Hello,   the original configuration sheet you posted mentions SHA1 to be used as a hash algorithm. This would means that you would need ikev2, which is a different encryption. At the very least, check with the other side if that is the case... ... View more

If you only need the crypto map, delete interface Tunnel 2 altogether.   The reason you get the 'proxy identities not supported' error is because the access lists that define the traffic that need to be encrypted don't match on both sides. What device is the company on the other side using ? Can you post their config as well ? ... View more

Hello,   looking at your static routes:   ip route 0.0.0.0 0.0.0.0 41.77.178.13 <-- what is IP address 41.77.178.13 ? ip route 10.16.1.0 255.255.255.0 Tunnel2  ip route 191.162.21.65 255.255.255.255 Tunnel1 ... View more

You have a crypto map and and SVI, which one are you using (or are you using both) ? What does your topology look like ?   The only route you need should be:   ip route 0.0.0.0 0.0.0.0 90.210.32.6   or    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ... View more

Hello,   change your NAT statement:   --> no ip nat inside source list 100 interface GigabitEthernet0/0 overload -->  ip nat inside source list 102 interface GigabitEthernet0/0 overload ... View more

Hello,   your access list 100 is still wrong. The 'deny' entries need to be first: access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.110 access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.111 access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.112 access-list 100 permit ip 10.213.16.0 0.0.0.255 any ... View more

Hello,   you need to change your NAT access list to deny traffic to the VPN destination hosts, and also the VPN access list. They shoud look like below:   access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.110 access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.111 access-list 100 deny ip 10.213.16.0 0.0.0.255 host 10.16.1.112 access-list 100 permit ip 10.213.16.0 0.0.0.255 any ! access-list 120 permit ip 10.213.16.0 0.0.0.255 host 10.16.1.110 access-list 120 permit ip 10.213.16.0 0.0.0.255 host 10.16.1.111 access-list 120 permit ip 10.213.16.0 0.0.0.255 host 10.16.1.112 ... View more

Hello,   what is the gateway for IP address 203.153.40.229 ?  ... View more

Hello,   as far as I recall, STAC is less predictable and consistent than Predictor. Your response times vary, that alone might cause the difference in compression rates. Do you get the same with 'compress predictor' ?   https://www.cisco.com/c/en/us/support/docs/wan/data-compression/14156-compress-overview.html ... View more

Hello,   to partially answer your question: the ISR 4331 has a base throughput of 100MB, with the Performance license you will get 300MB, and with the Boost license you get over 2Gbps. The throughput is activated in software.   Check Table 4 of the attached document.   https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/data_sheet-c78-732542.html ... View more

Hola,   tienes que añadir:   access-list 1 permit 192.168.2.0 ... View more