Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RPC fails through 881 Point to point Tunnel for VEEAM

Hi I have inherited 2 881's

We are setting up a Veeam server to Replicate a Hyper-V host.

When I try and add the remote hyper-v server through the P2P VPN VEEAM comes back with an error. "Unable to connect via WMI".

WMI is enabled on the target server firewalls are down and AV software removed. If I'm in the same subnet the WMI works. It feels like the VPN is blocking WMI.

Everything else seems to be working through the P2P VPN.

Thanks

Traffic is initiated through device 1

 

 

 

881 Device 1 Config

 

class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all sdm-nat-https-1
 match access-group 102
 match protocol https
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-http-1
  inspect
 class type inspect sdm-nat-https-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect CCP-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect ccp-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class class-default
  drop
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 216.x.x.x255.255.255.240
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.10.11.1 255.255.255.0
 ip access-group 130 in
 ip access-group 130 out
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
ip local pool SDM_POOL_1 10.10.21.10 10.10.21.80
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.123.165.1 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 10.10.11.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.11.5 9091 interface FastEthernet4 9091
ip nat inside source static tcp 10.10.11.9 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.11.9 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
 remark CCP_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark CCP_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark CCP_ACL Category=1
 permit ip any any
!
no logging trap
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.21.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 216.123.165.0 0.0.0.15 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 10.10.11.5
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.11.9
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 10.10.11.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny   ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 106 deny   ip 10.10.11.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 106 permit ip 10.10.11.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 remark CCP_ACL Category=16
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.11.0 0.0.0.255 any
access-list 120 permit ip 10.10.21.0 0.0.0.255 any
access-list 130 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 130 permit ip any any
no cdp run

!
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 106
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CC
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 transport input telnet ssh
!
scheduler max-task-time 5000
end

CarePathBackupRouter#

 

881 Device 2 Config

 service-policy type inspect sdm-policy-sdm-cls--1
zone-pair security sdm-zp-sll-zone-in-zone source ssl-zone destination in-zone
 service-policy type inspect sdm-pol-ssl-vpn-traffic
zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
 service-policy type inspect sdm-policy-sdm-cls--2
!
!
!
interface Loopback0
 ip address 10.10.50.1 255.255.255.0
!
interface FastEthernet0
 switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 216.x.x.x255.255.255.248
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Virtual-Template5
 ip unnumbered FastEthernet4
 zone-member security ssl-zone
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $FW_DMZ$
 ip address 10.10.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security dmz-zone
!
ip local pool SDM_POOL_1 10.10.50.2 10.10.50.30
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 10.10.10.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.20.100 80 interface FastEthernet4 80
ip nat inside source list 120 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.20.100 443 interface FastEthernet4 443
ip nat inside source static tcp 10.10.10.5 9091 216.x.x.x9091 extendable
!
ip access-list extended DMZOutbound
 remark CCP_ACL Category=128
 permit ip host 10.10.20.4 any
 permit ip host 10.10.20.5 any
ip access-list extended LANtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.4
 permit ip any host 10.10.20.100
ip access-list extended SDM_4
 remark CCP_ACL Category=4
 remark IPSec Rule
 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended SDM_AH
 remark CCP_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark CCP_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark CCP_ACL Category=1
 permit ip any any
ip access-list extended VPNZtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.4
ip access-list extended VPNtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
ip access-list extended WANtoOWA
 remark CCP_ACL Category=128
 permit ip any host 10.10.10.5
ip access-list extended WebsiteViewer
 remark CCP_ACL Category=128
 permit ip host 10.10.20.5 any
 permit ip host 10.10.20.4 any
ip access-list extended dmz-traffic
 remark CCP_ACL Category=1
 permit ip any host 10.10.20.1
 permit ip any host 10.10.20.2
 permit ip any host 10.10.20.3
 permit ip any host 10.10.20.4
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.6
 permit ip any host 10.10.20.7
 permit ip any host 10.10.20.8
 permit ip any host 10.10.20.9
 permit ip any host 10.10.20.10
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 23 permit 10.10.50.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 permit ip 207.164.203.24 0.0.0.7 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit tcp any host 192.168.1.111 eq smtp
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.20.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.20.100
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip host 10.10.10.0 any
access-list 105 permit ip host 10.10.20.0 any
access-list 105 permit ip host 10.10.50.0 any
access-list 120 deny   ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 deny   ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 deny   ip 10.10.20.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.20.0 0.0.0.255 any
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 150 permit tcp any any eq 8081
access-list 190 permit ip any host 10.10.10.7
access-list 190 permit ip host 10.10.10.7 any
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^CCCCCCCCCC
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CCCCCCCCCC
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn gateway gateway_1
 ip address 216.x.x.xport 8081
 ssl trustpoint TP-self-signed-3840840377
 inservice
 !
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
 !
webvpn install csd flash:/webvpn/sdesktop.pkg
 !
webvpn context WebVPN
 title "CarePath WebVPN"
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 !
 url-list "CarePath"
   heading "CarePath Websites"
   url-text "CPNet" url-value "http://10.10.10.100/CPnet/"
   url-text "CarePath External Website" url-value "http://www.carepath.ca"
   url-text "Navigator" url-value "http://10.10.10.103"
 !
 !
 policy group policy_1
   url-list "CarePath"
   functions svc-enabled
   svc address-pool "SDM_POOL_1"
   svc msie-proxy option auto
   svc split include 10.10.0.0 255.255.0.0
   svc dns-server primary 10.10.10.5
 virtual-template 5
 default-group-policy policy_1
 aaa authentication list ciscocp_vpn_xauth_ml_2
 gateway gateway_1
 max-users 20
 inservice
!
end

CarePathRouterB#

 

 

3 REPLIES

You're missing the top half

You're missing the top half of your device 2 configuration. Device 1's settings look clear and should pass everything from the in zone to the ezvpn zone and vice-versa, but there's not enough information to see what's going on on device 2. Can you edit the original post and include the full configuration?

New Member

Ok I think I messed up.Here's

Ok I think I messed up.

Here's the configs again.

Device 1

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.10.08 11:11:23 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...

Current configuration : 14737 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CarePathBackupRouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 10000
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
 --More--         aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-3598019594
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3598019594
 revocation-check none
 rsakeypair TP-self-signed-3598019594
!
!
crypto pki certificate chain TP-self-signed-3598019594
 certificate self-signed 01
  3082025D 308201C6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353938 30313935 3934301E 170D3132 30333038 32333235
  30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35393830
  31393539 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B290 42576863 0D990847 52965EB6 37067C00 38E8AFDC A2A4352C 5DD36F7A
 --More--           2F5CA25C B586E580 00E7F634 2437B446 DEF48F61 DA8D307C 47157F18 ED555E11
  D7AEEF72 6C6CE291 1506D9E3 EF32D956 2E7677D6 710B370E 5A8E5115 33A92F11
  44562D62 1452435C 3723126B E279C9DE 217077CF 1320D7C2 CF1BE495 1351B500
  7B210203 010001A3 81843081 81300F06 03551D13 0101FF04 05300301 01FF302E
  0603551D 11042730 25822343 61726550 61746842 61636B75 70526F75 7465722E
  796F7572 646F6D61 696E2E63 6F6D301F 0603551D 23041830 1680142D A4BC83A1
  785F6C73 DD8A98F1 8CBFACB1 D1287530 1D060355 1D0E0416 04142DA4 BC83A178
  5F6C73DD 8A98F18C BFACB1D1 2875300D 06092A86 4886F70D 01010405 00038181
  00B02915 B9C40F05 DC7DE975 67982D89 6C781413 5C2F0F3A 76CEEFD1 45DE776D
  6D2B875F 0109EBBA E106BD35 CAE1F188 4D038977 E8FC77AC E8E1FC8A 14C88C3F
  8CE98F32 69C1C7A8 E9C6394D 8A285A40 701115EC FBBB092D 23B13FA5 977D82EA
  E5090F60 DC0B3480 96BDC5BB C1393AB0 5C135C70 6DA3926E 233E0824 982F6010 FF
      quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip port-map user-protocol--1 port tcp 9091
 --More--         ip inspect log drop-pkt
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
vtp mode transparent
username vinadmin privilege 15 secret 5 $1$fDR/$CNiqlhaGh1/86.yaksu9J1
username bannayar secret 5 $1$WQH0$lqEvJa6vyCgG8P6ZCKFV30
username kabaines secret 5 $1$qghZ$KIzZ4AvLHuxpxdT8lPXu00
username ecousineau secret 5 $1$0vGF$/hFzdgUsjNy4KhQbBEJXX1
username ddepetrillo secret 5 $1$J.Z.$r2Hvj0wy65KdU2DB8RybI.
username dfulogsi secret 5 $1$mBGJ$pOTWXESj5IrNoHcp4a6Dg1
username whryniuk secret 5 $1$aiXM$V7Ivp7w9WGPfp7ZvNUuxw.
username lhryniuk secret 5 $1$ZMWh$q1TcQiQCnOcOc3386C60./
username dthomson secret 5 $1$oSuN$9iRmSxMzpFiJZ7J./DXwN/
username smoore secret 5 $1$DRy7$yYXbtjMqP6eNVNWf82qit1
username wpowell secret 5 $1$gK57$oUtnIg6xk6tV8xofNCWZj.
username pcarter secret 5 $1$FNOP$kwi.OJx9PTQqYRFFc3Lw11
username mferguson secret 5 $1$JAkk$yZ8gLDfpLjhoBUY2xiKGt0
username kmcdonald secret 5 $1$e6zr$WxiKO0Aqee2mUb3GtcOwK1
username drorovan secret 5 $1$q/bp$qpIgTq2zo3CUZtsMKYB9d/
 --More--         username jragaz secret 5 $1$3xZ7$Cvg8Er8k5khygwd.Dg/Xh1
username pmajor secret 5 $1$u7up$X0HemguPY9Ng1vKxcAz.81
username borovan secret 5 $1$4Lje$BYGyz2EhCxE.FVql5tddA0
username jgowing secret 5 $1$YAsY$36ioJChe4Se786FyVOwZO/
username GGarcia secret 5 $1$9QO0$qEaHekjre5tWLc4HNnLhd/
username rbergeron secret 5 $1$8oB6$yk3IoBFJo/ndzRCoQTGPQ1
username rsimpson secret 5 $1$dnSM$KOiCXCpX6jgv/Z/WLt/qM0
username kgodbout secret 5 $1$xDkJ$OoOKh8KtQDy4h2CsnGl1V/
username amcgowan secret 5 $1$e9fw$xByQdweSgJKomCoa42Xhd.
username mstevelic secret 5 $1$dM72$u3W/r5o.WIULnYZMVLx.00
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key CarePathPSKJ0k1r address 63.250.109.214 255.255.255.248
!
crypto isakmp client configuration group VPNGroup
 key Pa$$w0rd
 dns 10.10.11.5
 domain carepath.local
 pool SDM_POOL_1
 --More--          acl 103
 max-users 70
crypto isakmp profile ciscocp-ike-profile-1
   match identity group VPNGroup
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel to Carepath HO
 set peer 63.250.109.214
 --More--          set transform-set ESP-3DES-SHA1
 match address 107
!
archive
 log config
  hidekeys
!
!
vlan 2-3,10,20
!
vlan 30
 name Internal
!
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 105
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 108
class-map type inspect match-all sdm-nat-http-1
 match access-group 102
 match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 101
 --More--          match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
 match access-group 101
 match protocol smtp
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any CCP-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 --More--          match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 --More--          match protocol udp
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all sdm-nat-https-1
 match access-group 102
 match protocol https
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-http-1
 --More--           inspect
 class type inspect sdm-nat-https-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class type inspect CCP-Voice-permit
  inspect
 class class-default
  pass
policy-map type inspect ccp-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 --More--          class class-default
  drop
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
 --More--         zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
!
!
!
interface Loopback0
 no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 216.123.165.9 255.255.255.240
 --More--          ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
 crypto ipsec df-bit clear
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.10.11.1 255.255.255.0
 ip access-group 130 in
 ip access-group 130 out
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
 --More--         !
ip local pool SDM_POOL_1 10.10.21.10 10.10.21.80
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.123.165.1 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 10.10.11.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.11.5 9091 interface FastEthernet4 9091
ip nat inside source static tcp 10.10.11.9 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.11.9 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
ip access-list extended SDM_AH
 remark CCP_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark CCP_ACL Category=1
 permit esp any any
 --More--         ip access-list extended SDM_IP
 remark CCP_ACL Category=1
 permit ip any any
!
no logging trap
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.21.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 216.123.165.0 0.0.0.15 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 10.10.11.5
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.11.9
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 10.10.11.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 105 remark CCP_ACL Category=0
 --More--         access-list 105 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny   ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 106 deny   ip 10.10.11.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 106 permit ip 10.10.11.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 remark CCP_ACL Category=16
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.11.0 0.0.0.255 any
access-list 120 permit ip 10.10.21.0 0.0.0.255 any
access-list 130 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 130 permit ip any any
no cdp run

!
!
!
 --More--         !
route-map SDM_RMAP_1 permit 1
 match ip address 106
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
 --More--         Replace <myuser> and <mypassword> with the username and password you
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^CC
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
 
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
 --More--         NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
 
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 transport input telnet ssh
!
scheduler max-task-time 5000
end

CarePathBackupRouter#             

 

Device 2

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.10.08 11:05:59 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...

Current configuration : 29587 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c880data-universalk9-mz.124-24.5.T.bin
boot-end-marker
!
security passwords min-length 1
logging buffered 4096
enable secret 5 $1$tRc6$Pk3N1aDAx4E2rAYAJ90mH1
!
aaa new-model
!
!
aaa authentication login default local
 --More--         aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3840840377
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3840840377
 revocation-check none
 rsakeypair TP-self-signed-3840840377
!
!
crypto pki certificate chain TP-self-signed-3840840377
 certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383430 38343033 3737301E 170D3134 30393132 31303431
  34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
 --More--           4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38343038
  34303337 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E66E C34A4C46 E413B794 5FB510D3 A306C684 9ED25F03 4B850571 D8E7561B
  F66A4AA7 AE9E606C B440A785 3CE4A763 1C1A52FF 112D4CB9 CB755AA5 479F1508
  775EED5D EEE09429 6D62FA24 C2B053F8 B8A09A91 3B5EAD10 9B7E2B0A 5AA92137
  13DF18C1 4616B18C FD3662C1 A2813A66 2484E2B5 C56B607A 92E21E0F BD0D54CB
  01930203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
  551D1104 19301782 15526F75 7465722E 63617265 70617468 2E6C6F63 616C301F
  0603551D 23041830 168014D4 3B765BFE CE03F36B 9714FB7D 1E31015E 9B5D2830
  1D060355 1D0E0416 0414D43B 765BFECE 03F36B97 14FB7D1E 31015E9B 5D28300D
  06092A86 4886F70D 01010405 00038181 0081DE27 6994F293 40268BED F231747F
  A0FB4FE6 BAD884C8 D9395782 35FD0450 57E74E6E E8E3575E 8F08FC1D 2916A16D
  5DDBA88C 1299FF6C D7293908 DE3CFF1E 29B1BC43 48D68718 51ED7651 E032E50C
  B6DC8607 56D2E957 46DDC00F BF5B81AC 9AA2CB21 1E566639 10E207E3 21CB0127
  61C16AF4 CB1B5AEE 3559D0B2 3AC9603B E5
      quit
ip source-route
!
!
ip dhcp excluded-address 10.10.20.1 10.10.20.10
ip dhcp excluded-address 10.10.10.1 10.10.10.19
ip dhcp excluded-address 10.10.10.91 10.10.10.254
!
 --More--         ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 10.10.10.5
   lease 0 2
!
ip dhcp pool sdm-pool1
   network 10.10.20.0 255.255.255.0
   default-router 10.10.20.1
!
!
no ip cef
ip domain name carepath.local
ip name-server 10.10.10.5
no ipv6 cef
!
!
multilink bundle-name authenticated
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com
 --More--         
parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 --More--          server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com

!
!
username forrestja secret 5 $1$0M.C$jSf2s6jBJc.BhOHEQz6Z7/
username Mckyedo secret 5 $1$.oVV$osTs3rwN6PDW1r1ratB/Y/
username kabaines secret 5 $1$05fS$aQmBAn5OPzemwHISAcjA91
username ecousineau secret 5 $1$chbt$y8i/cTvlKaoi7M6IK9XQz0
username danidepetrillo secret 5 $1$ClAB$cL.ISVieN3dtuXKYboyiO/
username ddepetrillo secret 5 $1$/8z2$zo9yhdXX0injN5sR.o.gc.
username dfulogsi secret 5 $1$7kTK$48wgcGO5ne4/p069y6hNX.
username whryniuk secret 5 $1$4K6u$hQkC7ZproSeYzXuF6C9z61
username lhryniuk secret 5 $1$XHHt$MFNNStOiC6dgfY93laFrU1
username amcgowan secret 5 $1$40Fm$O5QuPgLtQU0uq.9KbxW0M1
username dthomson secret 5 $1$CAZB$VF0qQbZ/zECKv3QfIDhuD.
username cshirley secret 5 $1$A395$0hL0DnNysybt51exyXWrN1
username smoore secret 5 $1$YFq4$j7UTBgdbQMikKGyDhAPCP.
username jzemaitis secret 5 $1$KiOv$Y22d.91YFkVaDcHc9JfL90
 --More--         username wpowell secret 5 $1$ECmG$dQvMWSXWQqPSM/SWMm6Ja0
username vinadmin privilege 15 secret 5 $1$XJMD$kQLDFx1u5IKBNqtMtg4dL0
username Admin secret 5 $1$O3rB$H003Fl.KI7vNzSxRpsB5t.
username shirleyco secret 5 $1$aTod$A91adrDfFQrKx31aAe3/z0
username mferguson secret 5 $1$XISU$UjnnmGN22rzIf7xnX0CEc.
username kmcdonald secret 5 $1$cv4K$uuotKYnegG6.y4R7YRiyW1
username mstevelic secret 5 $1$.isq$wi/HGo0IkZWmoBY..QEeD/
username drorovan secret 5 $1$L799$Sz04d/XVM/g5Y62z5W.1/0
username jragaz secret 5 $1$hmK5$z/tvrdohCMiEprCW9p9Yq.
username pmajor secret 5 $1$CxxE$9hgS21SbVhVdOmUaRdvgs/
username borovan secret 5 $1$fsw9$ZIIUltJ9Cc7nBpmuswIDs.
username leedo secret 5 $1$xnMk$6IQf2FzK1L5QMgjfRx8.h.
username jgowing secret 5 $1$EVEP$YjxyE5Lw.hcivE.JqbH0Y/
username royst secret 5 $1$/wbP$W3daZVjU3bYAtR9x01nEh.
username rbergeron secret 5 $1$EeAx$ipFbCd0SwjTLUB/8pCMxR0
username rsimpson secret 5 $1$cvh6$0MVp4eSyhij0NCX6NUDGK1
username ssaraydarian secret 5 $1$YJV7$v14qULB7TFYsTEVcvyC8o.
username Leeke secret 5 $1$IH5i$.yJJW7mKF.sD7DIr53AXc0
username hooman secret 5 $1$eJ3J$OKcje0Q.K5o.IOJJ.it0D1
username cmills secret 5 $1$QH8Z$QZqY8kJEvpp/WBQIAl7yn0
username bannayar secret 5 $1$erc7$EhY2OUL2okAuJw6.VFwvW.
username alstiburek secret 5 $1$5FSX$5RJb1h0NBYyH6q93aXT3U.
username pcarter secret 5 $1$dVJI$EnovCDfEe3SakN15Q9kkW.
 --More--         username dlinardos password 0 zckNW80240*
username janarthans view root secret 5 $1$A5c8$x/d03.bT3e29fTJ2Iunt/1
username palmerb view root secret 5 $1$MlTf$szxQvyRJBzRnofARAWP0z0
username lrobichaud privilege 0 secret 5 $1$nztN$hieW9P/XYakZ8aDxvc/hc/
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key CarePathPSKJ0k1r address 216.x.x.x
!
crypto isakmp client configuration group VPNGroup
 key Pa$$w0rd
 dns 10.10.10.5
 domain Carepath.local
 pool SDM_POOL_1
 acl 100
 --More--          max-users 28
 netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
   match identity group VPNGroup
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
 set transform-set ESP-3DES-SHA
 set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Apply the crypto map on the peer router's interface having IP address 216.x.x.x that connects to this router.
 set peer 216.x.x.x
 set transform-set ESP-3DES-SHA1
 --More--          match address SDM_4
!
archive
 log config
  hidekeys
!
!
ip ftp username cisco
ip ftp password <removed>
!
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
 match access-group 107
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
 match access-group 109
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
 match access-group 108
class-map type inspect imap match-any ccp-app-imap
 match  invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
 match protocol edonkey signature
 match protocol gnutella signature
 match protocol kazaa2 signature
 match protocol fasttrack signature
 --More--          match protocol bittorrent signature
class-map type inspect match-all sdm-nat-http-1
 match access-group 103
 match protocol http
class-map type inspect match-any https
 match protocol https
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
 match class-map https
 match access-group name WANtoOWA
class-map type inspect match-all sdm-nat-http-2
 match access-group 104
 match protocol http
class-map type inspect match-all sdm-nat-smtp-1
 match access-group 102
 match protocol tcp
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect match-any CCP-Voice-permit
 match protocol h323
 match protocol skinny
 match protocol sip
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
 --More--         class-map type inspect match-any SDM_VPN_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
 match access-group 106
 match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any http
 match protocol dns
 match protocol http
 match protocol https
 match protocol icmp
 match protocol smtp
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 --More--          match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all sdm-cls--2
 match class-map http
 match access-group name DMZOutbound
class-map type inspect match-all sdm-cls--1
 match access-group name VPNZtoDMZ
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect gnutella match-any ccp-app-gnutella
 match  file-transfer
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 --More--          match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
 match  service any
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
 match  service any
class-map type inspect match-all ipsec-class
 match protocol isakmp
 match protocol ipsec-msft
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
 match protocol ymsgr yahoo-servers
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
 match  service any
 --More--         class-map type inspect match-all webvpn-8081
 match access-group 150
class-map type inspect match-all ccp-protocol-pop3
 match protocol pop3
class-map type inspect match-any sdm-ssl-vpn-traffic
 match access-group 121
class-map type inspect pop3 match-any ccp-app-pop3
 match  invalid-command
class-map type inspect kazaa2 match-any ccp-app-kazaa2
 match  file-transfer
class-map type inspect match-all ccp-protocol-p2p
 match class-map ccp-cls-protocol-p2p
class-map type inspect msnmsgr match-any ccp-app-msn
 match  service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
 match  service text-chat
class-map type inspect match-any WebsiteViewer
 match protocol smtp
 match protocol https
 match protocol http
 match protocol ftp
class-map type inspect match-all ccp-protocol-im
 match class-map ccp-cls-protocol-im
 --More--         class-map type inspect match-all ccp-invalid-src
 match access-group 101
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect http match-any ccp-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 --More--          match  request method options
 match  request method poll
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect match-any ccp-dmz-protocols
 match protocol http
class-map type inspect edonkey match-any ccp-app-edonkey
 match  file-transfer
 --More--          match  text-chat
 match  search-file-name
class-map type inspect http match-any ccp-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  req-resp protocol-violation
class-map type inspect match-all ccp-dmz-traffic
 match access-group name dmz-traffic
 match class-map ccp-dmz-protocols
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-2
 match access-group name VPNtoDMZ
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-3
 match class-map WebsiteViewer
 match access-group name WebsiteViewer
class-map type inspect edonkey match-any ccp-app-edonkeydownload
 match  file-transfer
class-map type inspect match-all ccp-protocol-imap
 match protocol imap
class-map type inspect aol match-any ccp-app-aol
 match  service text-chat
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-1
 match access-group name LANtoDMZ
class-map type inspect edonkey match-any ccp-app-edonkeychat
 --More--          match  search-file-name
 match  text-chat
class-map type inspect http match-any ccp-http-allowparam
 match  request port-misuse tunneling
class-map type inspect match-all ccp-protocol-http
 match protocol http
class-map type inspect fasttrack match-any ccp-app-fasttrack
 match  file-transfer
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class class-default
 --More--           drop
policy-map type inspect p2p ccp-action-app-p2p
 class type inspect edonkey ccp-app-edonkeychat
  log
  allow
 class type inspect edonkey ccp-app-edonkeydownload
  log
  allow
 class type inspect fasttrack ccp-app-fasttrack
  log
  allow
 class type inspect gnutella ccp-app-gnutella
  log
  allow
 class type inspect kazaa2 ccp-app-kazaa2
  log
  allow
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
  inspect
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-http-1
 --More--           inspect
 class type inspect sdm-nat-http-2
  inspect
 class type inspect sdm-ssl-vpn-traffic
  inspect
 class type inspect ccp-icmp-access
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class class-default
  drop
policy-map type inspect im ccp-action-app-im
 class type inspect aol ccp-app-aol
  log
  allow
 class type inspect msnmsgr ccp-app-msn
  log
  allow
 class type inspect ymsgr ccp-app-yahoo
 --More--           log
  allow
 class type inspect aol ccp-app-aol-otherservices
  log
  reset
 class type inspect msnmsgr ccp-app-msn-otherservices
  log
  reset
 class type inspect ymsgr ccp-app-yahoo-otherservices
  log
  reset
policy-map type inspect imap ccp-action-imap
 class type inspect imap ccp-app-imap
  log
policy-map type inspect pop3 ccp-action-pop3
 class type inspect pop3 ccp-app-pop3
  log
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-protocol-imap
 --More--           inspect
  service-policy imap ccp-action-imap
 class type inspect ccp-protocol-pop3
  inspect
  service-policy pop3 ccp-action-pop3
 class type inspect ccp-protocol-p2p
  inspect
  service-policy p2p ccp-action-app-p2p
 class type inspect ccp-protocol-im
  inspect
  service-policy im ccp-action-app-im
 class type inspect ccp-insp-traffic
  inspect
 class class-default
  drop
policy-map type inspect http ccp-action-app-http
 class type inspect http ccp-http-blockparam
  log
  allow
 class type inspect http ccp-app-httpmethods
  log
  reset
 class type inspect http ccp-http-allowparam
 --More--           log
  allow
policy-map type inspect ccp-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class class-default
  drop
policy-map type inspect sdm-policy-sdm-cls--1
 class type inspect sdm-cls--1
  inspect
 class class-default
  drop
policy-map type inspect sdm-pol-Out-to-Self
 class type inspect SDM_VPN_PT
  pass
 class type inspect webvpn-8081
 class type inspect SDM_EASY_VPN_SERVER_TRAFFIC
  pass
 class class-default
  drop
policy-map type inspect sdm-pol-ssl-vpn-traffic
 class type inspect sdm-ssl-vpn-traffic
  inspect
 --More--          class class-default
  drop
policy-map type inspect sdm-policy-sdm-cls--2
 class type inspect sdm-cls--2
  inspect
 class class-default
  drop
policy-map type inspect ccp-permit-dmzservice
 class type inspect sdm-cls-ccp-permit-dmzservice-3
  inspect
 class type inspect sdm-cls-ccp-permit-dmzservice-2
  inspect
 class type inspect sdm-cls-ccp-permit-dmzservice-1
  inspect
 class type inspect ccp-dmz-traffic
  inspect
 class type inspect CCP-Voice-permit
  inspect
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-http-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-1
 --More--           inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class class-default
  pass
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class type inspect sdm-cls-VPNOutsideToInside-1
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-2
  inspect
 class type inspect sdm-cls-VPNOutsideToInside-3
  inspect
 class class-default
  drop log
!
zone security dmz-zone
zone security out-zone
zone security in-zone
zone security ezvpn-zone
 --More--         zone security ssl-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
 service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
 service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect sdm-pol-Out-to-Self
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-zone-dmz-zone source ezvpn-zone destination dmz-zone
 --More--          service-policy type inspect sdm-policy-sdm-cls--1
zone-pair security sdm-zp-sll-zone-in-zone source ssl-zone destination in-zone
 service-policy type inspect sdm-pol-ssl-vpn-traffic
zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
 service-policy type inspect sdm-policy-sdm-cls--2
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination ssl-zone
 service-policy type inspect sdm-pol-VPNOutsideToInside-1
!
!
!
interface Loopback0
 ip address 10.10.50.1 255.255.255.0
!
interface FastEthernet0
 switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
 --More--         interface FastEthernet4
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 63.250.109.214 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
!
interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet4
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CiscoCP_Profile1
!
interface Virtual-Template5
 ip unnumbered FastEthernet4
 zone-member security ssl-zone
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 --More--          ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
interface Vlan2
 description $FW_DMZ$
 ip address 10.10.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security dmz-zone
!
ip local pool SDM_POOL_1 10.10.50.2 10.10.50.30
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 63.250.109.209
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 10.10.10.5 25 interface FastEthernet4 25
 --More--         ip nat inside source static tcp 10.10.20.100 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.20.100 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.5 9091 63.250.109.214 9091 extendable
!
ip access-list extended DMZOutbound
 remark CCP_ACL Category=128
 permit ip host 10.10.20.4 any
 permit ip host 10.10.20.5 any
ip access-list extended LANtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.4
 permit ip any host 10.10.20.100
ip access-list extended SDM_4
 remark CCP_ACL Category=4
 remark IPSec Rule
 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended SDM_AH
 remark CCP_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark CCP_ACL Category=1
 --More--          permit esp any any
ip access-list extended SDM_IP
 remark CCP_ACL Category=1
 permit ip any any
ip access-list extended VPNZtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.4
ip access-list extended VPNtoDMZ
 remark CCP_ACL Category=128
 permit ip any host 10.10.20.5
ip access-list extended WANtoOWA
 remark CCP_ACL Category=128
 permit ip any host 10.10.10.5
ip access-list extended WebsiteViewer
 remark CCP_ACL Category=128
 permit ip host 10.10.20.5 any
 permit ip host 10.10.20.4 any
ip access-list extended dmz-traffic
 remark CCP_ACL Category=1
 permit ip any host 10.10.20.1
 permit ip any host 10.10.20.2
 permit ip any host 10.10.20.3
 --More--          permit ip any host 10.10.20.4
 permit ip any host 10.10.20.5
 permit ip any host 10.10.20.6
 permit ip any host 10.10.20.7
 permit ip any host 10.10.20.8
 permit ip any host 10.10.20.9
 permit ip any host 10.10.20.10
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 23 permit 10.10.50.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
 --More--         access-list 101 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 permit ip 207.164.203.24 0.0.0.7 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit tcp any host 192.168.1.111 eq smtp
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.20.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.20.100
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip host 10.10.10.0 any
access-list 105 permit ip host 10.10.20.0 any
access-list 105 permit ip host 10.10.50.0 any
access-list 106 remark CCP_ACL Category=128
access-list 106 permit ip host 216.x.x.x any
access-list 107 remark CCP_ACL Category=0
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 109 remark CCP_ACL Category=0
access-list 109 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 120 remark CCP_ACL Category=18
access-list 120 deny   ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 deny   ip 10.10.20.0 0.0.0.255 10.10.50.0 0.0.0.255
 --More--         access-list 120 deny   ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 permit ip 10.10.20.0 0.0.0.255 any
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 150 permit tcp any any eq 8081
access-list 190 permit ip any host 10.10.10.7
access-list 190 permit ip host 10.10.10.7 any
no cdp run

!
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 120
!
!
control-plane
!
banner exec ^CCCCCCCCCCCCC


 --More--         

 


% Password expiration warning.

 

 

 

-----------------------------------------------------------------------

 

 

 

 

 --More--         

 

 

Cisco Configuration Professional (Cisco CP) is installed on this device

 

 

 

and it provides the default username "cisco" for  one-time use. If you have

 

 

 

already used the username "cisco" to login to the router and your IOS image
 --More--         

 

 


supports the "one-time" user option, then this username has already expired.

 

 

 

You will not be able to login to the router with this username after you exit

 

 

 

 --More--         this session.

 

 

 

 

 

 

 

It is strongly suggested that you create a new username with a privilege level

 

 


 --More--         
of 15 using the following command.

 

 

 

 

 

 

 

username <myuser> privilege 15 secret 0 <mypassword>

 

 

 --More--         

 

 

 

 

Replace <myuser> and <mypassword> with the username and password you

 

 

 

want to use.

 


 --More--         


 

 

 

 

-----------------------------------------------------------------------

 

 

 

^C
banner login ^CCCCCCCCCCCCC


 --More--         

 


-----------------------------------------------------------------------

 

 

 

Cisco Configuration Professional (Cisco CP) is installed on this device.

 

 

 

This feature requires the one-time use of the username "cisco" with the

 --More--         

 

 

password "cisco". These default credentials have a privilege level of 15.

 

 

 

 

 

 

 

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  
 --More--         

 

 


PUBLICLY-KNOWN CREDENTIALS

 

 

 

 

 

 

 

 --More--         Here are the Cisco IOS commands.

 

 

 

 

 

 

 

username <myuser>  privilege 15 secret 0 <mypassword>

 

 


 --More--         
no username cisco

 

 

 

 

 

 

 

Replace <myuser> and <mypassword> with the username and password you want

 

 

 --More--         

to use.

 

 

 

 

 

 

 

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL

 


 --More--         


NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

 

 

 

 

 

 

 

For more information about Cisco CP please follow the instructions in the

 

 --More--         

 

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp

 

 

 

-----------------------------------------------------------------------

 

 

 

^C
!
line con 0
 --More--          no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn gateway gateway_1
 ip address 216.x.x.x port 8081  
 ssl trustpoint TP-self-signed-3840840377
 inservice
 !
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
 !
webvpn install csd flash:/webvpn/sdesktop.pkg
 !
webvpn context WebVPN
 title "CarePath WebVPN"
 secondary-color white
 title-color #669999
 text-color black
 ssl authenticate verify all
 --More--          !
 url-list "CarePath"
   heading "CarePath Websites"
   url-text "CPNet" url-value "http://10.10.10.100/CPnet/"
   url-text "CarePath External Website" url-value "http://www.carepath.ca"
   url-text "Navigator" url-value "http://10.10.10.103"
 !
 !
 policy group policy_1
   url-list "CarePath"
   functions svc-enabled
   svc address-pool "SDM_POOL_1"
   svc msie-proxy option auto
   svc split include 10.10.0.0 255.255.0.0
   svc dns-server primary 10.10.10.5
 virtual-template 5
 default-group-policy policy_1
 aaa authentication list ciscocp_vpn_xauth_ml_2
 gateway gateway_1
 max-users 20
 inservice
!
end
 --More--         
Router#  

 

Assuming that the two

Assuming that the two endpoints are in the "in-zone" of your routers (correct me if I'm wrong on that), there's nothing in the firewall rules that would be restricting any kind of IPv4 traffic at all, so I don't believe it's the firewall blocking anything.

Depending on the packet sizes (which are usually large for backup/replication traffic) traversing the network, you may have an MTU issue in play. Try making the following changes on both ends and see if that clears things up.

interface Virtual-Template1 type tunnel
 mtu 1400
 ip tcp adjust-mss 1360

You'll need to reset the VPN connections for the settings to take effect.

If this doesn't help, we can investigate further.

116
Views
0
Helpful
3
Replies