I have 5 subnets:
172.29.10.x/24 in the U.S.
192.168.100.x/24 in the U.S.
I would like to eliminate the 192.x.x.x subnet as it is mostly redundant,
machines multihomed.
172.29.20.x/24 in Mexico
172.29.30.x/24 in Europe
172.29.40.x/24 in Mexico
Europe office has a 1720 router and E1 connection.
U.S. has 2621 and a T1 connection
Europe needs to pull email and files from servers in U.S., but connection is
terribly, terribly slow. At present I have them VPN out to the internet and
into our VPN that way. Would like them to VPN or direct connect directly
through internal subnets. Once that is fixed the learning experience should
allow me to tweak the Mexico routes.
The Europe "sh int" is as follows:
sh int
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0004.dd0b.dcbf (bia 0004.dd0b.dcbf)
Description: connected to Internet
Internet address is 217.117.229.138/29
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10BaseT
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
778610 packets input, 355003767 bytes, 0 no buffer
Received 2967 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
676292 packets output, 134749411 bytes, 0 underruns(0/0/0)
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
--More-- ��������� ��������� 0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
--More-- ��������� ���������FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0002.1761.7d8a (bia 0002.1761.7d8a)
Description: connected to EthernetLAN_1
Internet address is 172.29.30.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
683511 packets input, 104715200 bytes
Received 10511 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
800932 packets output, 317811070 bytes, 0 underruns(63/415/0)
165 output errors, 478 collisions, 0 interface resets
--More-- ��������� ��������� 0 babbles, 0 late collision, 0
deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
sc-ams-rtr-01>enable
Password:
sc-ams-rtr-01#sh config
Using 2357 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
!
hostname sc-ams-rtr-01
!
no logging buffered
no logging buffered
logging rate-limit console 10 except errors
enable password
!
memory-size iomem 25
clock timezone MET 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip finger
ip name-server 217.117.224.93
ip name-server 217.117.224.94
!
--More-- ��������� ���������ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key address x.171.120.11
!
!
crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac
no crypto engine accelerator
!
crypto map cm-cryptomap local-address Ethernet0
crypto map cm-cryptomap 1 ipsec-isakmp
set peer x.171.120.11
set transform-set cm-transformset-1
match address 100
!
!
!
!
interface Ethernet0
--More-- ��������� ��������� description connected to Internet
ip address xxxx 255.255.255.248
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map cm-cryptomap
!
interface FastEthernet0
description connected to EthernetLAN_1
ip address 172.29.30.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
router rip
version 2
passive-interface Ethernet0
network 172.29.0.0
no auto-summary
!
ip nat inside source list 101 interface Ethernet0 overload
--More-- ��������� ���������ip kerberos source-interface any
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 217.117.229.137
ip route 172.29.10.0 255.255.255.0 FastEthernet0
ip route 172.29.40.0 255.255.255.0 192.168.100.15
no ip http server
!
access-list 100 permit ip 172.29.30.0 0.0.0.255 x.172.228.128 0.0.0.31
access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny ip 172.29.30.0 0.0.0.255 x.172.228.128 0.0.0.31
access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 172.29.30.0 0.0.0.255 any
snmp-server community public RO
snmp-server community seatingconcepts RW
snmp-server location Seating Concepts Europe - Amsterdam
snmp-server contact Donald Blache,(619) 491-3159,[EMAIL PROTECTED]
!
line con 0
exec-timeout 0 0
password
login
transport input none
--More-- ��������� ���������line aux 0
line vty 0 4
password
login
!
end
sc-ams-rtr-01#exit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And U.S. "sh int" reads:
sh int
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0004.9aeb.2de0 (bia 0004.9aeb.2de0)
Description: connected to San Diego Outside
Internet address is 172.29.10.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 63 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
117165 packets input, 50107021 bytes
Received 33595 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
1327380 packets output, 130290345 bytes, 0 underruns(1695/6859/1)
1 output errors, 8555 collisions, 0 interface resets
--More-- ��������� ��������� 0 babbles, 0 late collision, 10529
deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
--More-- ��������� ���������Serial0/0 is up, line protocol is up
Hardware is PQUICC with Fractional T1 CSU/DSU
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 9/255
Encapsulation FRAME-RELAY, loopback not set
Keepalive set (10 sec)
LMI enq sent 15594, LMI stat recvd 15594, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
Broadcast queue 0/x, broadcasts sent/dropped 1283/0, interface broadcasts 0
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters 1d19h
Input queue: 0/75/53/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/x/0 (size/max total/threshold/drops)
Conversations 0/23/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 59000 bits/sec, 9 packets/sec
5 minute output rate 8000 bits/sec, 9 packets/sec
1624224 packets input, 924301436 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
--More-- ��������� ��������� 1553019 packets output, 4294x975
bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
--More-- ��������� ���������Serial0/0.1 is up, line protocol is up
Hardware is PQUICC with Fractional T1 CSU/DSU
Description: connected to Internet
Internet address is x.171.120.11/24
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 9/255
Encapsulation FRAME-RELAY
--More-- ��������� ���������FastEthernet0/1 is up, line protocol is
up
Hardware is AmdFE, address is 0004.9aeb.2de1 (bia 0004.9aeb.2de1)
Description: connected to EthernetLAN_2
Internet address is 192.168.100.15/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 28922 drops
5 minute input rate 19000 bits/sec, 18 packets/sec
5 minute output rate 66000 bits/sec, 13 packets/sec
3905841 packets input, 701737605 bytes
Received 32908 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2627268 packets output, 1085237736 bytes, 0 underruns(2945/12317/4)
5 output errors, 15266 collisions, 1 interface resets
--More-- ��������� ��������� 0 babbles, 1 late collision, 17414
deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
--More-- ��������� ���������Serial0/1 is up, line protocol is up
Hardware is PQUICC with Fractional T1 CSU/DSU
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY IETF, loopback not set
Keepalive set (10 sec)
LMI enq sent 15595, LMI stat recvd 15595, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 0 LMI type is ANSI Annex D frame relay DTE
Broadcast queue 0/x, broadcasts sent/dropped 1283/0, interface broadcasts 0
Last input 00:00:06, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 280635 drops; input queue 0/75, 0 drops
5 minute input rate 4000 bits/sec, 6 packets/sec
5 minute output rate 5000 bits/sec, 6 packets/sec
2404410 packets input, 246875390 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2204436 packets output, 220903749 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
--More-- ��������� ��������� DCD=up DSR=up DTR=up RTS=up
CTS=up
--More-- ��������� ���������Serial0/1.474 is up, line protocol is up
Hardware is PQUICC with Fractional T1 CSU/DSU
Description: Frame-Relay Connection to II-NAU-RTR-01 DLC 474
Interface is unnumbered. Using address of FastEthernet0/1 (192.168.100.15)
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY IETF
SC-SAN-RTR-01>wh co� �� �� �� �� �sh config
^
% Invalid input detected at '^' marker.
SC-SAN-RTR-01>enable
Password:
SC-SAN-RTR-01#sh config
Using 3589 out of 29688 bytes
!
version 12.1
no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SC-SAN-RTR-01
!
logging buffered 4096 informational
logging rate-limit console 10 except errors
enable password 7 04480A085D731E1B01180B141D0807
!
ip subnet-zero
!
!
no ip finger
no ip domain-lookup
ip name-server 207.67.236.5
ip name-server 207.67.247.4
--More-- ��������� ���������!
no ip bootp server
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key 2225Hanc0cK address 217.117.229.138
!
!
crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac
!
crypto map cm-cryptomap local-address Serial0/0.1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 217.117.229.138
set transform-set cm-transformset-1
match address 100
!
call rsvp-sync
!
!
--More-- ��������� ���������!
!
!
!
!
!
interface FastEthernet0/0
description connected to San Diego Outside
ip address 172.29.10.1 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip policy route-map nonat
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip redirects
no ip unreachables
encapsulation frame-relay
no ip route-cache
no ip mroute-cache
--More-- ��������� ��������� service-module t1 remote-alarm-enable
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description connected to Internet
ip address x.171.120.11 255.255.255.0
no ip redirects
no ip unreachables
ip nat outside
no ip route-cache
no ip mroute-cache
no arp frame-relay
frame-relay interface-dlci 16
crypto map cm-cryptomap
!
interface FastEthernet0/1
description connected to EthernetLAN_2
ip address 192.168.100.15 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip policy route-map nonat
duplex auto
--More-- ��������� ��������� speed auto
!
interface Serial0/1
no ip address
no ip redirects
no ip unreachables
encapsulation frame-relay IETF
no ip route-cache
no ip mroute-cache
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type ansi
!
interface Serial0/1.474 point-to-point
description Frame-Relay Connection to II-NAU-RTR-01 DLC 474
ip unnumbered FastEthernet0/1
no ip redirects
no ip unreachables
no ip route-cache
no ip mroute-cache
no arp frame-relay
frame-relay interface-dlci 474
!
--More-- ��������� ���������ip nat pool SCISANRTR001-natpool-1
x.172.228.155 x.172.228.158 netmask 255.255.255.224
ip nat inside source list 101 pool SCISANRTR001-natpool-1 overload
ip nat inside source static 172.29.20.20 x.172.228.133
ip nat inside source static 192.168.100.135 x.172.228.135
ip nat inside source static 192.168.100.20 x.172.228.132
ip nat inside source static 172.29.10.20 x.172.228.154
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0.1
ip route 172.29.20.0 255.255.255.0 Serial0/1.474
ip route 172.29.40.0 255.255.255.0 Serial0/1.474
no ip http server
ip http port 7850
!
logging history size 250
logging history errors
logging facility syslog
access-list 100 permit ip x.172.228.128 0.0.0.31 172.29.30.0 0.0.0.255
access-list 100 permit ip 192.168.100.0 0.0.0.255 172.29.30.0 0.0.0.255
access-list 101 deny ip 192.168.100.0 0.0.0.255 172.29.30.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 172.29.10.0 0.0.0.255 any
no cdp run
--More-- ��������� ���������route-map nonat permit 10
!
snmp-server engineID local 00000009020000049AEB2DE0
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
password 7 131612131F050A2D
login
transport input none
line aux 0
line vty 0 4
password 7 0100070A0959545A294D400A16061C
login
!
scheduler allocate 4000 1000
end
SC-SAN-RTR-01#exit
�
User Access Verification
Password:
Password: �sh int
Ethernet0 is up, line protocol is up
Hardware is PQUICC Ethernet, address is 0004.dd0b.dcbf (bia 0004.dd0b.dcbf)
Description: connected to Internet
Internet address is 217.117.229.138/29
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10BaseT
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
778456 packets input, 354983929 bytes, 0 no buffer
Received 2965 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
676132 packets output, 134722874 bytes, 0 underruns(0/0/0)
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
--More-- ��������� ��������� 0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
--More-- ��������� ���������FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0002.1761.7d8a (bia 0002.1761.7d8a)
Description: connected to EthernetLAN_1
Internet address is 172.29.30.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output 00:00:00, output hang never
Last clearing of "show interface" counters 1d19h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
683419 packets input, 104705037 bytes
Received 10509 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
800825 packets output, 317801376 bytes, 0 underruns(63/415/0)
165 output errors, 478 collisions, 0 interface resets
--More-- ��������� ��������� 0 babbles, 0 late collision, 0
deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
sc-ams-rtr-01>enable
Password:
sc-ams-rtr-01#sh config
Using 2357 out of 29688 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
!
hostname sc-ams-rtr-01
!
no logging buffered
no logging buffered
logging rate-limit console 10 except errors
enable password tea4two
!
memory-size iomem 25
clock timezone MET 1
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip finger
ip name-server 217.117.224.93
ip name-server 217.117.224.94
!
--More-- ��������� ���������ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key 2225Hanc0cK address x.171.120.11
!
!
crypto ipsec transform-set cm-transformset-1 esp-des esp-md5-hmac
no crypto engine accelerator
!
crypto map cm-cryptomap local-address Ethernet0
crypto map cm-cryptomap 1 ipsec-isakmp
set peer x.171.120.11
set transform-set cm-transformset-1
match address 100
!
!
!
!
interface Ethernet0
--More-- ��������� ��������� description connected to Internet
ip address 217.117.229.138 255.255.255.248
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map cm-cryptomap
!
interface FastEthernet0
description connected to EthernetLAN_1
ip address 172.29.30.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
router rip
version 2
passive-interface Ethernet0
network 172.29.0.0
no auto-summary
!
ip nat inside source list 101 interface Ethernet0 overload
--More-- ��������� ���������ip kerberos source-interface any
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 217.117.229.137
ip route 172.29.10.0 255.255.255.0 FastEthernet0
ip route 172.29.40.0 255.255.255.0 192.168.100.15
no ip http server
!
access-list 100 permit ip 172.29.30.0 0.0.0.255 x.172.228.128 0.0.0.31
access-list 100 permit ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 deny ip 172.29.30.0 0.0.0.255 x.172.228.128 0.0.0.31
access-list 101 deny ip 172.29.30.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 172.29.30.0 0.0.0.255 any
snmp-server community public RO
snmp-server community seatingconcepts RW
snmp-server location Seating Concepts Europe - Amsterdam
snmp-server contact Donald Blache,(619) 491-3159,[EMAIL PROTECTED]
!
line con 0
exec-timeout 0 0
password tea4two
login
transport input none
--More-- ��������� ���������line aux 0
line vty 0 4
password tea4two
login
!
end
sc-ams-rtr-01#
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54386&t=54268
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
