Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

EIGRP routes over DMVPN.

Hi,

I have EIGRP over DMVPN with 1 hub and 15 spokes, suddenly the routes on 1 of the spokes disappeared.

After troubleshooting the issue, i have found that everything is working fine (ISAKMP, IPSEC, GRE...). Even i am able to ping the hub GRE ip.

When i checked the EIGRP neighbors, i discovered that there is no neighbor.

As a temporary solution i have used static routes on the GRE tunnel.

5 REPLIES
Hall of Fame Super Gold

This describes an interesting

This describes an interesting problem but does not give us much to work with. Have there been any changes on either the hub or the spoke router? Were there any log messages about events that might have impacted EIGRP? Can you ping 224.0.0.10 from the spoke? Are there any access lists on the interfaces? Perhaps posting the config from the hub and the spoke might help us find the issue?

 

HTH

 

Rick

Community Member

HUB:----------version 15

HUB:

----------


version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LEB-RTR-IDM
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.154-3.M.bin
boot-end-marker
!
!
logging buffered 512000
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
!
clock timezone UTC 2 0
clock summer-time BeirutSummer recurring last Sun Mar 0:00 last Sun Oct 2:00
!
no ipv6 cef
ip source-route
ip cef
!

!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3631214335
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3631214335
 revocation-check none
!
!
crypto pki certificate chain TP-self-signed-3631214335
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363331 32313433 3335301E 170D3134 30353034 31373031
  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36333132
  31343333 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BCF6 9F1647C3 8DB7E0AD 2649C5CE 7F22D909 EEDAFD3F 9727F3C8 3F3546B6
  2A1A205F F63709A3 F3A96651 3680FDBF 355C6FDB 2F05A3D2 3015D3E4 32B9971A
  98CFC7BC 06FF369E 9D9FB502 5FC9D4B5 BDA5B20F 7BAB6E46 899345AD CE7F1AD3
  064C1561 3630FE5C FB80A288 D3C9489A 2FC62EE5 95C896FB 0355930C CE03F9AF
  98810203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 149DDDD3 15E84F97 B7EA5988 9BDA0203 D6B4EFFC F1301D06
  03551D0E 04160414 9DDDD315 E84F97B7 EA59889B DA0203D6 B4EFFCF1 300D0609
  2A864886 F70D0101 04050003 81810031 97186FE2 F2F58612 1AE12869 B377640A
  331FAF76 8BB36F7B 976255C8 11EED80E 109C36EA 729E4BFB 75456AD7 1A6377AB
  6334EF1F 6F33EFF6 52BD5503 0A4C053D C6FA207E A6C1D886 4EAB4590 68E95B36
  9DB5352A 0FFAAEA1 76441626 A011CA7F 9D1994E0 BB78D15B 6C11B5F4 B769E3FB
  74110D4D 6E7A9B71 7FAFED33 0C50AE
        quit
license udi pid CISCO2911/K9 sn FCZ1447205E
!
!
!
redundancy
!
!
!
!
ip ssh time-out 60
ip ssh version 2
!
track 1 ip sla 1
 delay down 30 up 30
!
track 2 ip sla 2
 delay down 30 up 30
!
track 3 ip sla 3
 delay down 30 up 30
!
track 4 ip sla 4
 delay down 30 up 30
!
track 10 ip sla 10
 delay down 30 up 30
!
track 11 ip sla 11
 delay down 30 up 30
!
track 12 ip sla 12
 delay down 30 up 30
!
track 20 ip sla 20
 delay down 30 up 30
!
track 21 ip sla 21
 delay down 30 up 30
!
track 22 ip sla 22
 delay down 30 up 30
!
track 100 list boolean or
 object 1
 object 2
!
track 101 list boolean or
 object 3
 object 4
!
track 200 list boolean or
 object 10
 object 11
 object 12
!
track 300 list boolean or
 object 20
 object 21
 object 22
!
class-map match-all voice-signaling
 match access-group name AXA-VOIP-Signaling
class-map match-all voice-traffic
 match access-group name AXA-VOIP-RTP
class-map match-all VPN-Data
 match access-group name VPN-Bahrain-Data
!
!
policy-map VPN-Data
 class VPN-Data
  set dscp af11
policy-map VOICE-POLICY
 class voice-traffic
  priority 90
 class voice-signaling
  bandwidth 10
 class class-default
  fair-queue
!
!
!
crypto isakmp policy 5
 encr 3des
 hash md5
 authentication pre-share
!
crypto isakmp policy 7
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 30
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 70
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 90
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 95
 encr aes 256
 authentication pre-share
 group 5

crypto isakmp key *********** address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set encryption esp-des esp-md5-hmac
crypto ipsec transform-set encryption2 esp-3des esp-md5-hmac
crypto ipsec transform-set encryption3 esp-3des esp-sha-hmac
crypto ipsec transform-set VPN-BDL esp-3des esp-md5-hmac
crypto ipsec transform-set mednetgic esp-des esp-md5-hmac
crypto ipsec transform-set Bahrain-TS esp-3des esp-md5-hmac
crypto ipsec transform-set KSA-TS esp-3des esp-md5-hmac
crypto ipsec transform-set UAE-TS esp-des esp-md5-hmac
crypto ipsec transform-set SYR-TS esp-des esp-md5-hmac
crypto ipsec transform-set CTM esp-3des esp-md5-hmac
crypto ipsec transform-set vpn-bankmed esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-LIBANOSUISSE esp-aes 256 esp-sha-hmac
crypto ipsec transform-set Qatar-TS esp-3des esp-md5-hmac
crypto ipsec transform-set TS-VPN-NICE esp-3des esp-sha-hmac
crypto ipsec transform-set GUI esp-aes 256 esp-sha-hmac
crypto ipsec transform-set KSA-ITC esp-aes 256 esp-sha-hmac
!
crypto ipsec profile WAN
 set transform-set KSA-TS
!
!
crypto map VPN-BDL local-address Vlan200
crypto map VPN-BDL 50 ipsec-isakmp
 set peer 172.31.31.2
 set transform-set VPN-BDL
 match address VPN-BDL
!
crypto map VPN-LIBANOSUISSE 70 ipsec-isakmp
 set peer 192.168.147.162
 set transform-set VPN-LIBANOSUISSE
 match address VPN-LIBANOSUISSE
!
crypto map VPN-over-DSL 5 ipsec-isakmp
 set peer 85.112.68.3
 set transform-set vpn-bankmed
 match address bankmed-vpn
crypto map VPN-over-DSL 35 ipsec-isakmp
 set peer 212.98.144.210
 set transform-set CTM
 match address CTM-VPN
!
crypto map VPN-over-GDS+IDM 15 ipsec-isakmp
 set peer 197.246.10.38
 set transform-set VPN-LIBANOSUISSE
 match address Libano-Suisse-Egypt
crypto map VPN-over-GDS+IDM 25 ipsec-isakmp
 set peer 217.26.199.62
 set transform-set TS-VPN-NICE
 match address VPN-NICE
crypto map VPN-over-GDS+IDM 35 ipsec-isakmp
 set peer 83.244.54.26
 set transform-set GUI
 match address GUI
crypto map VPN-over-GDS+IDM 45 ipsec-isakmp
 set peer 5.42.225.78
 set transform-set KSA-ITC
 match address VPN-ITC
!
crypto map mednetksa local-address GigabitEthernet0/0.1
crypto map mednetksa 40 ipsec-isakmp
 set peer 91.140.224.1
 set transform-set encryption2
 match address 140
!
!
!
!
!
interface Loopback10
 description USED FOR BGP WITH IDM
 ip address 213.175.177.217 255.255.255.255
!
interface Loopback20
 description USED FOR SODETEL BGP TRACKING
 ip address 10.222.222.222 255.255.255.255
!
interface Loopback666
 no ip address
!
interface Tunnel0
 description DUAL HUB DMVPN CLOUD FOR DATA TRAFFIC - IDM MW
 ip address 172.16.18.1 255.255.255.0
 no ip redirects
 no ip next-hop-self eigrp 10
 ip nhrp authentication medvpn
 ip nhrp map multicast dynamic
 ip nhrp network-id 90
 ip nhrp holdtime 300
 ip tcp adjust-mss 1240
 no ip split-horizon eigrp 10
 load-interval 30
 keepalive 10 3
 tunnel source GigabitEthernet0/2
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile WAN
 max-reserved-bandwidth 100
!
interface Tunnel1
 description DUAL HUB DMVPN CLOUD FOR VOICE TRAFFIC - IDM DLL
 ip address 172.16.19.1 255.255.255.0
 no ip redirects
 no ip next-hop-self eigrp 11
 ip nhrp authentication medvpn
 ip nhrp map multicast dynamic
 ip nhrp network-id 90
 ip nhrp holdtime 300
 ip tcp adjust-mss 1240
 no ip split-horizon eigrp 11
 load-interval 30
 keepalive 10 3
 tunnel source 213.175.183.14
 tunnel mode gre multipoint
 tunnel key 100001
 tunnel protection ipsec profile WAN
 max-reserved-bandwidth 100
!
interface Tunnel23
 description TUNNEL TO AXA THROUGH GDS (Serial0/3/0.2)
 ip address 192.168.100.6 255.255.255.252
 tunnel source 192.168.100.2
 tunnel destination 172.20.1.2
!
interface Tunnel50
 description TUNNEL TO LIBANO-SUISSE (Serial0/3/1.1)
 ip address 172.23.1.1 255.255.255.252
 ip access-group LIBANOSWISS-SEC in
 load-interval 30
 keepalive 2 5
 tunnel source 192.168.147.70
 tunnel destination 192.168.147.162
!
interface GigabitEthernet0/0
 description CONNECTED TO OUTSIDE-SWITCH
 no ip address
 ip nat inside
 ip virtual-reassembly in
 duplex full
 speed 100
!
interface GigabitEthernet0/0.1
 description OUTSIDE-SWITCH (ASAs + RTR-SOD)
 encapsulation dot1Q 2
 ip address 193.227.164.9 255.255.255.0
 ip policy route-map ISA
 service-policy input VPN-Data
!
interface GigabitEthernet0/0.100
 description OUTSIDE-SWITCH MANAGEMENT
 encapsulation dot1Q 100
 ip address 172.31.1.1 255.255.255.0
!
interface GigabitEthernet0/1
 description GDS-IDM (BGP)
 ip address 213.175.187.22 255.255.255.252
 ip access-group Inbound in
 ip nat outside
 ip virtual-reassembly in
 rate-limit input access-group 199 2048000 24000 48000 conform-action transmit exceed-action drop
 rate-limit output access-group 199 1024000 12000 24000 conform-action transmit exceed-action drop
 load-interval 30
 duplex full
 speed 100
 no cdp enable
 crypto map VPN-over-GDS+IDM
!
interface GigabitEthernet0/2
 description PESCO-IDM
 ip address 193.227.163.14 255.255.255.252
 ip access-group Inbound in
 ip nat outside
 no ip virtual-reassembly in
 load-interval 30
 duplex auto
 speed auto
 no cdp enable
 crypto map VPN-over-DSL
!
interface Serial0/2/0
 description BPU Leased-Line IDM 768K
 bandwidth 768
 ip address 192.168.129.94 255.255.255.252
 ip access-group Inbound in
 ip nat outside
 ip virtual-reassembly in
 load-interval 30
 crypto map mednetksa
!
interface Serial0/2/1
 description DLL-IDM
 ip address 213.175.183.14 255.255.255.252
 ip access-group Inbound in
 ip nat outside
 no ip virtual-reassembly in
 rate-limit input access-group 199 1024000 12000 24000 conform-action transmit exceed-action drop
 load-interval 30
 fair-queue
 crypto map mednetksa
!
interface Serial0/3/0
 description DM WAN link
 no ip address
 encapsulation frame-relay IETF
 load-interval 30
 frame-relay lmi-type ansi
!
interface Serial0/3/0.2 point-to-point
 description Connection to AXA through GlobalCom
 ip address 192.168.100.2 255.255.255.252
 frame-relay interface-dlci 100   
  class VOIPFR-AXA
!
interface Serial0/3/0.4 point-to-point
 description Connection to IPT
 ip nat inside
 ip virtual-reassembly in
 shutdown
 frame-relay interface-dlci 25   
  class VOIPFR-IPT
!
interface Serial0/3/0.5 point-to-point
 description Connection to BLF Hamra
 ip address 172.16.4.13 255.255.255.252
 frame-relay interface-dlci 109   
  class VOIPFR-BLF
!
interface Serial0/3/0.7 point-to-point
 description Connection to HDF
 ip address 172.16.4.9 255.255.255.252
 ip policy route-map ISA
 frame-relay interface-dlci 108   
  class VOIPFR-HDF
!
interface Serial0/3/0.8 point-to-point
 description Connection to AUB
 ip address 172.16.1.18 255.255.255.252
 frame-relay interface-dlci 130   
  class VOIPFR-AUB
!
interface Serial0/3/0.9 point-to-point
 description Connection to BDL
 shutdown
 frame-relay interface-dlci 26   
 crypto ipsec df-bit clear
!
interface Serial0/3/1
 no ip address
 encapsulation frame-relay
!
interface Serial0/3/1.1 point-to-point
 description Connection to Libano Swiss
 ip address 192.168.147.70 255.255.255.252
 frame-relay interface-dlci 310   
 crypto map VPN-LIBANOSUISSE
!
interface GigabitEthernet0/1/0
 description Backup over DSL GDS (Vlan200)
 switchport access vlan 200
 load-interval 30
!
interface GigabitEthernet0/1/1
 description Connection to Remote-Offices Through GDS (Vlan127)
 switchport access vlan 127
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan127
 description Connection to Remote-Offices Through GDS
 ip address 192.168.101.118 255.255.255.252
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan200
 description Backup over DSL GDS (GigabitEthernet0/1/0)
 ip address 192.168.101.122 255.255.255.252
 load-interval 30
 crypto map VPN-BDL
 crypto ipsec df-bit clear
!
!
router eigrp 10
 network 172.16.18.0 0.0.0.255
 redistribute static route-map redist-static
!
!
router eigrp 11
 network 172.16.18.0 0.0.0.255
 network 172.16.19.0 0.0.0.255
 redistribute static route-map redist-static-voice
!
router bgp 51938
 bgp log-neighbor-changes
 network 46.19.192.0 mask 255.255.255.0
 network 185.54.96.0 mask 255.255.255.0
 network 185.54.97.0 mask 255.255.255.0
 network 185.54.98.0 mask 255.255.255.0
 network 185.54.99.0 mask 255.255.255.0
 neighbor 212.36.211.9 remote-as 9051
 neighbor 212.36.211.9 ebgp-multihop 10
 neighbor 212.36.211.9 update-source Loopback10
 neighbor 212.36.211.9 soft-reconfiguration inbound
 neighbor 212.36.211.9 route-map Internet-in in
 neighbor 212.36.211.9 route-map GLOBEMED out
 no auto-summary
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
ip flow-cache timeout active 1
ip flow-export version 5
!
ip nat pool nat-pool 185.54.99.253 185.54.99.253 netmask 255.255.255.0
ip nat inside source list NAT pool nat-pool overload
ip route 84.235.53.233 255.255.255.255 213.175.183.13 track 100
ip route 213.178.246.166 255.255.255.255 213.175.183.13 track 100
ip route 77.69.181.51 255.255.255.255 213.175.183.13 track 100
ip route 212.77.221.11 255.255.255.255 213.175.183.13 track 100
ip route 83.244.91.234 255.255.255.255 213.175.183.13 track 100
ip route 41.33.169.19 255.255.255.255 213.175.183.13 track 100
ip route 194.165.141.61 255.255.255.255 213.175.183.13 track 100
ip route 197.255.53.164 255.255.255.255 213.175.183.13 track 100
ip route 213.178.246.161 255.255.255.255 213.175.183.13 10 track 100
ip route 84.235.53.209 255.255.255.255 213.175.183.13 10 track 100
ip route 77.69.181.50 255.255.255.255 213.175.183.13 10 track 100
ip route 212.77.221.10 255.255.255.255 213.175.183.13 10 track 100
ip route 83.244.91.233 255.255.255.255 213.175.183.13 10 track 100
ip route 41.33.169.18 255.255.255.255 213.175.183.13 10 track 100
ip route 197.255.53.163 255.255.255.255 213.175.183.13 10 track 100
ip route 86.62.248.115 255.255.255.255 213.175.183.13 10 track 100
ip route 62.173.41.123 255.255.255.255 213.175.183.13 track 100
ip route 62.173.41.122 255.255.255.255 213.175.183.13 10 track 100
ip route 78.100.140.147 255.255.255.255 213.175.183.13 track 100
ip route 78.100.140.146 255.255.255.255 213.175.183.13 10 track 100
ip route 94.200.77.161 255.255.255.255 213.175.183.13 10 track 100
ip route 94.56.106.41 255.255.255.255 213.175.183.13 track 100
ip route 91.140.233.50 255.255.255.255 213.175.183.13 10 track 100
ip route 91.74.59.86 255.255.255.255 213.175.183.13 track 100
ip route 94.56.106.40 255.255.255.255 213.175.183.13 10 track 100
ip route 5.42.225.78 255.255.255.255 213.175.183.13 10 track 100
ip route 84.235.53.233 255.255.255.255 193.227.163.13 10 track 101
ip route 213.178.246.161 255.255.255.255 193.227.163.13 track 101
ip route 213.178.246.166 255.255.255.255 193.227.163.13 10 track 101
ip route 84.235.53.209 255.255.255.255 193.227.163.13 track 101
ip route 194.165.141.59 255.255.255.255 193.227.163.13 track 101
ip route 77.69.181.51 255.255.255.255 193.227.163.13 10 track 101
ip route 77.69.181.50 255.255.255.255 193.227.163.13 track 101
ip route 212.77.221.11 255.255.255.255 193.227.163.13 10 track 101
ip route 212.77.221.10 255.255.255.255 193.227.163.13 track 101
ip route 83.244.91.233 255.255.255.255 193.227.163.13 track 101
ip route 83.244.91.234 255.255.255.255 193.227.163.13 10 track 101
ip route 41.33.169.18 255.255.255.255 193.227.163.13 track 101
ip route 41.33.169.19 255.255.255.255 193.227.163.13 10 track 101
ip route 197.255.53.164 255.255.255.255 193.227.163.13 10 track 101
ip route 197.255.53.163 255.255.255.255 193.227.163.13 track 101
ip route 86.62.248.115 255.255.255.255 193.227.163.13 track 101
ip route 62.173.41.123 255.255.255.255 193.227.163.13 10 track 101
ip route 62.173.41.122 255.255.255.255 193.227.163.13 track 101
ip route 78.100.140.147 255.255.255.255 193.227.163.13 10 track 101
ip route 78.100.140.146 255.255.255.255 193.227.163.13 track 101
ip route 91.140.233.51 255.255.255.255 193.227.163.13 track 101
ip route 94.125.228.164 255.255.255.255 193.227.163.13 10 track 101
ip route 94.200.77.161 255.255.255.255 193.227.163.13 track 101
ip route 94.56.106.41 255.255.255.255 193.227.163.13 10 track 101
ip route 91.140.233.50 255.255.255.255 193.227.163.13 track 101
ip route 78.100.151.58 255.255.255.255 193.227.163.13 10 track 101
ip route 91.74.59.86 255.255.255.255 193.227.163.13 10 track 101
ip route 94.56.106.40 255.255.255.255 193.227.163.13 track 101
ip route 0.0.0.0 0.0.0.0 213.175.187.21 track 101
ip route 5.42.225.78 255.255.255.255 193.227.163.13 20 track 101
ip route 0.0.0.0 0.0.0.0 193.227.163.13 5 track 200
ip route 0.0.0.0 0.0.0.0 213.175.183.13 10
ip route 4.2.2.2 255.255.255.255 213.175.183.13
ip route 4.2.2.3 255.255.255.255 213.175.187.21
ip route 4.2.2.4 255.255.255.255 213.175.187.21
ip route 4.2.2.5 255.255.255.255 193.227.164.99
ip route 4.2.2.6 255.255.255.255 193.227.164.99
ip route 4.69.143.238 255.255.255.255 213.175.187.21
ip route 8.8.4.4 255.255.255.255 213.175.183.13
ip route 10.1.1.0 255.255.255.0 172.16.254.2
ip route 10.1.2.0 255.255.255.0 192.168.147.69
ip route 10.8.8.12 255.255.255.252 193.227.164.99
ip route 10.10.10.0 255.255.255.0 192.168.101.117
ip route 10.10.20.0 255.255.255.0 192.168.101.117
ip route 10.128.133.64 255.255.255.192 192.168.101.117
ip route 10.134.141.64 255.255.255.192 192.168.101.117
ip route 46.19.192.0 255.255.255.0 193.227.164.6
ip route 85.112.68.3 255.255.255.255 193.227.163.13
ip route 91.140.224.1 255.255.255.255 213.175.183.13
ip route 91.140.233.51 255.255.255.255 213.175.183.13 10
ip route 100.100.100.1 255.255.255.255 192.168.100.5
ip route 100.100.100.2 255.255.255.255 192.168.100.5
ip route 100.100.100.3 255.255.255.255 192.168.100.5
ip route 100.100.100.102 255.255.255.255 192.168.100.5
ip route 100.100.100.103 255.255.255.255 192.168.100.5
ip route 100.100.100.104 255.255.255.255 192.168.100.5
ip route 100.100.100.105 255.255.255.255 192.168.100.5
ip route 172.16.1.0 255.255.255.0 193.227.164.6
ip route 172.16.1.23 255.255.255.255 193.227.188.130
ip route 172.16.2.0 255.255.255.0 193.227.164.6
ip route 172.16.3.0 255.255.255.0 193.227.164.6
ip route 172.16.5.32 255.255.255.248 172.16.4.10
ip route 172.16.5.40 255.255.255.248 172.16.4.10
ip route 172.16.5.64 255.255.255.248 172.16.4.14
ip route 172.16.6.0 255.255.255.0 193.227.164.6
ip route 172.16.7.0 255.255.255.0 192.168.101.117
ip route 172.16.11.0 255.255.255.0 192.168.101.117
ip route 172.16.13.0 255.255.255.0 192.168.101.117
ip route 172.16.14.0 255.255.255.0 192.168.101.117
ip route 172.16.15.0 255.255.255.0 192.168.101.117
ip route 172.16.16.0 255.255.255.0 192.168.101.117
ip route 172.16.17.0 255.255.255.0 192.168.101.117
ip route 172.16.100.0 255.255.255.0 172.16.1.17
ip route 172.16.160.0 255.255.255.0 192.168.101.117
ip route 172.16.255.0 255.255.255.0 197.246.10.38
ip route 172.17.1.20 255.255.255.255 213.175.183.13
ip route 172.20.1.0 255.255.255.252 192.168.100.1
ip route 172.20.1.21 255.255.255.255 213.175.183.13
ip route 172.31.31.0 255.255.255.248 192.168.101.121
ip route 185.54.96.0 255.255.255.0 185.54.96.254
ip route 185.54.97.0 255.255.255.0 193.227.164.6
ip route 185.54.98.0 255.255.255.0 193.227.164.6
ip route 185.54.99.0 255.255.255.0 193.227.164.6
ip route 192.168.1.0 255.255.255.0 193.227.164.6
ip route 192.168.1.21 255.255.255.255 193.227.163.13
ip route 192.168.1.30 255.255.255.255 193.227.163.13
ip route 192.168.3.0 255.255.255.128 193.227.164.6
ip route 192.168.4.0 255.255.255.0 193.227.164.6
ip route 192.168.6.0 255.255.255.0 193.227.164.6
ip route 192.168.7.0 255.255.255.0 193.227.164.6
ip route 192.168.55.0 255.255.255.0 193.227.164.6
ip route 192.168.58.0 255.255.255.0 193.227.164.6
ip route 192.168.59.0 255.255.255.0 193.227.164.6
ip route 192.168.60.0 255.255.255.0 193.227.164.6
ip route 192.168.147.162 255.255.255.255 192.168.147.69
ip route 192.168.147.166 255.255.255.255 192.168.147.69
ip route 192.168.160.0 255.255.255.0 193.227.164.6
ip route 192.168.160.141 255.255.255.255 192.168.147.69
ip route 192.168.160.142 255.255.255.255 192.168.147.69
ip route 192.168.194.0 255.255.255.0 172.23.1.2
ip route 192.168.204.0 255.255.255.0 193.227.163.13
ip route 192.168.213.0 255.255.255.0 192.168.147.69
ip route 193.188.128.0 255.255.252.0 213.175.187.21
ip route 193.188.128.0 255.255.252.0 172.16.1.17 10
ip route 193.227.164.155 255.255.255.255 GigabitEthernet0/0.1
ip route 193.227.188.128 255.255.255.192 193.227.164.6
ip route 193.227.188.134 255.255.255.255 193.227.188.130
ip route 193.227.189.24 255.255.255.248 193.227.164.6
ip route 194.165.141.59 255.255.255.255 213.175.183.13 10
ip route 194.165.141.61 255.255.255.255 193.227.163.13 10
ip route 198.6.1.5 255.255.255.255 193.227.163.13
ip route 208.67.220.220 255.255.255.255 193.227.164.99
ip route 212.36.211.9 255.255.255.255 213.175.187.21
ip route 212.98.144.210 255.255.255.255 193.227.163.13
ip route 213.175.164.112 255.255.255.248 192.168.100.5
ip route 213.175.173.149 255.255.255.255 213.175.187.21
ip route 213.175.174.0 255.255.255.252 192.168.1.6
ip route 217.26.199.62 255.255.255.255 193.227.163.13
ip tacacs source-interface GigabitEthernet0/0.1
!
ip access-list standard Filter-in
 permit 0.0.0.0
ip access-list standard NO-PREPEND
 permit 185.54.98.0 0.0.0.255
 permit 185.54.99.0 0.0.0.255
ip access-list standard PREPEND
 permit 46.19.192.0 0.0.0.255
 permit 185.54.96.0 0.0.0.255
 permit 185.54.97.0 0.0.0.255
ip access-list standard REDIST-DMVPN
 permit 192.168.3.0 0.0.0.255
 permit 192.168.55.0 0.0.0.255
 permit 192.168.1.0 0.0.0.255
 permit 172.16.6.0 0.0.0.255
 permit 172.16.1.0 0.0.0.255
 permit 192.168.7.0 0.0.0.255
 permit 192.168.4.0 0.0.0.255
 permit 192.168.160.0 0.0.0.255
 permit 192.168.6.0 0.0.0.255
 permit 172.16.160.0 0.0.0.255
ip access-list standard REDIST-DMVPN-VOICE
 permit 192.168.58.0 0.0.0.255
 permit 192.168.59.0 0.0.0.255
 permit 192.168.60.0 0.0.0.255
 permit 172.16.2.0 0.0.0.255
ip access-list standard VTY-ACCESS
 permit 192.168.3.0 0.0.0.255
 permit 46.19.192.0 0.0.0.255
 permit 185.54.96.0 0.0.3.255
!
ip access-list extended AUB
 permit ip 193.227.188.128 0.0.0.63 any
ip access-list extended AXA-VOIP-RTP
 permit udp host 193.227.164.9 host 100.100.100.1 range 16384 32767
ip access-list extended AXA-VOIP-Signaling
 permit tcp host 193.227.164.9 host 100.100.100.1 eq 1720
ip access-list extended BGP-libanosuisse
 permit ip host 46.19.192.20 192.168.213.0 0.0.0.255
 permit ip host 46.19.192.22 192.168.213.0 0.0.0.255
 permit ip host 192.168.1.140 host 192.168.213.1
ip access-list extended CTM-VPN
 permit ip host 172.16.1.114 host 192.168.1.30
 permit ip host 172.16.1.114 host 192.168.1.21
ip access-list extended GDS-AXA
 permit ip 46.19.192.0 0.0.0.255 host 100.100.100.2
 permit ip 46.19.192.0 0.0.0.255 host 100.100.100.3
 permit ip host 192.168.1.140 host 100.100.100.2
 permit ip host 192.168.1.140 host 100.100.100.3
ip access-list extended GDS-BDL
 permit ip host 46.19.192.22 172.31.31.0 0.0.0.7
 permit ip host 192.168.1.140 host 172.31.31.1
ip access-list extended GDS-Offices
 permit ip host 46.19.192.11 host 172.16.17.5
 permit ip host 46.19.192.11 host 172.16.16.3
 permit ip 46.19.192.0 0.0.0.255 10.10.20.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 10.10.20.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 10.10.10.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 10.10.10.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 10.20.10.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 10.20.10.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 10.128.133.64 0.0.0.63
 permit ip 185.54.96.0 0.0.3.255 10.128.133.64 0.0.0.63
 permit ip 46.19.192.0 0.0.0.255 172.16.7.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.7.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.9.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.9.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.10.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.10.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.11.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.11.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.12.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.12.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.13.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.13.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.14.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.14.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.15.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.15.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.16.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.16.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 172.16.17.0 0.0.0.255
 permit ip 185.54.96.0 0.0.3.255 172.16.17.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 10.134.141.64 0.0.0.63
 permit ip 185.54.96.0 0.0.3.255 10.134.141.64 0.0.0.63
ip access-list extended GDS-Offices1
 permit ip 46.19.192.0 0.0.0.255 172.16.5.32 0.0.0.7
 permit ip 185.54.96.0 0.0.3.255 172.16.5.32 0.0.0.7
 permit ip 46.19.192.0 0.0.0.255 172.16.5.40 0.0.0.7
 permit ip 185.54.96.0 0.0.3.255 172.16.5.40 0.0.0.7
ip access-list extended GDS-Offices2
 permit ip 46.19.192.0 0.0.0.255 172.16.5.64 0.0.0.7
 permit ip 185.54.96.0 0.0.3.255 172.16.5.64 0.0.0.7
ip access-list extended GUI
 permit ip host 192.168.1.151 host 192.168.101.130
ip access-list extended IDM-BGP
 permit ip host 46.19.192.100 any
 permit ip 46.19.192.0 0.0.0.255 80.77.185.0 0.0.0.255
 permit ip 46.19.192.0 0.0.0.255 80.79.152.0 0.0.7.255
 permit ip 46.19.192.0 0.0.0.255 93.185.80.0 0.0.15.255
 permit ip 46.19.192.0 0.0.0.255 193.227.160.0 0.0.31.255
 permit ip 46.19.192.0 0.0.3.255 194.126.0.0 0.0.31.255
 permit ip 46.19.192.0 0.0.0.255 194.126.136.0 0.0.7.255
 permit ip 46.19.192.0 0.0.0.255 212.36.192.0 0.0.31.255
 permit ip 46.19.192.0 0.0.0.255 213.175.160.0 0.0.31.255
 permit ip 185.54.96.0 0.0.0.255 80.77.185.0 0.0.0.255
 permit ip 185.54.96.0 0.0.0.255 80.79.152.0 0.0.7.255
 permit ip 185.54.96.0 0.0.3.255 93.185.80.0 0.0.15.255
 permit ip 185.54.96.0 0.0.0.255 193.227.160.0 0.0.31.255
 permit ip 185.54.96.0 0.0.3.255 194.126.0.0 0.0.31.255
 permit ip 185.54.96.0 0.0.0.255 194.126.136.0 0.0.7.255
 permit ip 185.54.96.0 0.0.0.255 212.36.192.0 0.0.31.255
 permit ip 185.54.96.0 0.0.0.255 213.175.160.0 0.0.31.255
 deny   ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
 deny   ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
 deny   ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
 deny   ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
 deny   ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
 deny   ip 193.227.164.0 0.0.0.255 193.227.164.0 0.0.0.255
 deny   ip 193.227.164.0 0.0.0.255 185.54.96.0 0.0.3.255
 deny   ip 193.227.164.0 0.0.0.255 46.19.192.0 0.0.0.255
 deny   ip 193.227.164.0 0.0.0.255 193.227.188.128 0.0.0.63
 deny   ip 193.227.188.128 0.0.0.63 193.227.188.128 0.0.0.63
 deny   ip 193.227.188.128 0.0.0.63 185.54.96.0 0.0.3.255
 deny   ip 193.227.188.128 0.0.0.63 46.19.192.0 0.0.0.255
 deny   ip 193.227.188.128 0.0.0.63 193.227.164.0 0.0.0.255
 permit ip host 46.19.192.25 any
 permit ip host 46.19.192.21 any
ip access-list extended IDM-DLL-GDS
 permit ip host 193.227.164.57 any
ip access-list extended IDM-GDS-PESCO
 deny   ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
 deny   ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
 deny   ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
 deny   ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
 deny   ip 193.227.164.0 0.0.0.255 185.54.96.0 0.0.3.255
 deny   ip 193.227.164.0 0.0.0.255 46.19.192.0 0.0.0.255
 deny   ip 193.227.164.0 0.0.0.255 193.227.164.0 0.0.0.255
 deny   ip 193.227.164.0 0.0.0.255 193.227.188.128 0.0.0.63
 deny   ip 193.227.188.128 0.0.0.63 185.54.96.0 0.0.3.255
 deny   ip 193.227.188.128 0.0.0.63 193.227.188.128 0.0.0.63
 deny   ip 193.227.188.128 0.0.0.63 46.19.192.0 0.0.0.255
 deny   ip 193.227.188.128 0.0.0.63 193.227.164.0 0.0.0.255
 permit ip host 192.168.1.151 172.16.255.0 0.0.0.255
 permit ip 193.227.188.128 0.0.0.63 any
 permit ip 185.54.98.0 0.0.0.255 any
 permit ip 185.54.99.0 0.0.0.255 any
ip access-list extended Inbound
 deny   udp any any eq 1433
 deny   tcp any any eq 1433
 deny   udp any any eq 1434
 deny   tcp any any eq 1434
 deny   udp any any eq 5060
 deny   tcp any any eq 5060
 deny   udp any any eq 5064
 deny   tcp any any eq 5064
 deny   udp any any eq 5080
 deny   tcp any any eq 5080
 permit ip any any
ip access-list extended LIBANOSWISS-SEC
 permit gre host 192.168.147.70 host 192.168.147.162
 permit tcp host 192.168.194.160 host 172.16.58.10 eq 5060
 permit udp host 192.168.194.160 host 172.16.58.10 eq 5060
 permit udp host 192.168.194.160 host 172.16.58.10 range 16384 32767
 permit tcp host 192.168.194.160 host 172.16.58.10 eq 2000
 permit tcp host 192.168.194.160 host 172.16.58.10 eq 1720
 permit tcp host 192.168.194.160 host 172.16.58.11 eq 5060
 permit udp host 192.168.194.160 host 172.16.58.11 eq 5060
 permit udp host 192.168.194.160 host 172.16.58.11 range 16384 32767
 permit tcp host 192.168.194.160 host 172.16.58.11 eq 2000
 permit tcp host 192.168.194.160 host 172.16.58.11 eq 1720
 permit tcp host 192.168.194.161 host 172.16.58.10 eq 5060
 permit udp host 192.168.194.161 host 172.16.58.10 eq 5060
 permit udp host 192.168.194.161 host 172.16.58.10 range 16384 32767
 permit tcp host 192.168.194.161 host 172.16.58.10 eq 2000
 permit tcp host 192.168.194.161 host 172.16.58.10 eq 1720
 permit tcp host 192.168.194.161 host 172.16.58.11 eq 5060
 permit udp host 192.168.194.161 host 172.16.58.11 eq 5060
 permit udp host 192.168.194.161 host 172.16.58.11 range 16384 32767
 permit tcp host 192.168.194.161 host 172.16.58.11 eq 2000
ip access-list extended LL-BPU
 permit ip 193.227.189.24 0.0.0.7 any
ip access-list extended Libano-Suisse-Egypt
 permit ip host 192.168.1.151 host 172.16.255.237
 permit ip host 192.168.1.151 host 172.16.255.245
 permit ip host 192.168.1.151 host 172.16.255.230
ip access-list extended NAT
 deny   ip 172.16.160.0 0.0.0.255 192.168.25.0 0.0.0.255
 deny   ip 172.16.160.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 10.10.20.0 0.0.0.255 any
 permit ip 172.16.160.0 0.0.0.255 any
ip access-list extended SODETEL-BGP
 permit ip 185.54.96.0 0.0.3.255 5.8.128.0 0.0.63.255
 permit ip 185.54.96.0 0.0.3.255 89.108.128.0 0.0.63.255
 permit ip 185.54.96.0 0.0.3.255 93.126.128.0 0.0.127.255
 permit ip 185.54.96.0 0.0.3.255 212.40.128.0 0.0.31.255
 permit ip 185.54.96.0 0.0.3.255 212.101.224.0 0.0.31.255
 deny   ip 185.54.96.0 0.0.3.255 185.54.96.0 0.0.3.255
 deny   ip 185.54.96.0 0.0.3.255 46.19.192.0 0.0.0.255
 deny   ip 185.54.96.0 0.0.3.255 193.227.164.0 0.0.0.255
 deny   ip 185.54.96.0 0.0.3.255 193.227.188.128 0.0.0.63
 deny   ip 46.19.192.0 0.0.0.255 46.19.192.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 185.54.96.0 0.0.3.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.164.0 0.0.0.255
 deny   ip 46.19.192.0 0.0.0.255 193.227.188.128 0.0.0.63
 deny   ip host 46.19.192.250 host 192.168.7.175
 deny   ip host 192.168.1.151 172.16.255.0 0.0.0.255
 permit ip host 193.227.164.251 host 212.101.225.1
 permit ip 46.19.192.0 0.0.0.255 any
 permit ip 185.54.96.0 0.0.0.255 any
 permit ip 185.54.97.0 0.0.0.255 any
ip access-list extended VPN-BDL
 permit ip host 46.19.192.22 host 172.31.31.3
 permit ip host 193.227.164.5 host 172.31.31.3
 permit ip host 193.227.164.17 host 172.31.31.3
 permit ip host 193.227.164.16 host 172.31.31.3
 permit tcp host 192.168.1.105 host 172.31.31.6 eq 1521
ip access-list extended VPN-ITC
 permit ip 172.16.1.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 172.16.6.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 172.16.160.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.4.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.6.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.58.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 172.16.1.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 172.16.6.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 172.16.160.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.4.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.6.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 192.168.58.0 0.0.0.255 192.168.24.0 0.0.0.255
 permit ip 172.16.1.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 172.16.6.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 172.16.160.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.4.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.6.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.58.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 172.16.1.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 172.16.6.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 172.16.160.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.4.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.6.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 192.168.26.0 0.0.0.255
 permit ip 192.168.58.0 0.0.0.255 192.168.26.0 0.0.0.255
ip access-list extended VPN-LIBANOSUISSE
 permit gre host 192.168.147.70 host 192.168.147.162
ip access-list extended VPN-NICE
 permit ip 192.168.1.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.67.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.3.0 0.0.0.255 192.168.67.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.55.0 0.0.0.255 192.168.67.0 0.0.0.255
 permit ip 192.168.4.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.6.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.7.0 0.0.0.255 192.168.65.0 0.0.0.255
 permit ip 192.168.58.0 0.0.0.255 192.168.65.0 0.0.0.255
ip access-list extended bankmed-vpn
 permit ip 172.16.1.0 0.0.0.255 192.168.204.0 0.0.0.255
!
ip sla 1
 icmp-echo 4.2.2.2 source-interface Serial0/2/1
 frequency 20
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 8.8.4.4 source-interface Serial0/2/1
 frequency 20
ip sla schedule 2 life forever start-time now
ip sla 3
 icmp-echo 198.6.1.5 source-interface GigabitEthernet0/2
 frequency 20
ip sla schedule 3 life forever start-time now
ip sla 4
 icmp-echo 8.8.8.8 source-interface GigabitEthernet0/2
 frequency 20
ip sla schedule 4 life forever start-time now
ip sla 10
 icmp-echo 4.2.2.3 source-interface GigabitEthernet0/1
 frequency 30
ip sla schedule 10 life forever start-time now
ip sla 11
 icmp-echo 4.2.2.4 source-interface GigabitEthernet0/1
 frequency 30
ip sla schedule 11 life forever start-time now
ip sla 12
 icmp-echo 4.69.143.238 source-interface GigabitEthernet0/1
 frequency 30
ip sla schedule 12 life forever start-time now
ip sla 20
 icmp-echo 4.2.2.5 source-interface Loopback20
 frequency 30
ip sla schedule 20 life forever start-time now
ip sla 21
 icmp-echo 4.2.2.6 source-interface Loopback20
 frequency 30
ip sla schedule 21 life forever start-time now
ip sla 22
 icmp-echo 208.67.220.220 source-interface Loopback20
 frequency 30
ip sla schedule 22 life forever start-time now
!
map-class frame-relay VOIPFR-AXA
 frame-relay cir 128000
 frame-relay bc 1280
 frame-relay be 0
 frame-relay mincir 128000
 service-policy output VOICE-POLICY
!
map-class frame-relay VOIPFR-IPT
 frame-relay cir 1024000
 frame-relay bc 10240
 frame-relay be 0
 frame-relay mincir 1024000
!
map-class frame-relay VOIPFR-BLF
 frame-relay cir 128000
 frame-relay bc 1280
 frame-relay be 0
 frame-relay mincir 128000
!
map-class frame-relay VOIPFR-HDF
 frame-relay cir 128000
 frame-relay bc 1280
 frame-relay be 0
 frame-relay mincir 128000
!
map-class frame-relay VOIPFR-AUB
 frame-relay cir 512000
 frame-relay bc 5120
 frame-relay be 0
 frame-relay mincir 512000
!
map-class frame-relay Mednet
 frame-relay cir 256000
 frame-relay bc 256000
 frame-relay mincir 256000
 frame-relay traffic-rate 256000 256000
!
map-class frame-relay VOIPFR-Bankers
 frame-relay cir 128000
 frame-relay bc 1280
 frame-relay be 0
 frame-relay mincir 128000
access-list 100 permit ip 193.227.188.128 0.0.0.63 any
access-list 140 permit ip host 192.168.1.41 host 172.20.1.21
access-list 140 permit ip host 192.168.1.41 host 172.17.1.20
access-list 197 permit ip any host 193.227.188.133
access-list 197 deny   ip any any
access-list 198 permit ip host 192.168.3.3 host 192.168.25.69
access-list 198 permit ip host 192.168.3.3 host 192.168.25.111
access-list 199 permit ip any host 193.227.164.251
access-list 199 permit ip any host 193.227.164.250
access-list 199 permit ip any 46.19.192.248 0.0.0.7
access-list 199 permit ip 46.19.192.248 0.0.0.7 any
access-list 199 permit ip any host 46.19.192.27
access-list 199 permit ip host 46.19.192.27 any
access-list 199 permit ip host 46.19.192.100 any
access-list 199 permit ip any host 46.19.192.100
access-list 199 permit ip any 185.54.97.248 0.0.0.7
access-list 199 permit ip 185.54.97.248 0.0.0.7 any
!

route-map redist-static-backup permit 10
 match ip address REDIST-DMVPN-BACKUP
!
route-map GLOBEMED permit 10
 match ip address PREPEND
 set as-path prepend 51938 51938 51938 51938 51938 51938 51938 51938
!
route-map GLOBEMED permit 20
 match ip address NO-PREPEND
!
route-map Internet-in permit 10
 match ip address Filter-in
!
route-map redist-static permit 10
 match ip address REDIST-DMVPN
!
route-map ISA permit 2
 match ip address GDS-AXA
 set ip default next-hop 192.168.100.2
!
route-map ISA permit 3
 match ip address GDS-BDL
 set ip default next-hop 192.168.101.121
!
route-map ISA permit 4
 match ip address GDS-Offices2
 set ip default next-hop 172.16.4.14
!         
route-map ISA permit 5
 match ip address GDS-Offices1
 set ip default next-hop 172.16.4.10
!
route-map ISA permit 6
 match ip address GDS-Offices
 set ip default next-hop 192.168.101.117
!
route-map ISA permit 7
 match ip address BGP-libanosuisse
 set ip default next-hop 192.168.147.69
!
route-map ISA permit 8
 match ip address IDM-DLL-GDS
 set ip next-hop verify-availability 213.175.183.13 1 track 100
 set ip next-hop verify-availability 213.175.187.21 2 track 200
 set ip next-hop 193.227.163.13
!
route-map ISA permit 9
 match ip address IDM-GDS-PESCO
 set ip next-hop verify-availability 213.175.187.21 1 track 200
 set ip next-hop verify-availability 193.227.163.13 2 track 101
 set ip next-hop 193.227.163.13 213.175.183.13
!
route-map ISA permit 10
 match ip address IDM-BGP
 set ip next-hop verify-availability 213.175.187.21 1 track 200
 set ip next-hop 193.227.164.99
!
route-map ISA permit 11
 match ip address SODETEL-BGP
 set ip next-hop verify-availability 193.227.164.99 1 track 300
 set ip next-hop 213.175.187.21
!
route-map ISA permit 30
 match ip address AUB
 set ip next-hop 193.227.163.13
!
route-map ISA permit 40
 match ip address LL-BPU
 set ip default next-hop 192.168.129.93
!
route-map redist-static-voice permit 10
 match ip address REDIST-DMVPN-VOICE
!
control-plane


.....

--------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------------

SPOKE:

--------------

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
!
crypto isakmp policy 5
 encr 3des
 hash md5
 authentication pre-share

crypto isakmp key ************* address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-ts esp-3des esp-md5-hmac
crypto ipsec transform-set VPN-ts-2 esp-3des esp-sha-hmac
crypto ipsec transform-set VPN-GIC esp-3des esp-md5-hmac
crypto ipsec transform-set HO-TS esp-3des esp-md5-hmac
crypto ipsec transform-set TS-AES256-SHA esp-aes 256 esp-sha-hmac
!
crypto ipsec profile WAN
 set transform-set HO-TS
!
!
crypto map MednetKSA local-address GigabitEthernet0/1
crypto map MednetKSA 20 ipsec-isakmp
 set peer 5.42.225.78
 set transform-set TS-AES256-SHA
 match address VPN-ITC
crypto map MednetKSA 30 ipsec-isakmp
 set peer 46.235.90.122
 set transform-set VPN-ts
 match address VPN-Jeddah
crypto map MednetKSA 40 ipsec-isakmp
 set peer 46.235.92.26
 set transform-set VPN-ts
 match address VPN-damam
crypto map MednetKSA 50 ipsec-isakmp
 set peer 91.140.224.1
 set transform-set VPN-GIC
 match address VPNTOGIC
!
archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
!
!
ip ssh time-out 60
ip ssh version 2
!
class-map match-all COPP-CM-TTL-0/1
 match access-group name ACL-MATCH-TTL-0/1
class-map type port-filter match-any pf-class
 match  closed-ports
!
!
policy-map type port-filter pf-policy
 class pf-class
   drop
policy-map COPP-PM
 class COPP-CM-TTL-0/1
   drop
!
!
interface Tunnel0
 description DUAL HUB DMVPN CLOUD FOR DATA TRAFFIC
 ip address 172.16.18.2 255.255.255.0
 no ip redirects
 ip nhrp authentication medvpn
 ip nhrp map multicast dynamic
 ip nhrp map multicast 193.227.163.14
 ip nhrp map 172.16.18.1 193.227.163.14
 ip nhrp network-id 90
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.18.1
 ip tcp adjust-mss 1240
 load-interval 30
 keepalive 10 3
 tunnel source 84.235.53.209
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel protection ipsec profile WAN
!
interface Tunnel1
 description DUAL HUB DMVPN CLOUD FOR VOICE TRAFFIC
 ip address 172.16.19.2 255.255.255.0
 no ip redirects
 ip nhrp authentication medvpn
 ip nhrp map multicast dynamic
 ip nhrp map multicast 213.175.183.14
 ip nhrp map 172.16.19.1 213.175.183.14
 ip nhrp network-id 90
 ip nhrp holdtime 300
 ip nhrp nhs 172.16.19.1
 ip tcp adjust-mss 1240
 load-interval 30
 keepalive 10 3
 tunnel source 84.235.53.233
 tunnel mode gre multipoint
 tunnel key 100001
 tunnel protection ipsec profile WAN
!
interface GigabitEthernet0/0
 description Connected to ISP
 ip address 84.235.54.41 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 rate-limit input access-group 197 2048000 24000 48000 conform-action transmit exceed-action drop
 rate-limit output access-group 197 1024000 12000 24000 conform-action transmit exceed-action drop
 load-interval 30
 duplex auto
 speed auto
 crypto map MednetKSA
!
interface GigabitEthernet0/1
 description Connected to ASAs
 ip address 84.235.53.233 255.255.255.248 secondary
 ip address 84.235.53.234 255.255.255.248 secondary
 ip address 84.235.53.209 255.255.255.240
 ip access-group Inside-IN in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1250
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet0/3/0
 description Connected to WiMax_Connection
!
interface FastEthernet0/3/1
!
interface FastEthernet0/3/2
!
interface FastEthernet0/3/3
!
interface Integrated-Service-Engine1/0
 ip address 192.168.28.1 255.255.255.0
 service-module ip address 192.168.28.2 255.255.255.0
 service-module ip default-gateway 192.168.28.1
 no keepalive
!
interface Vlan1
 description Connected to WiMax_Connection
 ip address 84.235.39.121 255.255.255.248
 crypto map MednetKSA
!
router eigrp 10
 redistribute static route-map redist-static
 network 172.16.18.0 0.0.0.255
 network 192.168.28.0
 no auto-summary
!
router eigrp 11
 redistribute static route-map redist-static-voice
 network 172.16.19.0 0.0.0.255
 no auto-summary
!
router bgp 64513
 no synchronization
 bgp log-neighbor-changes
 network 84.235.53.208 mask 255.255.255.240
 network 84.235.53.232 mask 255.255.255.248
 timers bgp 10 20 20
 neighbor 84.235.39.126 remote-as 25019
 neighbor 84.235.39.126 ebgp-multihop 255
 neighbor 84.235.39.126 soft-reconfiguration inbound
 neighbor 84.235.39.126 prefix-list BGP-FILTER-IN in
 neighbor 84.235.39.126 route-map AS-Prepend out
 neighbor 84.235.54.46 remote-as 25019
 neighbor 84.235.54.46 ebgp-multihop 255
 neighbor 84.235.54.46 soft-reconfiguration inbound
 neighbor 84.235.54.46 weight 110
 neighbor 84.235.54.46 prefix-list BGP-FILTER-IN in
 neighbor 84.235.54.46 route-map BGP-FILTER-OUT-1 out
 maximum-paths 2
 no auto-summary
!
ip forward-protocol nd
ip route 4.2.2.2 255.255.255.255 84.235.54.46
ip route 172.16.1.0 255.255.255.0 172.16.18.1
ip route 172.16.6.0 255.255.255.0 172.16.18.1
ip route 172.16.160.0 255.255.255.0 172.16.18.1
ip route 192.168.1.0 255.255.255.0 172.16.18.1
ip route 192.168.3.0 255.255.255.0 172.16.18.1
ip route 192.168.4.0 255.255.255.0 172.16.18.1
ip route 192.168.7.0 255.255.255.0 172.16.18.1
ip route 192.168.9.0 255.255.255.0 84.235.53.220
ip route 192.168.9.0 255.255.255.0 84.235.53.221 10
ip route 192.168.9.34 255.255.255.255 84.235.53.221
ip route 192.168.10.0 255.255.255.0 84.235.53.220
ip route 192.168.10.0 255.255.255.0 84.235.53.221 20
ip route 192.168.58.0 255.255.255.0 172.16.19.1
ip route 192.168.59.0 255.255.255.0 172.16.19.1
ip route 192.168.60.0 255.255.255.0 172.16.19.1
ip route 198.6.1.5 255.255.255.255 84.235.54.46
!
ip access-list standard REDIST-DMVPN
 permit 192.168.9.0 0.0.0.255
ip access-list standard REDIST-DMVPN-BACKUP
 permit 192.168.9.0 0.0.0.255
 permit 192.168.10.0 0.0.0.255
ip access-list standard REDIST-DMVPN-VOICE
 permit 192.168.10.0 0.0.0.255
!
ip access-list extended ACL-MATCH-TTL-0/1
 permit ip any any ttl eq 0
 permit ip any any ttl eq 1
ip access-list extended Anti-Spoofing
 deny   udp any any range 135 netbios-ss
 deny   tcp any any range 135 139
 deny   tcp any any eq 445
 deny   udp any range 135 netbios-ss any
 deny   tcp any range 135 139 any
 deny   tcp any eq 445 any
 deny   icmp any any redirect log
 deny   icmp any any mask-request log
 deny   ip host 0.0.0.0 any log
 deny   ip 127.0.0.0 0.255.255.255 any log
 deny   ip 224.0.0.0 31.255.255.255 any log
 deny   ip host 255.255.255.255 any log
 permit ip any any
ip access-list extended Inside-IN
 permit ip 84.235.53.208 0.0.0.15 any
 permit ip 192.168.9.0 0.0.0.255 any
 permit ip 192.168.10.0 0.0.0.255 any
 permit ip 84.235.53.224 0.0.0.15 any
ip access-list extended REDIST-VPN
ip access-list extended VPN-ITC
 permit ip 192.168.9.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 192.168.25.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 172.16.25.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
ip access-list extended VPN-Jeddah
 permit ip host 172.16.25.69 192.168.12.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 192.168.12.0 0.0.0.255
 permit ip 192.168.9.0 0.0.0.255 host 192.168.12.33
 permit ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 host 192.168.12.33
 permit ip host 192.168.9.20 host 192.168.12.33
ip access-list extended VPN-damam
 permit ip 192.168.9.0 0.0.0.255 192.168.15.0 0.0.0.255
 permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
ip access-list extended VPNTOGIC
 permit ip host 192.168.25.100 host 172.17.1.250
ip access-list extended VTY-Access
 permit ip 84.235.53.208 0.0.0.15 any
 permit ip 193.227.164.0 0.0.0.255 any
 permit ip host 192.168.9.18 any
 permit ip 46.19.192.0 0.0.0.255 any
 permit ip 193.227.188.128 0.0.0.63 any
 permit ip 185.54.96.0 0.0.3.255 any
!
!
ip prefix-list BGP-FILTER-IN seq 5 permit 0.0.0.0/0
!
ip prefix-list BGP-FILTER-OUT seq 5 permit 84.235.53.208/28
ip prefix-list BGP-FILTER-OUT seq 10 permit 84.235.53.232/29
access-list 197 permit ip any host 84.235.53.216
access-list 197 permit ip host 84.235.53.216 any
access-list 197 permit ip host 84.235.53.218 any
access-list 197 permit ip any host 84.235.53.218
!
!
route-map BGP-FILTER-OUT-1 permit 10
 match ip address prefix-list BGP-FILTER-OUT
!
route-map redist-static permit 10
 match ip address REDIST-DMVPN
!
route-map AS-Prepend permit 10
 set as-path prepend 64513 64513 64513 64513 64513
!
route-map redist-static-voice permit 10
 match ip address REDIST-DMVPN-VOICE

control-plane cef-exception
 service-policy input COPP-PM
!

Community Member

Dear Rick,Please find below

Dear Rick,

Please find below the output of "ping 224.0.0.10" from the spoke:

KSA-RTR#p 224.0.0.10

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.0.0.10, timeout is 2 seconds:
Reply to request 0 from 172.16.19.1, 184 ms
Reply to request 0 from 172.16.18.1, 184 ms

Regards,

Allen Jreitiny

Can you post a config from

Can you post a config from the spoke as well?

  • Does the EIGRP adjacency flap constantly? You may have transport issues (i.e. link at the spoke, Internet pathing, etc)? Are you seeing high packet loss at the spoke side?
  • Do you have any neighbor statement on the spoke? Have you changed any EIGRP values ( timers, K-values, etc)? 
  • What do your logs say on the HUB side? On the Spoke side? Specifically, can you tell the reason why the EIGRP adjacency dropped with your spoke? Can you post "show log | in DUAL" for both hub and spoke?

 Joe

 

Community Member

Hi Joseph,From the Hub side,

Hi Joseph,

From the Hub side, i can see the neighbor but not from the Spoke side.

HUB#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(10)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
5   172.16.18.2             Tu0                      12 00:00:56    1  5000  1  0

EIGRP-IPv4 Neighbors for AS(11)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   172.16.19.2             Tu1                      12 00:01:17    1  5000  1  0

------------------------------------------------------------------------------------------------------

Spoke#sh ip eigrp neighbors
IP-EIGRP neighbors for process 10
IP-EIGRP neighbors for process 11

------------------------------------------------------------------------------------------------------------

No Packet loss from the spoke side.

No EIGRP values changes.

No Logs for EIGRP

------------------------------------------------------------------------------------------------------------

157
Views
0
Helpful
5
Replies
CreatePlease to create content