FOR VOICE TRAFFIC
ip address 172.16.19.2 255.255.255.0
no ip redirects
ip nhrp authentication medvpn
ip nhrp map multicast dynamic
ip nhrp map multicast 213.175.183.14
ip nhrp map 172.16.19.1 213.175.183.14
ip nhrp network-id 90
ip nhrp holdtime 300
ip nhrp nhs 172.16.19.1
ip tcp adjust-mss 1240
load-interval 30
keepalive 10 3
tunnel source 84.235.53.233
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile WAN
!
interface GigabitEthernet0/0
description Connected to ISP
ip address 84.235.54.41 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
rate-limit input access-group 197 2048000 24000 48000 conform-action transmit exceed-action drop
rate-limit output access-group 197 1024000 12000 24000 conform-action transmit exceed-action drop
load-interval 30
duplex auto
speed auto
crypto map MednetKSA
!
interface GigabitEthernet0/1
description Connected to ASAs
ip address 84.235.53.233 255.255.255.248 secondary
ip address 84.235.53.234 255.255.255.248 secondary
ip address 84.235.53.209 255.255.255.240
ip access-group Inside-IN in
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1250
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/3/0
description Connected to WiMax_Connection
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Integrated-Service-Engine1/0
ip address 192.168.28.1 255.255.255.0
service-module ip address 192.168.28.2 255.255.255.0
service-module ip default-gateway 192.168.28.1
no keepalive
!
interface Vlan1
description Connected to WiMax_Connection
ip address 84.235.39.121 255.255.255.248
crypto map MednetKSA
!
router eigrp 10
redistribute static route-map redist-static
network 172.16.18.0 0.0.0.255
network 192.168.28.0
no auto-summary
!
router eigrp 11
redistribute static route-map redist-static-voice
network 172.16.19.0 0.0.0.255
no auto-summary
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
network 84.235.53.208 mask 255.255.255.240
network 84.235.53.232 mask 255.255.255.248
timers bgp 10 20 20
neighbor 84.235.39.126 remote-as 25019
neighbor 84.235.39.126 ebgp-multihop 255
neighbor 84.235.39.126 soft-reconfiguration inbound
neighbor 84.235.39.126 prefix-list BGP-FILTER-IN in
neighbor 84.235.39.126 route-map AS-Prepend out
neighbor 84.235.54.46 remote-as 25019
neighbor 84.235.54.46 ebgp-multihop 255
neighbor 84.235.54.46 soft-reconfiguration inbound
neighbor 84.235.54.46 weight 110
neighbor 84.235.54.46 prefix-list BGP-FILTER-IN in
neighbor 84.235.54.46 route-map BGP-FILTER-OUT-1 out
maximum-paths 2
no auto-summary
!
ip forward-protocol nd
ip route 4.2.2.2 255.255.255.255 84.235.54.46
ip route 172.16.1.0 255.255.255.0 172.16.18.1
ip route 172.16.6.0 255.255.255.0 172.16.18.1
ip route 172.16.160.0 255.255.255.0 172.16.18.1
ip route 192.168.1.0 255.255.255.0 172.16.18.1
ip route 192.168.3.0 255.255.255.0 172.16.18.1
ip route 192.168.4.0 255.255.255.0 172.16.18.1
ip route 192.168.7.0 255.255.255.0 172.16.18.1
ip route 192.168.9.0 255.255.255.0 84.235.53.220
ip route 192.168.9.0 255.255.255.0 84.235.53.221 10
ip route 192.168.9.34 255.255.255.255 84.235.53.221
ip route 192.168.10.0 255.255.255.0 84.235.53.220
ip route 192.168.10.0 255.255.255.0 84.235.53.221 20
ip route 192.168.58.0 255.255.255.0 172.16.19.1
ip route 192.168.59.0 255.255.255.0 172.16.19.1
ip route 192.168.60.0 255.255.255.0 172.16.19.1
ip route 198.6.1.5 255.255.255.255 84.235.54.46
!
ip access-list standard REDIST-DMVPN
permit 192.168.9.0 0.0.0.255
ip access-list standard REDIST-DMVPN-BACKUP
permit 192.168.9.0 0.0.0.255
permit 192.168.10.0 0.0.0.255
ip access-list standard REDIST-DMVPN-VOICE
permit 192.168.10.0 0.0.0.255
!
ip access-list extended ACL-MATCH-TTL-0/1
permit ip any any ttl eq 0
permit ip any any ttl eq 1
ip access-list extended Anti-Spoofing
deny udp any any range 135 netbios-ss
deny tcp any any range 135 139
deny tcp any any eq 445
deny udp any range 135 netbios-ss any
deny tcp any range 135 139 any
deny tcp any eq 445 any
deny icmp any any redirect log
deny icmp any any mask-request log
deny ip host 0.0.0.0 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 224.0.0.0 31.255.255.255 any log
deny ip host 255.255.255.255 any log
permit ip any any
ip access-list extended Inside-IN
permit ip 84.235.53.208 0.0.0.15 any
permit ip 192.168.9.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 84.235.53.224 0.0.0.15 any
ip access-list extended REDIST-VPN
ip access-list extended VPN-ITC
permit ip 192.168.9.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.25.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 172.16.25.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
ip access-list extended VPN-Jeddah
permit ip host 172.16.25.69 192.168.12.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 host 192.168.12.33
permit ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 host 192.168.12.33
permit ip host 192.168.9.20 host 192.168.12.33
ip access-list extended VPN-damam
permit ip 192.168.9.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
ip access-list extended VPNTOGIC
permit ip host 192.168.25.100 host 172.17.1.250
ip access-list extended VTY-Access
permit ip 84.235.53.208 0.0.0.15 any
permit ip 193.227.164.0 0.0.0.255 any
permit ip host 192.168.9.18 any
permit ip 46.19.192.0 0.0.0.255 any
permit ip 193.227.188.128 0.0.0.63 any
permit ip 185.54.96.0 0.0.3.255 any
!
!
ip prefix-list BGP-FILTER-IN seq 5 permit 0.0.0.0/0
!
ip prefix-list BGP-FILTER-OUT seq 5 permit 84.235.53.208/28
ip prefix-list BGP-FILTER-OUT seq 10 permit 84.235.53.232/29
access-list 197 permit ip any host 84.235.53.216
access-list 197 permit ip host 84.235.53.216 any
access-list 197 permit ip host 84.235.53.218 any
access-list 197 permit ip any host 84.235.53.218
!
!
route-map BGP-FILTER-OUT-1 permit 10
match ip address prefix-list BGP-FILTER-OUT
!
route-map redist-static permit 10
match ip address REDIST-DMVPN
!
route-map AS-Prepend permit 10
set as-path prepend 64513 64513 64513 64513 64513
!
route-map redist-static-voice permit 10
match ip address REDIST-DMVPN-VOICE
control-plane cef-exception
service-policy input COPP-PM
!
09-23-2014 06:40 AM
Dear Rick,
Please find below the output of "ping 224.0.0.10" from the spoke:
KSA-RTR#p 224.0.0.10
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
Reply to request 0 from 172.16.19.1, 184 ms
Reply to request 0 from 172.16.18.1, 184 ms
Regards,
Allen Jreitiny
09-23-2014 08:18 AM
Can you post a config from the spoke as well?
Joe
09-24-2014 11:39 PM
Hi Joseph,
From the Hub side, i can see the neighbor but not from the Spoke side.
HUB#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
5 172.16.18.2 Tu0 12 00:00:56 1 5000 1 0
EIGRP-IPv4 Neighbors for AS(11)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.19.2 Tu1 12 00:01:17 1 5000 1 0
------------------------------------------------------------------------------------------------------
Spoke#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10
IP-EIGRP neighbors for process 11
------------------------------------------------------------------------------------------------------------
No Packet loss from the spoke side.
No EIGRP values changes.
No Logs for EIGRP
------------------------------------------------------------------------------------------------------------
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: