here is the config that doesn't work. all is fine with an ACL of
access-list 132 per icmp any any, the ipx eigrp router see each other, but
as soon as i change the access list to the one below the eigrp adjacency is
lost and so is all ipx connectivity.
what the...????
r3#
r3#wr t
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
hostname r3
!
no logging console
!
username all
ip subnet-zero
no ip domain-lookup
ip domain-name CISCO.COM
appletalk routing eigrp 3
ipx routing 0003.0003.0003
vines routing 300A94D4:0001
!
!
crypto isakmp policy 100
hash md5
authentication pre-share
crypto isakmp key cisco address 135.7.1.5
!
!
crypto ipsec transform-set TRANSFORM esp-des
mode transport
!
!
crypto map CRYPTO2 100 ipsec-isakmp
set peer 135.7.1.5
set transform-set TRANSFORM
match address 132
clock timezone CST -6
clock summer-time CDT recurring
!
!
!
interface Tunnel100
no ip address
no ip directed-broadcast
ipx network 1000
tunnel source Serial0
tunnel destination 135.7.1.5
!
interface Ethernet0
ip address 135.7.2.3 255.255.255.0
no ip directed-broadcast
ip ospf interface-retry 0
ip ospf priority 200
appletalk cable-range 300-300 300.3
appletalk zone r3r4r7ether
appletalk protocol eigrp
no appletalk protocol rtmp
ipx network 300
vines metric 2
vines serverless
!
interface Serial0
ip address 135.7.1.3 255.255.255.0
no ip directed-broadcast
encapsulation frame-relay
no ip route-cache
ip ospf network broadcast
ip ospf interface-retry 0
no ip mroute-cache
frame-relay map ip 135.7.1.1 305 broadcast
frame-relay map ip 135.7.1.5 305 broadcast
no frame-relay inverse-arp
frame-relay lmi-type ansi
crypto map CRYPTO2
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
network 135.7.1.0 0.0.0.255 area 0
network 135.7.2.0 0.0.0.255 area 1
!
ip classless
!
access-list 131 permit ip any 135.7.0.0 0.0.255.255 log
access-list 132 permit gre any any
access-list 133 deny gre any any
access-list 133 permit ip any any
access-list 601 deny nbp 1 type Network
access-list 601 deny other-nbps
access-list 601 deny other-access
!
!
!
ipx router eigrp 1
network all
!
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end
r3#
r1#5
[Resuming connection 5 to r5 ... ]
r5#w rt
where rt
^
% Invalid input detected at '^' marker.
r5#wr t
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug datetime
service timestamps log datetime
no service password-encryption
!
hostname r5
!
no logging console
!
username cisco password 0 cisco
username cisco autocommand access-enable timeout 1
ip subnet-zero
no ip domain-lookup
ip domain-name CISCO.COM
ipx routing 0005.0005.0005
!
!
crypto isakmp policy 100
hash md5
authentication pre-share
crypto isakmp key cisco address 135.7.1.3
!
!
crypto ipsec transform-set TRANSFORM esp-des
mode transport
!
!
crypto map CRYPTO 10 ipsec-isakmp
set peer 135.7.1.3
set transform-set TRANSFORM
match address 132
clock timezone CST -6
clock summer-time CDT recurring
!
!
!
interface Loopback100
no ip address
no ip directed-broadcast
ipx network 10
!
interface Tunnel100
no ip address
no ip directed-broadcast
ipx network 1000
tunnel source Serial0.1
tunnel destination 135.7.1.3
!
interface Ethernet0
ip address 135.7.5.5 255.255.255.0
no ip directed-broadcast
ip ospf interface-retry 0
no keepalive
!
interface Serial0
no ip address
no ip directed-broadcast
encapsulation frame-relay
no ip route-cache
no ip mroute-cache
no fair-queue
no frame-relay inverse-arp
!
interface Serial0.1 multipoint
ip address 135.7.1.5 255.255.255.0
no ip directed-broadcast
no ip route-cache
ip ospf network broadcast
ip ospf interface-retry 0
ip ospf priority 200
no ip mroute-cache
frame-relay map ip 135.7.1.1 501 broadcast
frame-relay map ip 135.7.1.3 503 broadcast
crypto map CRYPTO
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
router ospf 1
network 135.7.1.0 0.0.0.255 area 0
network 135.7.5.0 0.0.0.255 area 5
!
ip classless
!
access-list 100 dynamic test permit tcp host 135.7.1.1 host 135.7.1.5 eq
telnet
access-list 100 permit tcp any host 135.7.1.5 eq telnet
access-list 100 permit ip any any
access-list 101 dynamic ping permit icmp host 135.7.1.1 host 135.7.5.5 log
access-list 101 deny icmp host 135.7.1.1 host 135.7.5.5 log
access-list 101 permit ip any any
access-list 132 permit gre any any
access-list 133 deny gre any any
access-list 133 permit ip any any
!
!
!
ipx router eigrp 1
network 1000
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
transport input none
line aux 0
line vty 0 4
login local
!
end
r5#
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
