On Thu, 2007-07-19 at 08:15 -0400, Juan C. Crespo R. wrote:
> Arnaud
>
> Don't you change anything on the router? I mean probably add one
> loopback address?? please send us your show ip inter brief your
> wccp2_router line, and your GRE Tunnel config
>
Interface IP-Address OK? Method Status
Protocol
GigabitEthernet0/0 unassigned YES NVRAM up
up
GigabitEthernet0/0.1 172.16.30.4 YES NVRAM up
up
GigabitEthernet0/0.2 10.6.0.1 YES NVRAM up
up
GigabitEthernet0/0.64 10.6.64.1 YES NVRAM up
up
GigabitEthernet0/0.128 10.6.128.1 YES NVRAM up
up
GigabitEthernet0/0.130 10.6.130.1 YES NVRAM up
up
GigabitEthernet0/0.132 10.6.132.1 YES NVRAM up
up
GigabitEthernet0/0.134 10.6.134.1 YES NVRAM up
up
GigabitEthernet0/0.246 10.6.246.1 YES NVRAM up
up
GigabitEthernet0/0.248 10.6.248.1 YES NVRAM up
up
GigabitEthernet0/0.250 10.6.250.1 YES NVRAM up
up
GigabitEthernet0/0.252 10.6.252.1 YES NVRAM up
up
GigabitEthernet0/0.254 10.6.254.1 YES NVRAM up
up
GigabitEthernet0/1 192.168.0.6 YES NVRAM up
up
ATM0/0/0 unassigned YES NVRAM up
up
NVI0 unassigned NO unset up
up
Virtual-Access1 unassigned YES unset up
up
Virtual-Access2 unassigned YES unset up
up
Dialer0 194.121.231.1 YES IPCP up
up
Loopback0 172.31.255.6 YES NVRAM up
up
Here's a snippet from the config:
Building configuration...
Current configuration : 16116 bytes
!
! Last configuration change at 11:17:50 UTC Thu Jul 19 2007 by ROC-ASA
! NVRAM config last updated at 10:57:59 UTC Thu Jul 19 2007 by ROC-ASA
!
version 12.4
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname RT-ST
!
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.124-7a.bin
boot-end-marker
!
logging buffered 16000 debugging
no logging console
enable secret [snip]
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone UTC 1
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00
ip wccp web-cache redirect-list 150
!
!
ip cef
ip inspect max-incomplete high 1500
ip inspect max-incomplete low 1200
ip inspect one-minute high 1800
ip inspect one-minute low 1600
ip inspect name appfw_100 smtp
ip inspect name appfw_100 imap
ip inspect name appfw_100 imaps
ip inspect name appfw_100 pop3
ip inspect name appfw_100 pop3s
ip inspect name appfw_100 http
ip inspect name appfw_100 https
ip inspect name appfw_100 tcp
ip inspect name appfw_100 udp
ip inspect name appfw_100 dns
ip inspect name appfw_100 icmp
ip inspect name appfw_100 ftp
ip inspect name appfw_100 ssh
ip inspect name appfw_100 telnet
!
no ip domain lookup
ip domain name st.amf.asa.nl
ip ssh version 2
!
!
!
username [snip]
!
controller DSL 0/0/0
mode atm
line-term cpe
line-mode auto
dsl-mode shdsl symmetric annex B
!
!
!
interface Loopback0
ip address 172.31.255.6 255.255.255.255
!
interface GigabitEthernet0/0
description verbinding met LAN
no ip address
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
description Default Vlan
encapsulation dot1Q 1 native
ip address 172.16.30.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface GigabitEthernet0/0.252
description Beheer-252
encapsulation dot1Q 252
ip address 10.6.252.1 255.255.254.0
ip access-group 2252 in
ip access-group 2253 out
ip helper-address 10.1.254.11
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp web-cache redirect in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface GigabitEthernet0/1
description wan
bandwidth 100000
ip address 192.168.0.6 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip ospf authentication-key 7 000E160A150E52241A
duplex full
speed 100
traffic-shape rate 100000000 2500000 2500000 1000
!
interface ATM0/0/0
description "Connection to SDSL customer@xxxxxxxxxxxxxxx"
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 2/32
oam-pvc manage 3
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip access-group 101 in
no ip redirects
no ip proxy-arp
ip inspect appfw_100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
no cdp enable
ppp pap sent-username customer@xxxxxxxxxxxxxxx password passsh
ppp ipcp mask request
ppp ipcp address accept
!
router ospf 1
log-adjacency-changes
area 1 authentication
passive-interface default
no passive-interface GigabitEthernet0/1
network 10.6.0.0 0.0.255.255 area 1
network 172.16.30.0 0.0.0.255 area 1
network 172.31.255.6 0.0.0.0 area 1
network 192.168.0.0 0.0.0.255 area 1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip flow-export version 5
ip flow-export destination 10.1.254.14 2055
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface Dialer0 overload
!
access-list 1 remark SNMP-toegang
access-list 1 permit 10.0.252.0 0.255.1.255
access-list 1 permit 10.0.254.0 0.255.1.255
access-list 100 remark Dialer0 nat source list
access-list 100 deny ip 10.0.0.0 0.255.63.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 10.0.252.0 0.255.1.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 10.0.0.0 0.255.63.255 10.1.0.0 0.0.255.255
access-list 100 deny ip 10.0.252.0 0.255.1.255 10.1.0.0 0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 100 permit ip 10.0.0.0 0.255.63.255 any
access-list 100 permit ip 10.0.252.0 0.255.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
access-list 101 remark Vanuit Internet
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit icmp any any echo-reply
access-list 102 remark Default ACL in deny all accept Beheer
access-list 102 permit icmp any 10.0.252.0 0.255.1.255
access-list 102 permit tcp any 10.0.252.0 0.255.1.255 established
access-list 103 remark Default ACL out deny all accept Beheer
access-list 103 permit icmp 10.0.252.0 0.255.1.255 any
access-list 103 permit tcp 10.0.252.0 0.255.1.255 any
access-list 150 deny ip 10.0.252.0 0.255.1.255 10.0.0.0 0.255.255.255
access-list 150 deny ip 10.0.252.0 0.255.1.255 172.16.0.0 0.15.255.255
access-list 150 deny ip 10.0.252.0 0.255.1.255 192.168.0.0 0.0.255.255
access-list 150 permit ip 10.0.252.0 0.255.1.255 any
access-list 198 remark EVPN input verkeer AN > HQ
access-list 2252 remark beheer VLAN(in)
snmp-server community readcom RO 1
snmp-server community comwrite RW 1
!
!
control-plane
!
!
banner login ^C
| |
||| |||
||||| |||||
||||||||| |||||||||
|||||||||||||||||||||||||||
C I S C O - S Y S T E M S RT-ST
******************************************************************
* Do not attempt to logon unless you are an authorized user! *
******************************************************************
^C
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180138
ntp source GigabitEthernet0/0.252
ntp server 10.1.252.1
!
end
Tunnel config on the proxy:
ip tunnel add wccp0 mode gre remote 192.168.0.6 local 10.1.250.10 dev
eth0
up ip addr add 10.1.250.10/32 dev wccp0
up ip link set wccp0 up
wccp0 Link encap:UNSPEC HWaddr
0A-01-FA-0A-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.250.10 P-t-P:10.1.250.10 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1
RX packets:3214470 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:201069371 (191.7 MiB) TX bytes:0 (0.0 b)
Amarantis Onderwijsgroep is de concernorganisatie van ISA-scholen en ROC ASA
