Good Morning.
I had an issue with my 2801 yesterday during my lab session and had to rebuild. So I went to PL to get the lasted config. Having been on the group for a while I know there have been changes and was hoping the config on PL was updated. I wr mem'ed my router and started fresh. This config from the PL doesn't appear to work. I checked my old notes and this config looks like it should although I don't understand then virtual-interface 1 inside the "crypto ipsec client ezvpn Voice-vRack" Is the config the rest of you are using? Thank you. service timestamps debug datetime service timestamps log date time service password-encryption ! ! boot-start-marker boot-end-marker ! logging buffered 512000 informational username proctorlabs privilege 15 password ipexperthome enable secret ipexperthome no aaa new-model ! ! ! ip cef ip dhcp excluded-address 192.168.10.1 192.168.10.10 ! ip dhcp pool DHCP-Pool import all network 192.168.1.0 255.255.255.0 option 150 ip 10.10.210.10 default-router 192.168.10.1 dns-server 8.8.4.4 8.8.8.8 domain-name proctorlabs.com lease 3 ! ! ip inspect name CBAC-FW tcp timeout 3600 ip inspect name CBAC-FW udp timeout 3600 ip inspect name CBAC-FW http java-list 1 timeout 3600 ip inspect name CBAC-FW https timeout 3600 ip inspect name CBAC-FW icmp ip inspect name CBAC-FW ddns-v3 ip inspect name CBAC-FW smtp ip inspect name CBAC-FW pop3 ip inspect name CBAC-FW pop3s ip inspect name CBAC-FW imap ip inspect name CBAC-FW ftps ip inspect name CBAC-FW ntp ip inspect name CBAC-FW ftp timeout 3600 ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! ! ! interface Loopback0 ip address 10.10.100.15 255.255.255.255 ! interface Virtual-Template1 type tunnel ip unnumbered Loopback0 tunnel mode ipsec ipv4 ! crypto ipsec client ezvpn Voice-vRack connect manual group vpodgroup key proctorvoice mode network-plus peer 74.126.20.247 virtual-interface 1 xauth userid mode interactive ! interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group FW-IN in no ip unreachables ip nat outside ip inspect CBAC-FW out ip mtu 1300 no cdp enable duplex auto speed auto no shut crypto ipsec client ezvpn Voice-vRack ! interface FastEthernet0/1 description (Inside Private Interface) ip address 192.168.1.1 255.255.255.0 ip nat inside crypto ipsec client ezvpn Voice-vRack inside duplex auto speed auto no shut ! ! ip route 0.0.0.0 0.0.0.0 dhcp ! ! no ip http server ip nat inside source list 101 interface f0/0 overload ! ip access-list extended FW-IN permit udp any any eq bootpc deny ip 10.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 224.0.0.0 15.255.255.255 any log deny ip host 0.0.0.0 any log deny ip host 255.255.255.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 127.0.0.0 0.255.255.255 any log permit tcp any any eq ssh permit esp host 74.126.20.247 any permit esp host 12.159.40.185 any permit udp host 74.126.20.247 any eq isakmp permit udp host 12.159.40.185 any eq isakmp permit udp host 74.126.20.247 any eq non500-isakmp permit udp host 12.159.40.185 any eq non500-isakmp deny ip any any log ! access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255 access-list 101 permit ip 192.168.0.0 0.0.255.255 any ! ! ! line con 0 line aux 0 line vty 0 15 password ipexperthome privi level 15 login local exec-timeout 30 0 logging synchronous transport input telnet ssh ! ntp server time.apple.com crypto key generate rsa modulus 1024
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
