Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
0
Helpful
4
Replies

Cisco VPN Traffic issues

Kenshaki2017
Level 1
Level 1

‎03-26-2020 10:17 AM

Please i need assistance passing traffic over a VPN tunnel. I am using a Cisco CSR 1000V router. The phase 1 is confirmed to be up but traffic is not passing through. Please see below the config:

crypto map MTech 80 ipsec-isakmp
description VPN TUNNEL TO NITROSWITCH ON 154.113.18.190
set peer 154.113.18.190
set security-association lifetime seconds 86400
set transform-set TRANSFORM3
match address NITROSWITCH


crypto isakmp key Mt3cHP$n!tr0nG address 154.113.18.190

ip access-list extended NITROSWITCH
permit ip host 51.1.212.39 host 154.113.18.187
permit ip host 51.1.212.39 host 154.113.18.188
permit ip host 51.1.212.39 host 154.113.18.189
permit ip host 51.1.212.39 10.4.150.0 0.0.0.31

 

Thank you in anticipation.

 

Labels:
0 Helpful
4 Replies 4

Cristian Matei
VIP Alumni
VIP Alumni

‎03-26-2020 11:28 AM

Hi,

 

    Is both Phase1 and Phase2 up? Generate interesting traffic in order to match the ACL used to define the encryption domain, and afterwards issue "show crypto isakmp sa", "show crypto ipsec sa".

 

Regards,

Cristian Matei.

0 Helpful

Kenshaki2017
Level 1
Level 1
In response to Cristian Matei

‎03-26-2020 11:45 AM

 Thanks for the response. Please find below details of show crypto isakmp sa" and  "show crypto ipsec sa
 
MTech-Cloud-Rtr1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
196.46.244.244  10.0.0.5        QM_IDLE           1012 ACTIVE
10.0.0.5        41.190.1.25     QM_IDLE           1009 ACTIVE
10.0.0.5        196.46.244.193  QM_IDLE           1013 ACTIVE
10.0.0.5        41.220.79.242   QM_IDLE           1004 ACTIVE
 
for the particular tunnel: find below details for show crypto ipsec sa:
protected vrf: (none)
   local  ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
   remote ident (addr/mask/prot/port): (154.113.18.187/255.255.255.255/0/0)
   current_peer 154.113.18.190 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0
 
     local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
     plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0x0(0)
     PFS (Y/N): N, DH group: none
 
     inbound esp sas:
 
     inbound ah sas:
 
     inbound pcp sas:
 
     outbound esp sas:
 
     outbound ah sas:
 
     outbound pcp sas:
 
   protected vrf: (none)
   local  ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
   remote ident (addr/mask/prot/port): (154.113.18.188/255.255.255.255/0/0)
   current_peer 154.113.18.190 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0
 
     local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
     plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0x0(0)
     PFS (Y/N): N, DH group: none
 
     inbound esp sas:
 
     inbound ah sas:
 
     inbound pcp sas:
 
     outbound esp sas:
 
     outbound ah sas:
 
     outbound pcp sas:
 Thank you.
0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Kenshaki2017

‎03-26-2020 12:16 PM

Hi,

   Per the output there is no state for Phase1 either, so it looks like you're not triggering the tunnel. Can you post the device config?

 

Regards,

Cristian Matei.

0 Helpful

Kenshaki2017
Level 1
Level 1
In response to Cristian Matei

‎03-26-2020 01:06 PM - edited ‎03-26-2020 01:11 PM

Please find below the device config:

 

#pkts decaps: 3823089, #pkts decrypt: 3823089, #pkts verify: 3823089
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xFF50FFE0(4283498464)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0xD116879F(3507914655)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12757, flow_id: CSR:10757, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607996/1031)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xFF50FFE0(4283498464)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12758, flow_id: CSR:10758, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607996/1031)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.90/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.96.74/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 415222646, #pkts encrypt: 415222646, #pkts digest: 415222646
#pkts decaps: 396435698, #pkts decrypt: 396435698, #pkts verify: 396435698
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x5C96AA98(1553377944)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0xCB1AB59D(3407525277)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12769, flow_id: CSR:10769, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607877/1979)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x5C96AA98(1553377944)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12770, flow_id: CSR:10770, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607839/1979)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.4.150.0/255.255.255.224/0/0)
current_peer 154.113.18.190 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.91/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.199.1.83/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.94/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.95/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.4.40/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 2391640, #pkts encrypt: 2391640, #pkts digest: 2391640
#pkts decaps: 1981988, #pkts decrypt: 1981988, #pkts verify: 1981988
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x23244559(589579609)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x86B1F2C2(2259808962)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12751, flow_id: CSR:10751, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607921/674)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x23244559(589579609)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12752, flow_id: CSR:10752, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607933/674)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.93/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.15.34/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 60, #pkts encrypt: 60, #pkts digest: 60
#pkts decaps: 60, #pkts decrypt: 60, #pkts verify: 60
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.98/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.99/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.6.21/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1028, #pkts encrypt: 1028, #pkts digest: 1028
#pkts decaps: 1163, #pkts decrypt: 1163, #pkts verify: 1163
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.96/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.6.22/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 389, #pkts encrypt: 389, #pkts digest: 389
#pkts decaps: 465, #pkts decrypt: 465, #pkts verify: 465
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (197.210.3.176/255.255.255.255/0/0)
current_peer 41.220.79.242 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 419448, #pkts encrypt: 419448, #pkts digest: 419448
#pkts decaps: 209817, #pkts decrypt: 209817, #pkts verify: 209817
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.6.23/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 91, #pkts encrypt: 91, #pkts digest: 91
#pkts decaps: 131, #pkts decrypt: 131, #pkts verify: 131
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.4.21/255.255.255.255/0/0)
current_peer 196.46.244.244 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (197.210.3.177/255.255.255.255/0/0)
current_peer 41.220.79.242 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.102/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.161.79/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.100/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.101/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (196.6.103.10/255.255.255.255/0/0)
current_peer 196.6.103.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 14, #pkts encrypt: 14, #pkts digest: 14
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.6.103.25
plaintext mtu 1422, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.203.65.15/255.255.255.255/0/0)
current_peer 41.203.65.124 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4881766, #pkts encrypt: 4881766, #pkts digest: 4881766
#pkts decaps: 4878219, #pkts decrypt: 4878219, #pkts verify: 4878219
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.203.65.124
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.6.25/255.255.255.255/0/0)
current_peer 196.46.244.244 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 229, #pkts encrypt: 229, #pkts digest: 229
#pkts decaps: 457, #pkts decrypt: 457, #pkts verify: 457
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.244
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.121/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 6, #pkts encrypt: 6, #pkts digest: 6
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.131/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (154.113.18.187/255.255.255.255/0/0)
current_peer 154.113.18.190 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (154.113.18.188/255.255.255.255/0/0)
current_peer 154.113.18.190 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.134/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (51.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (154.113.18.189/255.255.255.255/0/0)
current_peer 154.113.18.190 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 154.113.18.190
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.132/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.206.4.162/255.255.255.255/0/0)
current_peer 41.220.79.242 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1052952228, #pkts encrypt: 1052952228, #pkts digest: 1052952228
#pkts decaps: 1367910650, #pkts decrypt: 1367910650, #pkts verify: 1367910650
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 21690

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xCBE1F085(3420582021)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0xCE9176F6(3465639670)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12779, flow_id: CSR:10779, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (3594/28786)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xCBE1F085(3420582021)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12780, flow_id: CSR:10780, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (3594/28786)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.98.155/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 2545322, #pkts encrypt: 2545322, #pkts digest: 2545322
#pkts decaps: 3681186, #pkts decrypt: 3681186, #pkts verify: 3681186
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xF6A44AFB(4137962235)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x33CED619(869193241)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12775, flow_id: CSR:10775, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607992/2080)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xF6A44AFB(4137962235)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12776, flow_id: CSR:10776, sibling_flags FFFFFFFF80004048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607992/2080)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.173.171/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 410333, #pkts encrypt: 410333, #pkts digest: 410333
#pkts decaps: 406128, #pkts decrypt: 406128, #pkts verify: 406128
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x58C372DD(1489203933)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x1EA90682(514393730)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12765, flow_id: CSR:10765, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607997/1787)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x58C372DD(1489203933)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12766, flow_id: CSR:10766, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607997/1787)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.98.157/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 2456462, #pkts encrypt: 2456462, #pkts digest: 2456462
#pkts decaps: 3550579, #pkts decrypt: 3550579, #pkts verify: 3550579
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xBB687C2(196511682)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x91C88C03(2445839363)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12767, flow_id: CSR:10767, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607997/1969)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xBB687C2(196511682)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12768, flow_id: CSR:10768, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607997/1969)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.94.128/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 5, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.19.44/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 71368799, #pkts encrypt: 71368799, #pkts digest: 71368799
#pkts decaps: 116381609, #pkts decrypt: 116381609, #pkts verify: 116381609
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 23

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x40D4DE4C(1087692364)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x375E038D(928908173)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12763, flow_id: CSR:10763, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607715/1718)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x40D4DE4C(1087692364)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12764, flow_id: CSR:10764, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607776/1718)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.98.167/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 425508542, #pkts encrypt: 425508542, #pkts digest: 425508542
#pkts decaps: 392923252, #pkts decrypt: 392923252, #pkts verify: 392923252
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 1

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xAC66B1A8(2892411304)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0xE74F8071(3880747121)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12773, flow_id: CSR:10773, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607379/1994)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xAC66B1A8(2892411304)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 12774, flow_id: CSR:10774, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607268/1994)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.62.14/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1155, #pkts encrypt: 1155, #pkts digest: 1155
#pkts decaps: 882, #pkts decrypt: 882, #pkts verify: 882
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.220.77.193/255.255.255.255/0/0)
current_peer 41.220.79.242 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.200.6.193/255.255.255.255/0/0)
current_peer 196.46.244.193 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.138.162.11/255.255.255.255/0/0)
current_peer 41.138.161.19 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.138.161.19
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.220.77.147/255.255.255.255/0/0)
current_peer 41.220.79.242 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.83.55/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 62470316, #pkts encrypt: 62470316, #pkts digest: 62470316
#pkts decaps: 31623876, #pkts decrypt: 31623876, #pkts verify: 31623876
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 7

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x4EC9B06(82615046)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x87EA101F(2280263711)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12753, flow_id: CSR:10753, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607822/688)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x4EC9B06(82615046)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12754, flow_id: CSR:10754, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607669/688)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.71.83.44/255.255.255.255/0/0)
current_peer 41.190.1.25 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 174417749, #pkts encrypt: 174417749, #pkts digest: 174417749
#pkts decaps: 277662604, #pkts decrypt: 277662604, #pkts verify: 277662604
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 63

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.190.1.25
plaintext mtu 1446, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0xFACDE5DC(4207797724)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0x59D7BD3D(1507310909)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12759, flow_id: CSR:10759, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607295/1675)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xFACDE5DC(4207797724)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 12760, flow_id: CSR:10760, sibling_flags FFFFFFFF80000048, crypto map: MTech
sa timing: remaining key lifetime (k/sec): (4607452/1675)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.100.108.51/255.255.255.255/0/0)
current_peer 41.203.65.124 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.203.65.124
plaintext mtu 1500, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.24.176.59/255.255.255.255/0/0)
current_peer 196.46.244.193 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 7
#pkts decaps: 7, #pkts decrypt: 7, #pkts verify: 7
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 196.46.244.193
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (52.1.212.39/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (41.206.4.219/255.255.255.255/0/0)
current_peer 41.220.79.242 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 37, #pkts encrypt: 37, #pkts digest: 37
#pkts decaps: 48, #pkts decrypt: 48, #pkts verify: 48
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.5, remote crypto endpt.: 41.220.79.242
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:
MTech-Cloud-Rtr1#
MTech-Cloud-Rtr1#
Using username "ec2-user".
Authenticating with public key "imported-openssh-key"

MTech-Cloud-Rtr1#show run
Building configuration...

Current configuration : 11586 bytes
!
! Last configuration change at 10:55:25 UTC Wed Mar 25 2020 by ec2-user
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname MTech-Cloud-Rtr1
!
boot-start-marker
boot-end-marker
!
!
no logging monitor
enable secret 5 $1$UWg.$GMjWZdIwxfzuMPZLwZCdU0
!
no aaa new-model
!
!
!
!
!
!
!
!
!

 

!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-836154422
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-836154422
revocation-check none
rsakeypair TP-self-signed-836154422
!
crypto pki trustpoint TP-self-signed-2015511618
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2015511618
revocation-check none
rsakeypair TP-self-signed-2015511618
!
!
crypto pki certificate chain TP-self-signed-836154422
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38333631 35343432 32301E17 0D313531 32303231 35303834
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3833 36313534
34323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B9C309B6 509B0BBF 882BAD74 C0629455 F5F79587 8961251C 2D939CD6 903D678C
E725F935 E8DD55A5 38964E45 D2E783DF C5DB5D89 04BBD2E7 03917FF9 469F262C
312B93BE C831EBEA 3C513F80 B6A88DE4 CAE7F673 859E163A FFE0E312 55ED2E9A
1B862210 C6EA6FB4 2F8DC848 52449138 19AAFF6B 89F2109B 429E2248 71E7B391
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801425 E891C3FB 6BAF13B2 4ABDCC1E 01A6F3EA D9930630 1D060355
1D0E0416 041425E8 91C3FB6B AF13B24A BDCC1E01 A6F3EAD9 9306300D 06092A86
4886F70D 01010505 00038181 0022EB2F 53102F7E E10104F9 338EC203 472C8F9B
11EAF5D9 46D6B48D FFF9D9DC 95320F91 DB62F279 F73DC8C7 69B838B0 A4CDD96C
3B98762E 9F28446B E596F373 2F3E7425 CC350B20 6C546FFC 120AD2DD EBF8E26D
AA2CE739 61195FE4 C00F940A 83A5074F CF015D40 AD64952C FBA38B83 84D664CB
9B9548F1 7CC3FDF9 44B23206 A6
quit
crypto pki certificate chain TP-self-signed-2015511618
license udi pid CSR1000V sn 93WN7C2FTTW
license boot level security
!
username ec2-user privilege 15 secret 5 $1$EbxI$XnJFBPGmI9tQOXbOkdhZY0
username mtech1 secret 5 $1$D3ef$6LOIxAnSWbb9rwaugSiUI/
!
redundancy
!
!
!
!
!
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
username ec2-user
key-hash ssh-rsa C02D19D48B2F3CF80E8F2605F70A02D7 MTechRoutersKey
!
!
!
!
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 30
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp policy 40
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 50
encr 3des
hash md5
authentication pre-share
lifetime 28800
!
crypto isakmp policy 60
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 65
encr aes 256
authentication pre-share
group 5
lifetime 28800
!
crypto isakmp policy 70
encr 3des
authentication pre-share
lifetime 28800
!
crypto isakmp policy 80
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 90
encr 3des
authentication pre-share
group 2



crypto isakmp key ********* address 154.113.18.190
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-sha-hmac
mode tunnel
crypto ipsec transform-set TRANSFORM2 esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set TRANSFORM3 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map MTech 10 ipsec-isakmp
description VPN TUNNEL TO GLOBACOM ON 41.203.65.124
set peer 41.203.65.124
set transform-set TRANSFORM-1
match address GLOBACOM
crypto map MTech 20 ipsec-isakmp
description VPN Tunnel to MTN
set peer 41.220.79.242
set security-association lifetime seconds 86400
set transform-set TRANSFORM-1
match address MTN
crypto map MTech 30 ipsec-isakmp
description VPN TUNNEL TO AIRTEL ON 196.46.244.244
set peer 196.46.244.244
set transform-set TRANSFORM-1
match address AIRTEL
crypto map MTech 40 ipsec-isakmp
description VPN TUNNEL TO Airtel ON 196.46.244.193
set peer 196.46.244.193
set transform-set TRANSFORM-1
match address Airtel
crypto map MTech 50 ipsec-isakmp
description VPN TUNNEL TO QRIOS ON 62.173.32.50
set peer 196.46.244.193
set peer 62.173.32.50
set transform-set TRANSFORM-1
match address Qrios
crypto map MTech 60 ipsec-isakmp
description VPN TUNNEL TO ETISALAT ON 41.190.1.25
set peer 41.190.1.25
set transform-set TRANSFORM-1
match address ETISALAT
crypto map MTech 65 ipsec-isakmp
description VPN TUNNEL TO NIBBS ON 196.6.103.25
set peer 196.6.103.25
set transform-set TRANSFORM2
set pfs group5
match address NIBBS
crypto map MTech 70 ipsec-isakmp
description VPN TUNNEL TO VISAFONE ON 41.138.161.19
set peer 41.138.161.19
set transform-set TRANSFORM-1
match address VISAFONE
crypto map MTech 80 ipsec-isakmp
description VPN TUNNEL TO NITROSWITCH ON 154.113.18.190
set peer 154.113.18.190
set security-association lifetime seconds 86400
set transform-set TRANSFORM3
match address NITROSWITCH
!
!
!
!
!
!
interface Loopback0
ip address 52.1.212.39 255.255.255.255
!
interface GigabitEthernet1
ip address dhcp
ip nat outside
negotiation auto
crypto map MTech
!
interface GigabitEthernet2
ip address 10.0.2.5 255.255.255.0
ip nat inside
negotiation auto
!
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
activate
!
ip nat inside source list 101 interface Loopback0 overload
ip nat inside source list 102 interface GigabitEthernet1 overload
ip nat inside source static tcp 10.0.2.47 80 52.1.212.39 80 extendable
ip nat inside source static tcp 10.0.2.25 2008 52.1.212.39 2008 extendable
ip nat inside source static tcp 10.0.2.157 80 52.1.212.39 2016 extendable
ip nat inside source static tcp 10.0.2.7 8011 52.1.212.39 8011 extendable
ip nat inside source static tcp 10.0.2.7 8080 52.1.212.39 8080 extendable
ip nat inside source static tcp 10.0.2.157 8088 52.1.212.39 8088 extendable
ip nat inside source static tcp 10.0.2.157 8089 52.1.212.39 8089 extendable
ip nat inside source static tcp 10.0.2.7 8443 52.1.212.39 8443 extendable
ip nat inside source static tcp 10.0.2.7 8444 52.1.212.39 8444 extendable
ip nat inside source static tcp 10.0.2.7 8445 52.1.212.39 8445 extendable
ip nat inside source static tcp 10.0.2.140 80 52.1.212.39 8880 extendable
ip nat inside source static tcp 10.0.2.140 8881 52.1.212.39 8881 extendable
ip nat inside source static tcp 10.0.2.140 8882 52.1.212.39 8882 extendable
ip nat inside source static tcp 10.0.2.140 8883 52.1.212.39 8883 extendable
ip nat inside source static tcp 10.0.2.58 8884 52.1.212.39 8884 extendable
ip nat inside source static tcp 10.0.2.58 80 52.1.212.39 8885 extendable
ip nat inside source static tcp 10.0.2.129 9502 52.1.212.39 9502 extendable
ip nat inside source static tcp 10.0.2.129 17301 52.1.212.39 17301 extendable
ip nat inside source static tcp 10.0.2.129 17302 52.1.212.39 17302 extendable
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
ip access-list extended AIRTEL
permit ip host 52.1.212.39 host 172.24.4.40
permit ip host 52.1.212.39 host 172.24.4.21
permit ip host 52.1.212.39 host 172.24.11.122
permit ip host 52.1.212.39 host 172.24.11.123
permit ip host 52.1.212.39 host 172.24.6.21
permit ip host 52.1.212.39 host 172.24.6.22
permit ip host 52.1.212.39 host 172.24.6.23
permit ip host 52.1.212.39 host 172.24.6.25
permit ip host 52.1.212.39 host 172.24.15.34
ip access-list extended Airtel
permit ip host 52.1.212.39 host 10.200.6.121
permit ip host 52.1.212.39 host 10.199.1.83
permit ip host 52.1.212.39 host 172.24.176.59
permit ip host 52.1.212.39 host 172.24.96.74
permit ip host 52.1.212.39 host 172.24.98.167
permit ip host 52.1.212.39 host 172.24.96.62
permit ip host 52.1.212.39 host 172.24.96.64
permit ip host 52.1.212.39 host 172.24.94.128
permit ip host 52.1.212.39 host 172.24.98.155
permit ip host 52.1.212.39 host 172.24.98.157
permit ip host 52.1.212.39 host 10.200.6.102
permit ip host 52.1.212.39 host 10.200.6.134
permit ip host 52.1.212.39 host 10.200.6.193
permit ip host 52.1.212.39 host 10.200.6.90
permit ip host 52.1.212.39 host 10.200.6.91
permit ip host 52.1.212.39 host 10.200.6.93
permit ip host 52.1.212.39 host 10.200.6.94
permit ip host 52.1.212.39 host 10.200.6.95
permit ip host 52.1.212.39 host 10.200.6.96
permit ip host 52.1.212.39 host 10.200.6.98
permit ip host 52.1.212.39 host 10.200.6.99
permit ip host 52.1.212.39 host 10.200.6.100
permit ip host 52.1.212.39 host 10.200.6.101
permit ip host 52.1.212.39 host 10.200.6.131
permit ip host 52.1.212.39 host 10.200.6.132
ip access-list extended ETISALAT
permit ip host 52.1.212.39 host 10.71.128.47
permit ip host 52.1.212.39 host 10.71.161.15
permit ip host 52.1.212.39 host 10.71.62.14
permit ip host 52.1.212.39 host 10.71.161.79
permit ip host 52.1.212.39 host 10.71.173.171
permit ip host 52.1.212.39 host 10.71.19.44
permit ip host 52.1.212.39 host 10.71.83.44
permit ip host 52.1.212.39 host 10.71.83.55
ip access-list extended GLOBACOM
permit ip host 52.1.212.39 host 41.203.65.15
permit ip host 52.1.212.39 host 10.100.108.51
permit ip host 52.1.212.39 host 41.203.65.93
permit ip host 52.1.212.39 host 41.203.65.65
permit ip host 52.1.212.39 host 41.203.65.76
permit ip host 52.1.212.39 host 41.203.65.109
permit ip host 52.1.212.39 host 41.203.65.106
ip access-list extended MTN
permit ip host 52.1.212.39 host 41.220.77.101
permit ip host 52.1.212.39 host 41.206.4.162
permit ip host 52.1.212.39 host 41.206.4.219
permit ip host 52.1.212.39 host 41.220.77.193
permit ip host 52.1.212.39 host 41.220.77.147
permit ip host 52.1.212.39 host 197.210.3.176
permit ip host 52.1.212.39 host 197.210.3.177
ip access-list extended NIBBS
permit ip host 52.1.212.39 host 196.6.103.10
ip access-list extended NITROSWITCH
permit ip host 51.1.212.39 host 154.113.18.187
permit ip host 51.1.212.39 host 154.113.18.188
permit ip host 51.1.212.39 host 154.113.18.189
permit ip host 51.1.212.39 10.4.150.0 0.0.0.31
ip access-list extended Qrios
permit ip host 52.1.212.39 host 62.173.32.50
ip access-list extended TAC
permit ip host 196.46.244.244 host 10.0.0.5
permit ip host 10.0.0.5 host 196.46.244.244
ip access-list extended VISAFONE
permit ip host 52.1.212.39 host 41.138.162.11
!
ip sla 10
icmp-echo 62.173.32.50
ip sla schedule 10 start-time now
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
login local
stopbits 1
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
!
!
end

MTech-Cloud-Rtr1#

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents