Agh... Very, VERY weird AS5200 / PIX issue

Discussion in 'Cisco' started by Jeff, Jan 27, 2004.

  1. Jeff

    Jeff Guest

    I am stumped on an issue. We have a small WAN/Lan here and dialup
    users aren't able to connect beyond our Cisco PIX. The strange thing
    is that they should be able to according to routes, access-lists, etc.
    It's *only* the dialup addresses (distributed by the AS5200 pool). The
    route exists throughout EIGRP and what is REALLY weird is that if I do
    a debug ip icmp on the AS5200 itself, I never see icmp packets from
    either the dialup connections or issuing an extended ping from the
    5200 itself.

    Here is the basic layout:


    192.168.251.254 - Loop0 on AS5200 <-> 192.168.251.X - Dialup Users
    192.168.20.200 - Eth0 on AS5200
    ||
    192.168.20.2 - Core router
    ||
    192.168.20.1 - Edge router
    ||||
    Two T1s with Cef load-balancing
    ||||
    192.168.1.251 - Edge router at ISP
    ||
    192.168.1.254 - Cisco PIX 525
    ||
    (Internet)


    The correct EIGRP route for 192.168.251.0/24 exists. It points to
    192.168.20.200. The PIX has a blanket route for 192.168.0.0/16
    pointing to the inside interface and throwing all traffic to
    192.168.1.251. That router participates in EIGRP.

    My dialup users can ping other 192.168.1.0/24 addresses just fine.
    It's only the Cisco PIX which won't respond to them. I'm going to
    assume that the in-between routers are okay and it's something to do
    with the PIX or 5200, so I'm only including those configs. Please let
    me know if I need to include more.

    Could someone help out? I'm kinda lost... :p


    AS5200:

    version 12.1
    no service single-slot-reload-enable
    service timestamps debug datetime
    service timestamps log datetime
    service password-encryption
    !
    hostname AUSTSRVRAS001
    !
    logging buffered 700000 debugging
    aaa new-model
    aaa authentication login default line none
    aaa authentication login no_tacacs enable
    aaa authentication login network group tacacs+ local
    aaa authentication enable default enable none
    aaa authentication ppp default if-needed group tacacs+ local
    aaa authorization exec default if-authenticated
    aaa authorization network default group tacacs+
    aaa accounting exec default none
    aaa accounting network default start-stop group tacacs+
    enable secret xxxx
    !
    spe 1/0 1/3
    firmware location bootflash:mica-modem-pw.2.9.4.0.bin
    spe 2/0 2/3
    firmware location bootflash:mica-modem-pw.2.9.4.0.bin
    !
    !
    resource-pool disable
    !
    !
    !
    !
    !
    modem recovery action none
    ip subnet-zero
    ip finger

    !
    ip address-pool local
    isdn switch-type primary-ni
    !
    controller T1 0
    framing esf
    clock source line primary
    linecode b8zs
    pri-group timeslots 1-24
    !
    controller T1 1
    framing esf
    clock source line secondary
    linecode b8zs
    pri-group timeslots 1-24
    !
    !
    !
    interface Loopback0
    ip address 192.168.251.254 255.255.255.0
    !
    interface Ethernet0
    ip address 192.168.20.200 255.255.255.0
    !
    interface Serial0
    no ip address
    shutdown
    no fair-queue
    !
    interface Serial1
    no ip address
    shutdown
    !
    interface Serial0:23
    ip unnumbered Loopback0
    encapsulation ppp
    timeout absolute 100 0
    dialer rotary-group 1
    isdn switch-type primary-ni
    isdn incoming-voice modem
    peer default ip address pool new
    no fair-queue
    no cdp enable
    !
    interface Serial1:23
    ip unnumbered Loopback0
    encapsulation ppp
    timeout absolute 100 0
    dialer rotary-group 1
    isdn switch-type primary-ni
    isdn incoming-voice modem
    peer default ip address pool new
    no fair-queue
    no cdp enable
    !
    interface Group-Async1
    ip unnumbered Loopback0
    encapsulation ppp
    ip tcp header-compression passive
    no ip mroute-cache
    dialer in-band
    dialer-group 1
    async default routing
    async dynamic routing
    async mode dedicated
    peer default ip address pool new
    ppp authentication chap
    group-range 1 48
    !
    interface Dialer1
    ip unnumbered Loopback0
    encapsulation ppp
    timeout absolute 100 0
    dialer in-band
    dialer idle-timeout 40000
    dialer-group 1
    peer default ip address pool new
    no fair-queue
    no cdp enable
    ppp authentication chap pap
    ppp multilink
    !
    router eigrp 1
    redistribute connected
    network 192.168.20.0
    network 192.168.251.0
    auto-summary
    no eigrp log-neighbor-changes
    no eigrp log-neighbor-warnings
    !
    ip local pool new 192.168.251.1 192.168.251.48
    no ip http server
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.20.2
    !
    access-list 109 permit icmp any 0.0.0.0 255.255.255.0
    access-list 109 permit icmp 0.0.0.0 255.255.255.0 any
    dialer-list 1 protocol ip permit
    tacacs-server host 192.168.5.210
    tacacs-server key xxxx
    !
    !
    line con 0
    password 7 xxx
    line 1 48
    session-timeout 15 output
    modem InOut
    transport input all
    autoselect during-login
    autoselect ppp
    line aux 0
    line vty 0 4
    password 7 xxx
    !
    ntp clock-period 17180183
    ntp server 192.168.247.2 prefer
    end


    PIX-525 (Version 6.33 with unneeded stuff removed)

    PIX Version 6.3(3)
    interface ethernet0 auto
    interface ethernet1 auto
    interface ethernet2 auto
    interface ethernet3 100full
    interface ethernet4 auto
    interface ethernet5 auto shutdown
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif ethernet2 perimeter security10
    nameif ethernet3 failover security99
    nameif ethernet4 store security2
    nameif ethernet5 intf5 security10
    enable password xxxx encrypted
    passwd xxxx encrypted
    hostname austisppix001
    domain-name xxxx
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol ils 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    no fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.4.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.134.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.125.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.109.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.4.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.106.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.112.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.115.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.105.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.122.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.102.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.114.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.133.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.135.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.127.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.131.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.130.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.132.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.117.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.107.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.128.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.124.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.123.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.116.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.118.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.110.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.126.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.111.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.88.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.177.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.136.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.137.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.139.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.99.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.147.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.142.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.143.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.144.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.145.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.146.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.140.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.149.0
    255.255.255.0
    access-list nonat permit ip 192.168.0.0 255.255.0.0 192.168.148.0
    255.255.255.0
    access-list inside_access_in permit ip any any
    access-list inside_access_in permit tcp any any
    access-list inside_access_in permit udp any any
    access-list inside_access_in permit icmp any any
    access-list store_access_in permit ip any any
    access-list store_access_in permit icmp any any
    access-list outside_access_in permit tcp any host xxxx eq https
    access-list outside_access_in permit tcp any host xxxx eq telnet
    access-list outside_access_in permit tcp any host xxxx eq www
    access-list outside_access_in permit tcp any host xxxx eq smtp
    access-list outside_access_in permit icmp any any
    access-list split permit ip 192.168.0.0 255.255.0.0 192.168.4.0
    255.255.255.0
    access-list perimeter_access_in permit icmp any any
    access-list perimeter_access_in permit ip any any
    access-list perimeter_access_in permit tcp any any
    access-list perimeter_access_in permit udp any any
    access-list store025 permit ip 192.168.0.0 255.255.0.0 192.168.125.0
    255.255.255.0
    access-list store009 permit ip 192.168.0.0 255.255.0.0 192.168.109.0
    255.255.255.0
    access-list store006 permit ip 192.168.0.0 255.255.0.0 192.168.106.0
    255.255.255.0
    access-list store015 permit ip 192.168.0.0 255.255.0.0 192.168.115.0
    255.255.255.0
    access-list store022 permit ip 192.168.0.0 255.255.0.0 192.168.122.0
    255.255.255.0
    access-list store012 permit ip 192.168.0.0 255.255.0.0 192.168.112.0
    255.255.255.0
    access-list store005 permit ip 192.168.0.0 255.255.0.0 192.168.105.0
    255.255.255.0
    access-list store034 permit ip 192.168.0.0 255.255.0.0 192.168.134.0
    255.255.255.0
    access-list store014 permit ip 192.168.0.0 255.255.0.0 192.168.114.0
    255.255.255.0
    access-list store033 permit ip 192.168.0.0 255.255.0.0 192.168.133.0
    255.255.255.0
    access-list store035 permit ip 192.168.0.0 255.255.0.0 192.168.135.0
    255.255.255.0
    access-list store077 permit ip 192.168.0.0 255.255.0.0 192.168.177.0
    255.255.255.0
    access-list store027 permit ip 192.168.0.0 255.255.0.0 192.168.127.0
    255.255.255.0
    access-list store011 permit ip 192.168.0.0 255.255.0.0 192.168.111.0
    255.255.255.0
    access-list store031 permit ip 192.168.0.0 255.255.0.0 192.168.131.0
    255.255.255.0
    access-list store030 permit ip 192.168.0.0 255.255.0.0 192.168.130.0
    255.255.255.0
    access-list store032 permit ip 192.168.0.0 255.255.0.0 192.168.132.0
    255.255.255.0
    access-list store017 permit ip 192.168.0.0 255.255.0.0 192.168.117.0
    255.255.255.0
    access-list store007 permit ip 192.168.0.0 255.255.0.0 192.168.107.0
    255.255.255.0
    access-list store028 permit ip 192.168.0.0 255.255.0.0 192.168.128.0
    255.255.255.0
    access-list store024 permit ip 192.168.0.0 255.255.0.0 192.168.124.0
    255.255.255.0
    access-list store023 permit ip 192.168.0.0 255.255.0.0 192.168.123.0
    255.255.255.0
    access-list store016 permit ip 192.168.0.0 255.255.0.0 192.168.116.0
    255.255.255.0
    access-list store018 permit ip 192.168.0.0 255.255.0.0 192.168.118.0
    255.255.255.0
    access-list store010 permit ip 192.168.0.0 255.255.0.0 192.168.110.0
    255.255.255.0
    access-list store026 permit ip 192.168.0.0 255.255.0.0 192.168.126.0
    255.255.255.0
    access-list store888 permit ip 192.168.0.0 255.255.0.0 192.168.88.0
    255.255.255.0
    access-list store036 permit ip 192.168.0.0 255.255.0.0 192.168.136.0
    255.255.255.0
    access-list store037 permit ip 192.168.0.0 255.255.0.0 192.168.137.0
    255.255.255.0
    access-list store037 permit ip 192.168.0.0 255.255.0.0 192.168.99.0
    255.255.255.0
    access-list store039 permit ip 192.168.0.0 255.255.0.0 192.168.139.0
    255.255.255.0
    access-list store040 permit ip 192.168.0.0 255.255.0.0 192.168.140.0
    255.255.255.0
    access-list store047 permit ip 192.168.0.0 255.255.0.0 192.168.147.0
    255.255.255.0
    access-list store042 permit ip 192.168.0.0 255.255.0.0 192.168.142.0
    255.255.255.0
    access-list store043 permit ip 192.168.0.0 255.255.0.0 192.168.143.0
    255.255.255.0
    access-list store044 permit ip 192.168.0.0 255.255.0.0 192.168.144.0
    255.255.255.0
    access-list store045 permit ip 192.168.0.0 255.255.0.0 192.168.145.0
    255.255.255.0
    access-list store046 permit ip 192.168.0.0 255.255.0.0 192.168.146.0
    255.255.255.0
    access-list store049 permit ip 192.168.0.0 255.255.0.0 192.168.149.0
    255.255.255.0
    access-list store048 permit ip 192.168.0.0 255.255.0.0 192.168.148.0
    255.255.255.0
    pager lines 24
    logging on
    logging timestamp
    logging console debugging
    logging monitor debugging
    logging buffered errors
    logging trap errors
    logging facility 0
    logging host inside 192.168.247.2
    mtu outside 1500
    mtu inside 1500
    mtu perimeter 1500
    mtu failover 1500
    mtu store 1500
    mtu intf5 1500
    ip address outside xxxx 255.255.255.224
    ip address inside 192.168.1.254 255.255.255.0
    ip address perimeter 192.168.2.250 255.255.255.0
    ip address failover 192.168.251.254 255.255.255.0
    ip address store xxxx 255.255.255.224
    no ip address intf5
    ip audit info action alarm
    ip audit attack action alarm
    ip local pool vpnpool 192.168.4.1-192.168.4.99
    failover
    failover timeout 0:00:00
    failover poll 5
    failover replication http
    failover ip address outside xxxx
    failover ip address inside 192.168.1.253
    failover ip address perimeter 192.168.2.251
    failover ip address failover 192.168.251.251
    failover ip address store xxxx
    no failover ip address intf5
    failover link failover
    pdm location 192.168.0.0 255.255.0.0 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 xxxx-xxxx netmask 255.255.255.224
    global (outside) 1 xxxx
    global (perimeter) 1 192.168.2.100-192.168.2.240 netmask 255.255.255.0
    global (store) 1 xxxx-xxxx netmask 255.255.255.224
    global (store) 1 xxxx
    nat (inside) 0 access-list nonat
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    nat (perimeter) 1 0.0.0.0 0.0.0.0 0 0
    nat (store) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,store) udp xxxx tftp 192.168.247.2 tftp netmask
    255.255.255.255 0 0
    static (perimeter,outside) xxxx 192.168.2.3 netmask 255.255.255.255 0
    0
    static (inside,perimeter) 192.168.2.254 192.168.1.2 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.253 192.168.19.5 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.252 192.168.20.25 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.251 192.168.20.30 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.99 192.168.20.200 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.98 192.168.5.206 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.97 192.168.250.201 netmask
    255.255.255.255 1000 500
    static (perimeter,outside) xxxx 192.168.2.2 netmask 255.255.255.255
    1000 500
    static (inside,perimeter) 192.168.2.95 192.168.5.119 netmask
    255.255.255.255 1000 500
    static (inside,perimeter) 192.168.2.90 192.168.5.25 netmask
    255.255.255.255 1000 500
    static (perimeter,store) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
    0 0
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface inside
    access-group perimeter_access_in in interface perimeter
    access-group inside_access_in in interface failover
    access-group store_access_in in interface store
    route outside 0.0.0.0 0.0.0.0 xxxx 1
    route failover 10.0.10.0 255.255.255.0 192.168.3.251 1

    route inside 192.168.0.0 255.255.0.0 192.168.1.251 1
    route store 192.168.3.6 255.255.255.255 xxxx 1
    route store 192.168.88.0 255.255.255.0 xxxx 1
    route store 192.168.105.0 255.255.255.0 xxxx 1
    route store 192.168.106.0 255.255.255.0 xxxx 1
    route store 192.168.107.0 255.255.255.0 xxxx 1
    route store 192.168.109.0 255.255.255.0 xxxx 1
    route store 192.168.110.0 255.255.255.0 xxxx 1
    route store 192.168.111.0 255.255.255.0 xxxx 1
    route store 192.168.112.0 255.255.255.0 xxxx 1
    route store 192.168.114.0 255.255.255.0 xxxx 1
    route store 192.168.115.0 255.255.255.0 xxxx 1
    route store 192.168.116.0 255.255.255.0 xxxx 1
    route store 192.168.117.0 255.255.255.0 xxxx 1
    route store 192.168.118.0 255.255.255.0 xxxx 1
    route store 192.168.122.0 255.255.255.0 xxxx 1
    route store 192.168.123.0 255.255.255.0 xxxx 1
    route store 192.168.124.0 255.255.255.0 xxxx 1
    route store 192.168.125.0 255.255.255.0 xxxx 1
    route store 192.168.126.0 255.255.255.0 xxxx 1
    route store 192.168.127.0 255.255.255.0 xxxx 1
    route store 192.168.128.0 255.255.255.0 xxxx 1
    route store 192.168.130.0 255.255.255.0 xxxx 1
    route store 192.168.131.0 255.255.255.0 xxxx 1
    route store 192.168.132.0 255.255.255.0 xxxx 1
    route store 192.168.133.0 255.255.255.0 xxxx 1
    route store 192.168.134.0 255.255.255.0 xxxx 1
    route store 192.168.135.0 255.255.255.0 xxxx 1
    route store 192.168.136.0 255.255.255.0 xxxx 1
    route store 192.168.137.0 255.255.255.0 xxxx 1
    route store 192.168.139.0 255.255.255.0 xxxx 1
    route store 192.168.140.0 255.255.255.0 xxxx 1
    route store 192.168.142.0 255.255.255.0 xxxx 1
    route store 192.168.143.0 255.255.255.0 xxxx 1
    route store 192.168.144.0 255.255.255.0 xxxx 1
    route store 192.168.145.0 255.255.255.0 xxxx 1
    route store 192.168.146.0 255.255.255.0 xxxx 1
    route store 192.168.147.0 255.255.255.0 xxxx 1
    route store 192.168.148.0 255.255.255.0 xxxx 1
    route store 192.168.149.0 255.255.255.0 xxxx 1

    timeout xlate 0:15:00
    timeout conn 0:15:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    aaa-server LOCAL protocol local
    aaa-server xauthlist protocol tacacs+
    aaa-server xauthlist (inside) host 192.168.5.210 xxxx timeout 10
    snmp-server host inside 192.168.1.30 poll
    snmp-server host inside 192.168.250.209
    no snmp-server location
    no snmp-server contact
    snmp-server community xxxx
    no snmp-server enable traps
    floodguard enable
    sysopt connection permit-ipsec
    crypto ipsec transform-set vpnclient esp-des esp-md5-hmac
    crypto ipsec transform-set singledes esp-des esp-md5-hmac
    crypto ipsec transform-set tripledes esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 3600
    crypto dynamic-map dynmap 30 set transform-set vpnclient

    crypto map gsi 999 ipsec-isakmp dynamic dynmap
    crypto map gsi client configuration address initiate
    crypto map gsi client configuration address respond
    crypto map gsi client authentication xauthlist
    crypto map gsi interface store
    crypto map out 999 ipsec-isakmp dynamic dynmap
    crypto map out client configuration address initiate
    crypto map out client configuration address respond
    crypto map out client authentication xauthlist
    crypto map out interface outside
    isakmp enable outside
    isakmp enable store

    isakmp identity address
    isakmp client configuration address-pool local vpnpool outside
    isakmp client configuration address-pool local vpnpool failover
    isakmp client configuration address-pool local vpnpool store
    isakmp policy 30 authentication pre-share
    isakmp policy 30 encryption 3des
    isakmp policy 30 hash sha
    isakmp policy 30 group 2
    isakmp policy 30 lifetime 86400
    isakmp policy 40 authentication pre-share
    isakmp policy 40 encryption des
    isakmp policy 40 hash md5
    isakmp policy 40 group 2
    isakmp policy 40 lifetime 86400
    vpngroup vpnadmin address-pool vpnpool
    vpngroup vpnadmin dns-server 192.168.5.204
    vpngroup vpnadmin wins-server 192.168.254.204
    vpngroup vpnadmin default-domain xxxx
    vpngroup vpnadmin split-tunnel split
    vpngroup vpnadmin idle-time 86400
    vpngroup vpnadmin max-time 999999
    vpngroup vpnadmin password ********
    telnet 192.168.0.0 255.255.0.0 inside
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    terminal width 80
     
    Jeff, Jan 27, 2004
    #1
    1. Advertisements

  2. Jeff

    Jeff Guest

    Damn I feel dumb... I'm using 251 for my failover interface... DUH

    Sorry for wasting newsgroup bandwidth... :p

    Jeff
     
    Jeff, Jan 27, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.