Solved: VPN Connection OK but not abble to ping the ROUTER before the VPN ROUTER

Didier1966 · ‎01-23-2011

Hello,

In my test lab I am able to connect with the VPN CLIENT my CISCO ROUTER , and I can also ping it , but when I try to ping something on the other router , it does not work , maybe I have a ACL isue ?

Any Help is welcome

Here bellow the script and configuration :

PC (VPN CLIENT) ->C2691(IPSec VPN)->C1841(IP 192.168.10.1)

Router#sh crypto ipsec sa

interface: FastEthernet0/0
Crypto map tag: clientmap, local addr 172.18.124.1

   protected vrf: (none)
   local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (14.1.1.106/255.255.255.255/0/0)
   current_peer 172.18.124.2 port 500
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 59, #pkts decrypt: 59, #pkts verify: 59
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 172.18.124.1, remote crypto endpt.: 172.18.124.2
     path mtu 1500, ip mtu 1500
     current outbound spi: 0xE9640C2B(3915648043)

     inbound esp sas:
      spi: 0xE23C352(237224786)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2002, flow_id: SW:2, crypto map: clientmap
        sa timing: remaining key lifetime (k/sec): (4462659/3582)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

inbound ah sas:

inbound pcp sas:

     outbound esp sas:
      spi: 0xE9640C2B(3915648043)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2003, flow_id: SW:3, crypto map: clientmap
        sa timing: remaining key lifetime (k/sec): (4462669/3579)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

outbound ah sas:

outbound pcp sas:
Router#

Router#sh crypto map
Crypto Map "clientmap" 10 ipsec-isakmp
Dynamic map template tag: dynmap

Crypto Map "clientmap" 65536 ipsec-isakmp
        Peer = 172.18.124.2
        Extended IP access list
            access-list permit ip any host 14.1.1.106
            dynamic (created from dynamic map dynmap/10)
        Current peer: 172.18.124.2
        Security association lifetime: 4608000 kilobytes/3600 seconds
        PFS (Y/N): N
        Transform sets={
                myset,
        }
        Interfaces using crypto map clientmap:
                FastEthernet0/0

Router#

Router#sh arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 192.168.10.1           37   0024.c4eb.6600 ARPA   FastEthernet0/1
Internet 192.168.10.20           6   0024.2b4d.0c5a ARPA   FastEthernet0/1
Internet 192.168.10.200         36   0025.9c39.57e2 ARPA   FastEthernet0/1
Internet 172.18.124.2            1   0022.4135.3f5e ARPA   FastEthernet0/0
Internet 172.18.124.1            -   0013.191f.ac00 ARPA   FastEthernet0/0
Internet 192.168.10.166          -   0013.191f.ac01 ARPA   FastEthernet0/1
Router#

Current configuration : 2320 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c2691-adventerprisek9-mz.124-5a.bin
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.18.124.1
!
ip dhcp pool VPN
   import all
   network 172.18.124.0 255.255.255.0
   default-router 172.18.124.1
   lease 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
fax interface-type fax-mail
username cisco password 0 cisco
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 3000client
key cisco123
dns 8.8.8.8
domain cisco.com
pool ippool
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface FastEthernet0/0
ip address 172.18.124.1 255.255.255.0
speed auto
half-duplex
crypto map clientmap
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.10.166 255.255.255.0
speed auto
half-duplex
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
ip local pool ippool 14.1.1.100 14.1.1.200
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
!
ip http server
no ip http secure-server
!
ip access-list extended TEST
permit ip any any
ip access-list extended TEST2
permit ip any any
!
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
!
!
line con 0
transport output all
speed 115200
line aux 0
transport output all
line vty 0 4
transport input all
transport output all
!
!
end

Federico Coto Fajardo · ‎01-23-2011

Hi,

You have this setup:

PC (VPN CLIENT) ->C2691(IPSec VPN)->C1841(IP 192.168.10.1)

When connected with the VPN client, can you PING the LAN IP of the C2961?

This communication should go through the tunnel and you should see packets encrypted on the ''sh cry ips sa''

To be able to PING the C1841, the C1841 needs a route back pointing to the C2961 when traffic is intended to the VPN client (assuming there's not a default gateway in place).

Federico.

View solution in original post

Federico Coto Fajardo · ‎01-23-2011

Seems that the only thing failing is being able to PING the 1841 from the VPN client?

If you do a ''sh ip route'' on the 1841 do you see either a default gateway pointing to the 2961 or a route back to reach the VPN client?

Federico.

View solution in original post

Jigar Dave · ‎01-23-2011

Hi Didier,

try adding these two lines in two different routers, as per my openion, if packet came at 2691 from PC its not finding out gateway to reach 1841 and return path is not configured in 1841 for 10.1.1.0/24 network,

permit ip 10.1.1.0 255.255.255.0 192.168.10.0 255.255.255.0 - Cisco 2691 router

permit ip 192.168.10.0 255.255.255.0 10.1.1.0 255.255.255.0 - Cisco 1841 router

hope this helps

Thanks,
Jigar

View solution in original post

Federico Coto Fajardo · ‎01-23-2011

Hi,

You have this setup:

PC (VPN CLIENT) ->C2691(IPSec VPN)->C1841(IP 192.168.10.1)

When connected with the VPN client, can you PING the LAN IP of the C2961?

This communication should go through the tunnel and you should see packets encrypted on the ''sh cry ips sa''

To be able to PING the C1841, the C1841 needs a route back pointing to the C2961 when traffic is intended to the VPN client (assuming there's not a default gateway in place).

Federico.

Didier1966 · ‎01-23-2011

Hi Federico,

Thank you for your help

I have just add a extra line compare to the previous scrip :

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Here bellow all what I can ping FROM THE CONSOLE in the C2691:

192.168.10.1 = ROUTER connected on F0/1

192.168.10.166 = IP of the C2691 on F0/1

172.16.0.1 = IP of C2691 on F0/0

172.16.0.2 = IP of the computer given by the C2691 DHCP

10.1.1.6 = IP that I can read in the VPN CLIENT given by IPPOOL

interface FastEthernet0/0
ip address 172.16.0.1 255.255.255.0
speed auto
half-duplex
crypto map clientmap

interface FastEthernet0/1
ip address 192.168.10.166 255.255.255.0
speed auto
half-duplex

ip local pool ippool 10.1.1.1 10.1.1.100

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Sending 5, 100-byte ICMP Echos to 192.168.10.166, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
C2691-VPN-ROUTER#ping 192.168.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/64/288 ms
C2691-VPN-ROUTER#ping 172.16.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
C2691-VPN-ROUTER#ping 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
C2691-VPN-ROUTER#ping 10.1.1.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
C2691-VPN-ROUTER#

Here bellow all what I can ping from the PC (MAC BOOK PRO) when VPN is ON :

PING 192.168.10.166 (192.168.10.166): 56 data bytes
64 bytes from 192.168.10.166: icmp_seq=0 ttl=255 time=1.739 ms
64 bytes from 192.168.10.166: icmp_seq=1 ttl=255 time=1.902 ms
64 bytes from 192.168.10.166: icmp_seq=2 ttl=255 time=1.881 ms
64 bytes from 192.168.10.166: icmp_seq=3 ttl=255 time=1.876 ms

PING 192.168.10.1 (192.168.10.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

PING 172.16.0.1 (172.16.0.1): 56 data bytes
64 bytes from 172.16.0.1: icmp_seq=0 ttl=255 time=0.602 ms
64 bytes from 172.16.0.1: icmp_seq=1 ttl=255 time=0.691 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=255 time=0.903 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=255 time=0.853 ms

PING 172.16.0.2 (172.16.0.2): 56 data bytes
64 bytes from 172.16.0.2: icmp_seq=0 ttl=64 time=0.045 ms
64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=0.115 ms
64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=0.121 ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=64 time=0.116 ms

C2691-VPN-ROUTER#sh crypto isakmp sa
dst src state conn-id slot status
172.16.0.1 172.16.0.2 QM_IDLE 1 0 ACTIVE

C2691-VPN-ROUTER#sh crypto ipsec sa

interface: FastEthernet0/0
Crypto map tag: clientmap, local addr 172.16.0.1

   protected vrf: (none)
   local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (10.1.1.9/255.255.255.255/0/0)
   current_peer 172.16.0.2 port 500
     PERMIT, flags={}
    #pkts encaps: 53, #pkts encrypt: 53, #pkts digest: 53
    #pkts decaps: 291, #pkts decrypt: 291, #pkts verify: 291
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 172.16.0.1, remote crypto endpt.: 172.16.0.2
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x4A2F16F6(1244600054)

     inbound esp sas:
      spi: 0x19EBF2E0(434893536)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2002, flow_id: SW:2, crypto map: clientmap
        sa timing: remaining key lifetime (k/sec): (4598128/3399)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

inbound ah sas:

inbound pcp sas:

     outbound esp sas:
      spi: 0x4A2F16F6(1244600054)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 2001, flow_id: SW:1, crypto map: clientmap
        sa timing: remaining key lifetime (k/sec): (4598158/3397)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

outbound ah sas:

outbound pcp sas:

C2691-VPN-ROUTER#sh crypto map
Crypto Map "clientmap" 10 ipsec-isakmp
        Dynamic map template tag: dynmap

Crypto Map "clientmap" 65536 ipsec-isakmp
        Peer = 172.16.0.2
        Extended IP access list
            access-list permit ip any host 10.1.1.9
            dynamic (created from dynamic map dynmap/10)
        Current peer: 172.16.0.2
        Security association lifetime: 4608000 kilobytes/3600 seconds
        PFS (Y/N): N
        Transform sets={
                myset,
        }
        Interfaces using crypto map clientmap:
                FastEthernet0/0

C2691-VPN-ROUTER#

Federico Coto Fajardo · ‎01-23-2011

Seems that the only thing failing is being able to PING the 1841 from the VPN client?

If you do a ''sh ip route'' on the 1841 do you see either a default gateway pointing to the 2961 or a route back to reach the VPN client?

Federico.

Jigar Dave · ‎01-23-2011

Hi Didier,

try adding these two lines in two different routers, as per my openion, if packet came at 2691 from PC its not finding out gateway to reach 1841 and return path is not configured in 1841 for 10.1.1.0/24 network,

permit ip 10.1.1.0 255.255.255.0 192.168.10.0 255.255.255.0 - Cisco 2691 router

permit ip 192.168.10.0 255.255.255.0 10.1.1.0 255.255.255.0 - Cisco 1841 router

hope this helps

Thanks,
Jigar

Didier1966 · ‎01-23-2011

Hi Jigar,

You are close

But 2 small things , I think that instead of 255.255.255.0 I have to change it to 0.0.0.255.

The other thing , I maybe did not tell you everything , I am in VLAN 10 on my MAIN ROUTER, and to add this access list in my MAIN ROUTER , it is not easy , I have tried to add it but , the WHOLE LAN CRASH , the only way to make it work again is to go via the WAN and remove the just added line.

I have tried to add the access-group in VLAN 10 (It is in BOLT)

Any idea where I can add this line when you see the script bellow :

!

version 12.4

service timestamps debug datetime localtime

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER1841

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 notifications

enable password 7 05080F1C2243

!

aaa new-model

!

aaa authentication banner

THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES

!

aaa session-id common

clock timezone gmt+1 1

clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00

dot11 syslog

no ip source-route

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1

ip dhcp excluded-address 192.168.20.1

ip dhcp excluded-address 192.168.30.1

ip dhcp excluded-address 192.168.100.1

ip dhcp excluded-address 192.168.1.250 192.168.1.254

!

ip dhcp pool vlan10

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

lease 5

!

ip dhcp pool vlan20

import all

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

lease 5

!

ip dhcp pool vlan30

import all

network 192.168.30.0 255.255.255.0

default-router 192.168.30.1

!

ip dhcp pool TEST

host 192.168.100.20 255.255.255.0

client-identifier 0100.2241.353f.5e

!

ip dhcp pool internal

network 192.168.100.0 255.255.255.0

dns-server 192.168.100.1

default-router 192.168.100.1

!

ip dhcp pool vlan1

network 192.168.1.0 255.255.255.0

dns-server 8.8.8.8

default-router 192.168.1.1

lease 5

!

ip dhcp pool MAC

host 192.168.10.50 255.255.255.0

client-identifier 0100.2312.1c0a.39

!

ip dhcp pool PRINTER

host 192.168.10.20 255.255.255.0

client-identifier 0100.242b.4d0c.5a

!

ip dhcp pool MLGW

host 192.168.10.10 255.255.255.0

hardware-address 0004.f301.58b3

!

ip dhcp pool pc-vero

host 192.168.10.68 255.255.255.0

client-identifier 0100.1d92.5982.24

!

ip dhcp pool vlan245

import all

network 192.168.245.0 255.255.255.0

default-router 192.168.245.1

!

ip dhcp pool VPN_ROUTER

client-identifier 0100.0f23.604d.a0

!

ip dhcp pool QNAP_NAS

host 192.168.10.100 255.255.255.0

client-identifier 0100.089b.ad17.8f

client-name QNAP_NAS

!

no ip bootp server

ip domain name dri

ip host SW12 192.168.1.252

ip host SW24 192.168.1.251

ip host tftp 192.168.10.50

ip host Router_A 192.168.10.5

ip host Router_B 10.0.1.1

ip ddns update method DynDNS

HTTP

add http://dri66:dr@members.dyndns.org/nic/update?system=dyndns&hostname=mlgw.dyndns.info&myip=dr@members.dyndns.org/nic/update?system=dyndns&hostname=mlgw.dyndns.info&myip=

interval maximum 1 0 0 0

interval minimum 1 0 0 0

!

multilink bundle-name authenticated

!

flow-sampler-map mysampler1

mode random one-out-of 100

!

crypto pki trustpoint TP-self-signed-299

enrollment selfs

subject-name cn=IOS-Self-Signed-Certificate-2996

revocation-check none

rsakeypair TP-self-signed-2996

!

crypto pki certificate chain TP-self-signed-29967

certificate self-signed 01 nvram:IOS-Self-Sig#9.cer

!

username Admin privilege 15 secret 5 $1$gAFQ$2ecA

archive

log config

hidekeys

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh port 8096 rotary 1

ip ssh version 2

!

interface Loopback0

ip address 192.66.66.66 255.255.255.0

!

interface FastEthernet0/0

description DMZ

ip ddns update hostname mlgw.dyndns.info

ip ddns update DynDNS

ip address dhcp

ip access-group dri-acl-in in

ip access-group dri-acl-out out

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0.241

description VLAN 241

encapsulation dot1Q 241

ip address dhcp

ip access-group dri-acl-in in

ip nat outside

ip virtual-reassembly

no cdp enable

!

interface FastEthernet0/0.245

encapsulation dot1Q 245

ip address dhcp

ip access-group dri-acl-in in

ip nat outside

ip virtual-reassembly

no cdp enable

!

interface FastEthernet0/1

description INTERNAL$ETH-LAN$

ip address 192.168.100.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

shutdown

duplex auto

speed auto

!

interface FastEthernet0/0/0

switchport access vlan 10

spanning-tree portfast

!

interface FastEthernet0/0/1

switchport access vlan 245

spanning-tree portfast

!

interface FastEthernet0/0/2

switchport access vlan 30

spanning-tree portfast

!

interface FastEthernet0/0/3

switchport mode trunk

!

interface Vlan1

ip address 192.168.1.250 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan30

ip address 192.168.30.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan245

ip address 192.168.245.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 10.0.1.0 255.255.255.0 192.168.10.5

!

ip flow-cache timeout inactive 130

ip flow-cache timeout active 20

ip flow-aggregation cache prefix

cache timeout inactive 400

cache timeout active 25

!

no ip http server

ip http authentication local

ip http secure-server

ip nat inside source static tcp 192.168.10.68 5800 interface FastEthernet0/0 5800

ip nat inside source list NAT interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.10.10 80 interface FastEthernet0/0 8095

ip nat inside source static tcp 192.168.10.68 5900 interface FastEthernet0/0 5900

ip nat inside source list NAT1 interface FastEthernet0/0.245 overload

!

ip access-list standard NAT

permit 192.168.0.0 0.0.255.255

!

ip access-list extended dri-acl-in

remark TEST WAN FILTER

permit udp any any eq domain

permit udp any eq domain any

permit tcp any any eq domain

permit tcp any eq domain any

permit tcp any any eq www

permit tcp any eq www any

permit tcp any any eq 443

permit tcp any eq 443 any

permit tcp any any eq pop3

permit tcp any eq pop3 any

permit tcp any any eq smtp

permit tcp any eq smtp any

permit icmp any any

remark THIS WAS NEEDED TO AVOID THAT MY ISP REMOVE MY INTERNET CONNECTION AFTER 1 HOUR

permit udp any eq bootps any

permit udp any eq bootpc any

remark TEST WAN FILTER

remark THIS WAS NEEDED TO AVOID THAT MY ISP REMOVE MY INTERNET CONNECTION AFTER 1 HOUR

permit tcp any eq 5800 any

permit tcp any any eq 5800

permit udp any eq 5800 any

permit udp any any eq 5800

permit tcp any eq 5900 any

permit tcp any any eq 5900

permit udp any eq 5900 any

permit udp any any eq 5900

permit tcp any eq 8095 any

permit tcp any any eq 8095

permit tcp any eq 8096 any

permit tcp any any eq 8096

ip access-list extended dri-acl-out

remark TEST OUT WAN FILTER

permit udp any any eq domain

permit udp any eq domain any

permit tcp any any eq domain

permit tcp any eq domain any

permit tcp any any eq www

permit tcp any eq www any

permit tcp any any eq 443

permit tcp any eq 443 any

permit tcp any any eq pop3

permit tcp any eq pop3 any

permit tcp any any eq smtp

permit tcp any eq smtp any

permit icmp any any

permit udp any eq bootps any

permit udp any eq bootpc any

permit tcp any eq 5800 any

permit tcp any any eq 5800

permit udp any eq 5800 any

permit udp any any eq 5800

permit tcp any eq 5900 any

permit tcp any any eq 5900

permit udp any eq 5900 any

permit udp any any eq 5900

permit tcp any eq 8095 any

permit tcp any any eq 8095

permit tcp any eq 8096 any

permit tcp any any eq 8096

!

no cdp run

!

control-plane

!

banner exec

WELCOME YOU ARE NOW LOGED IN

banner login

WARNING !!!

IF YOU ARE NOT :

Didier Ribbens

Please Leave NOW !!!

YOUR IP and MAC address will be LOGGED !!!

!

line con 0

speed 115200

line aux 0

line vty 0 4

access-class 5 in

privilege level 15

rotary 1

transport input telnet ssh

line vty 5 15

access-class 5 in

rotary 1

!

scheduler allocate 20000 1000

ntp clock-period 17178443

ntp server 66.27.60.10

end

Didier1966 · ‎01-26-2011

Hello,

I will close this case , I have made the configuration on a fresh NEW ROUTER.

If you like to follow you can take a look at :

https://supportforums.cisco.com/thread/2064467

Best Regards,

Didier