cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1713
Views
10
Helpful
72
Replies

Re: problem with VDSL on 887

Is the ACL 101 correct?  As it denies the traffic?  I am not familiar with the route-map command so maybe it needs to be like this?

VIP Mentor

Re: problem with VDSL on 887

Hello Jeroen,

 

ACL 101 keeps the traffic that needs to go through the VPN tunnel from being tranlated. 

 

Try and change:

 

ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

 

to 

 

ip nat inside source list 101 interface Dialer0 overload

 

and check if that makes a difference...

Re: problem with VDSL on 887

doesn't seem to have any effect :(

this is really frustrating ...

Is there any way to debug/monitor the traffic that is send from the remote site to the main site?

Re: problem with VDSL on 887

OCWRTR01#sh crypto ipsec sa peer 194.78.59.5

interface: Dialer0
Crypto map tag: SDM_CMAP_1, local addr 109.135.19.130

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.4.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.10.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 4500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 1180, #pkts encrypt: 1180, #pkts digest: 1180
#pkts decaps: 1180, #pkts decrypt: 1180, #pkts verify: 1180
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1342, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0xBC0AB7D2(3154819026)
PFS (Y/N): Y, DH group: group2

inbound esp sas:
spi: 0xF148B6A5(4048074405)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 35, flow_id: Onboard VPN:35, sibling_flags 80000040, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4162608/3565)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0xBC0AB7D2(3154819026)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 36, flow_id: Onboard VPN:36, sibling_flags 80000040, crypto map: SDM_CMAP_1
sa timing: remaining key lifetime (k/sec): (4162608/3565)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.11.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.14.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.15.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.12.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 574, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.13.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.18.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.19.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.16.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 145, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.130.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (10.0.17.0/255.255.255.0/0/0)
current_peer 194.78.59.5 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 109.135.19.130, remote crypto endpt.: 194.78.59.5
plaintext mtu 1400, path mtu 1400, ip mtu 1400, ip mtu idb Dialer0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none

inbound esp sas:

inbound ah sas:

inbound pcp sas:

outbound esp sas:

outbound ah sas:

outbound pcp sas:

Re: problem with VDSL on 887

OCWRTR01#show ip access-lists 100
Extended IP access list 100
10 permit ip 10.0.130.32 0.0.0.31 10.0.4.0 0.0.0.255
20 permit ip 10.0.130.32 0.0.0.31 10.0.10.0 0.0.0.255 (2239 matches)
30 permit ip 10.0.130.32 0.0.0.31 10.0.11.0 0.0.0.255
40 permit ip 10.0.130.32 0.0.0.31 10.0.12.0 0.0.0.255 (1026 matches)
50 permit ip 10.0.130.32 0.0.0.31 10.0.13.0 0.0.0.255
60 permit ip 10.0.130.32 0.0.0.31 10.0.14.0 0.0.0.255
70 permit ip 10.0.130.32 0.0.0.31 10.0.15.0 0.0.0.255
80 permit ip 10.0.130.32 0.0.0.31 10.0.16.0 0.0.0.255 (269 matches)
90 permit ip 10.0.130.32 0.0.0.31 10.0.17.0 0.0.0.255
100 permit ip 10.0.130.32 0.0.0.31 10.0.18.0 0.0.0.255
110 permit ip 10.0.130.32 0.0.0.31 10.0.19.0 0.0.0.255
OCWRTR01#show ip access-lists 101
Extended IP access list 101
10 deny ip 10.0.130.32 0.0.0.31 10.0.0.0 0.0.255.255 (4731 matches)
20 permit ip 10.0.130.32 0.0.0.31 any (2162 matches)

Re: problem with VDSL on 887

GADFRWL01# show access-list Outside_cryptomap_120
access-list Outside_cryptomap_120; 11 elements
access-list Outside_cryptomap_120 line 1 extended permit ip object-group GAD 10.0.130.32 255.255.255.224 0x3ff2d724
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.10.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=10869) 0x6e0e53ca
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.11.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0x69637245
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.12.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=9674) 0x61d7afc7
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.13.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0xa6a10c8d
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.14.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0xa99da925
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.15.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0xe91b16f9
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.16.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=10545) 0xa833eb3e
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.17.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=9) 0x97b5b02
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.18.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0x4f38d6a5
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.19.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0x6c50456
access-list Outside_cryptomap_120 line 1 extended permit ip 10.0.4.0 255.255.255.0 10.0.130.32 255.255.255.224 (hitcnt=0) 0x6a287bca

Re: problem with VDSL on 887

also tried a packet tracer from the main site (see attachment) ...

 

a ping from the main site to the remote site does work.

Re: problem with VDSL on 887

After I logged on the device with ip 10.0.12.32 and did a ping to 10.0.130.33, the packetracer on the ASA does allow the packet to be send succesfully.
VIP Mentor

Re: problem with VDSL on 887

Jeroen,

 

I think we have tried this before all the other stuff, but add 'set pfs group2' to the crypto map:

 

crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 194.78.59.5
set peer 194.78.59.5
set transform-set ESP-3DES-SHA

set pfs group2
match address 100

View solution in original post

Re: problem with VDSL on 887

that did it !!!!!!!
Highlighted

Re: problem with VDSL on 887

Final config ...
!
version 15.5
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname OCWRTR01
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 ***********
enable password 7 ***********
!
no aaa new-model
ethernet lmi ce
clock timezone pctime 1 0
clock summer-time pctime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-372889659
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372889659
revocation-check none
rsakeypair TP-self-signed-372889659
!
!
crypto pki certificate chain TP-self-signed-372889659
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373238 38393635 39301E17 0D313531 32303331 32353430
335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32383839
36353930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
AE294AF5 4B3E652D 48B86C3E 8C55D813 0A77BCD7 FC443B6A F36562D3 2FE47AE8
C6FE44CC 45794852 07D468A0 0565092B 28D1C523 76A7ADD4 116C43EC DF14197E
298E8325 28A205D2 BF337E5C C34BA2D9 E3002988 A5B0577D B1AC6AA6 98F5CB6D
04FA3C1D 28AC01FA 96A86A2D E2499661 F30B1557 E1AC389C B35CA150 5683ED9B
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801419 13E44CE2 D16FB24C FF626FD0 1B5FDF0A 84468F30 1D060355
1D0E0416 04141913 E44CE2D1 6FB24CFF 626FD01B 5FDF0A84 468F300D 06092A86
4886F70D 01010505 00038181 008181CD 80376437 DB3B6DF0 2F75F47D A280C0A2
90E9FEB5 D59651BA 5D54CECE B16082DB B53DA7F7 2C40EF4B 7ACD7A42 4DA65F41
8C3680AB A5EC820D 07FD6C91 5CBC62B0 4E3E8F5C A5445FFC 2ABAE60E 56D24EBA
C5A2974C EA63DBB9 F567BC9E 843CAB45 203E0955 53B3B475 673D5589 987013EF
5E19E7CD AEEF039C 1FAB582B 36
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.130.33
!
ip dhcp pool sdm-pool
import all
network 10.0.130.32 255.255.255.224
default-router 10.0.130.33
dns-server 10.0.12.32 8.8.8.8
lease 0 2
!
!
!
ip name-server 195.238.2.21
ip name-server 195.238.2.22
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VAM-K9 sn FCZ222012JM
!
!
username janssens.j privilege 15 secret 5 ***********
!
!
!
!
!
controller VDSL 0
firmware filename flash:VA_A_39d_B_38h3_24h.bin
no cdp run
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key *********** address 194.78.59.5
crypto isakmp fragmentation
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
!
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to 194.78.59.5
set peer 194.78.59.5
set transform-set ESP-3DES-SHA
set pfs group2
match address 100
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
!
interface Ethernet0.10
encapsulation dot1Q 10
ip nat outside
ip virtual-reassembly in
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0
description trunk OCWL2SW01
switchport mode trunk
no ip address
!
interface FastEthernet1
switchport access vlan 60
no ip address
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface Vlan1
ip address 10.0.130.33 255.255.255.224
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer0
mtu 1400
ip address 109.135.19.130 255.255.255.0
ip nat outside
ip virtual-reassembly in max-reassemblies 1024
ip virtual-reassembly out max-reassemblies 1024
encapsulation ppp
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ***********
ppp chap password 7 ***********
no cdp enable
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 8640 requests 10000
!
!
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
dialer-list 1 protocol ip permit
!
route-map SDM_RMAP_1 permit 1
match ip address 101
match interface Dialer0
!
snmp-server community public RO
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 2 remark SDM_ACM Category=2
access-list 2 permit 10.0.130.32 0.0.0.31
access-list 23 permit 10.0.130.32 0.0.0.31
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.4.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.10.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.11.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.12.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.13.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.14.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.15.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.16.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.17.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.18.0 0.0.0.255
access-list 100 permit ip 10.0.130.32 0.0.0.31 10.0.19.0 0.0.0.255
access-list 100 remark SDM_ACM Category=4
access-list 101 remark IPSec Rule
access-list 101 remark SDM_ACM Category=2
access-list 101 deny ip 10.0.130.32 0.0.0.31 10.0.0.0 0.0.255.255
access-list 101 permit ip 10.0.130.32 0.0.0.31 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
exec-timeout 5 30
password 7 ***********
login
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 ***********
login
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

VIP Mentor

Re: problem with VDSL on 887

Hello Jeroen,

 

good stuff, glad it is resolved...

Re: problem with VDSL on 887

Thanks for all your time and effort!
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards