Announcement

Collapse
No announcement yet.

Cisco 3725 Setup Problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 3725 Setup Problems

    We currently have one 3725 with a 10mb and a T-1 connection. The 10mb connection is our primary one. The T-1 is only a backup and not used. What I wanted to do was buy another 3725 to setup as a backup router and also to be used for the T-1. It would be nice if both router could backup each other. If the 10mb 3725 went down I could just move the cables over to the T1 3725. The T-1 has it's own firewall (SonicWall Pro5060) and the 10 mb has two Sonicwall ASA4500's. It works right now with both connections going to the 10mb 3725. I can get out and in using VPN on both connections.
    Below is the config for the 10mb router:

    version 12.3
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    service password-encryption
    no service dhcp
    !
    hostname yo-edge-bras
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 5 log
    security passwords min-length 7
    logging buffered 16384 informational
    logging console notifications
    !
    memory-size iomem 10
    clock timezone EST -5
    clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
    no network-clock-participate slot 1
    aaa new-model
    !
    !
    aaa authentication banner ^C
    ################################################## #####################
    Attention! Authorized personnel only!
    This router is property of Year One Inc. All others are
    advised to disconnect immediately.
    Only users expressly authorized by Year One Inc. may
    connect to this router.
    Notice: connections to this router are logged.
    Inquiries may be directed to [email protected].
    ################################################## #####################
    ^C
    aaa session-id common
    ip subnet-zero
    no ip source-route
    ip flow-cache timeout active 1
    !
    !
    ip cef
    ip ftp source-interface Loopback0
    ip ftp username anonymous
    ip ftp password 7 032752180500721B1C5C391C121319030A2F6527273E
    ip domain name yearone.com
    ip name-server 166.102.165.13
    ip name-server 198.6.100.53
    !
    no ip bootp server
    ip audit attack action alarm drop reset
    ip audit po max-events 100
    ip audit smtp spam 200
    ip audit signature 2002 disable
    ip audit signature 2005 disable
    ip audit name IDR1 info action alarm
    ip ssh time-out 60
    ip ssh authentication-retries 2
    no ftp-server write-enable
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    buffers small permanent 68
    buffers small max-free 98
    buffers small min-free 20
    buffers middle permanent 40
    buffers middle max-free 57
    buffers middle min-free 12
    !
    !
    !
    interface Loopback0
    description Loopback interface. Used for SysLog messages, etc.
    ip address 10.30.0.1 255.255.255.255
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    !
    interface Null0
    no ip unreachables
    !
    interface FastEthernet0/0
    description AllTel 10mbps Internet circuit (GALODI51484) --- with IDS.
    bandwidth 102400
    ip address 166.102.152.254 255.255.255.252
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    speed 100
    full-duplex
    no cdp enable
    !
    interface Serial0/0
    bandwidth 1581
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    encapsulation frame-relay IETF
    ip route-cache flow
    no fair-queue
    service-module t1 timeslots 1-24
    frame-relay lmi-type ansi
    !
    interface Serial0/0.1 point-to-point
    description MCI/UUNet DS1 DIA circuit (wcomw0k39264) --- with IDS.
    ip address 157.130.77.38 255.255.255.252
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    no keepalive
    frame-relay interface-dlci 500 IETF
    !
    interface FastEthernet0/1
    description Year One Braselton 206.82.80.0/24 (Windstream)
    bandwidth 102400
    ip address 206.82.80.1 255.255.255.0
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    speed 100
    full-duplex
    no cdp enable
    !
    interface Serial0/1
    description Test network. Connected to Cisco 1700 router (172.20.1.2 . 192.168.101..
    ip address 172.20.1.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    shutdown
    no keepalive
    no cdp enable
    !
    interface FastEthernet1/0
    description Year One Braselton 65.207.168.192/27 (MCI/UUNET).
    bandwidth 102400
    ip address 65.207.168.193 255.255.255.224
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    ip policy route-map Ranger
    speed 100
    full-duplex
    no cdp enable
    !
    interface FastEthernet1/1
    no ip address
    no ip proxy-arp
    ip accounting access-violations
    shutdown
    duplex auto
    speed auto
    no cdp enable
    !
    router bgp 32042
    no synchronization
    no bgp log-neighbor-changes
    bgp deterministic-med
    network 206.82.80.0
    neighbor 157.130.77.37 remote-as 701
    neighbor 157.130.77.37 shutdown
    neighbor 157.130.77.37 route-map filter in
    neighbor 157.130.77.37 route-map prepend out
    neighbor 157.130.77.37 filter-list 85 in
    neighbor 157.130.77.37 filter-list 5 out
    neighbor 166.102.152.253 remote-as 7029
    neighbor 166.102.152.253 update-source FastEthernet0/0
    neighbor 166.102.152.253 route-map filter in
    neighbor 166.102.152.253 password 7 020C5C0B1B5656761C161D1A0D11045C18
    neighbor 166.102.152.253 filter-list 5 out
    no auto-summary
    !
    no ip http server
    no ip http secure-server
    ip flow-export source FastEthernet0/1
    ip flow-export version 5 origin-as
    ip flow-export destination 206.82.80.32 9996
    ip classless
    ip route 0.0.0.0 0.0.0.0 166.102.152.253
    ip route 0.0.0.0 0.0.0.0 157.130.77.37 250
    ip route 192.168.101.0 255.255.255.0 172.20.1.2
    !
    ip as-path access-list 5 permit ^$
    ip as-path access-list 85 permit ^701_[0-9]*$
    !
    logging history size 250
    logging facility local1
    logging source-interface FastEthernet0/1
    logging 206.82.80.32
    access-list 1 deny any
    access-list 18 permit 65.207.168.192 0.0.0.31
    access-list 19 permit 157.130.77.36 0.0.0.3
    access-list 20 permit 192.43.244.18 log
    access-list 20 permit 66.187.233.4 log
    access-list 20 permit 192.5.41.40 log
    access-list 20 remark AL limiting time sync from trusted servers only.
    access-list 20 deny any log
    access-list 21 remark AL limiting time sync to trusted hosts only.
    access-list 21 permit 206.82.80.0 0.0.0.255
    access-list 21 permit 192.168.0.0 0.0.255.255
    access-list 21 permit 10.26.0.0 0.0.0.255
    access-list 21 permit 65.207.168.192 0.0.0.31
    access-list 21 deny any log
    access-list 25 remark SNMP ACL
    access-list 25 permit 206.82.80.0 0.0.0.255
    access-list 25 deny any log
    access-list 50 deny any log
    access-list 50 remark Block all access to Line AUX.
    access-list 51 permit 68.233.181.208 log
    access-list 51 permit 192.168.0.0 0.0.255.255 log
    access-list 51 permit 10.26.0.0 0.0.0.255 log
    access-list 51 permit 206.82.80.0 0.0.0.255 log
    access-list 51 permit 166.102.54.0 0.0.0.255 log
    access-list 51 permit 65.207.168.192 0.0.0.31 log
    access-list 51 permit 170.192.0.0 0.63.255.255 log
    access-list 51 permit 63.230.24.16 0.0.0.7 log
    access-list 51 deny any log
    access-list 51 remark Blocks all SSH connections except from specified addresses.
    access-list 110 remark ACL to deny ICMP redirects. Applly to all Internet-facing (external) interfaces.
    access-list 110 deny icmp any any redirect
    access-list 121 permit udp host 192.43.244.18 host 10.30.0.1 eq ntp log-input
    no cdp run
    !
    route-map filter permit 10
    match ip address 1
    !
    route-map setlocal permit 10
    set local-preference 500
    !
    route-map Ranger2 permit 19
    match ip address 19
    set interface Serial0/0.1
    !
    route-map Ranger permit 18
    match ip address 18
    set interface Serial0/0.1
    !
    route-map prepend permit 10
    set as-path prepend 32042 32042
    !
    snmp-server community 168Wr0Q7 RO 25
    snmp-server ifindex persist
    snmp-server enable traps tty
    !
    !
    !
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    alias router ro router
    alias exec ro router
    alias exec ac access-list
    alias exec b bgp
    !
    line con 0
    password 7 125308161B0701052461
    transport preferred ssh
    transport output all
    line aux 0
    access-class 50 in
    no exec
    transport preferred ssh
    transport output none
    line vty 0 4
    access-class 51 in
    exec-timeout 240 0
    password 7 134F1A130200092B256E
    transport preferred ssh
    transport input ssh
    transport output all
    !
    exception protocol ftp
    exception dump 206.82.80.32
    scheduler allocate 3000 1000
    ntp clock-period 17180638
    ntp source FastEthernet0/1
    ntp access-group peer 20
    ntp access-group serve-only 21
    ntp server 192.5.41.40 prefer
    ntp server 192.43.244.18
    ntp server 66.187.233.4
    end

    on next thread

  • #2
    Re: Cisco 3725 Setup Problems

    I tried to copy the above config file to the T1 3725. Below is the T1 3725:


    show running-config
    Building configuration...
    Current configuration : 10605 bytes
    !
    version 12.4
    service nagle
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    service password-encryption
    no service dhcp
    !
    hostname YO-T13725
    !
    boot-start-marker
    boot system flash:c3725-adventerprisek9-mz.124-25c.bin
    boot-end-marker
    !
    security authentication failure rate 5 log
    security passwords min-length 7
    logging buffered 16384 informational
    logging console notifications
    enable secret 5 $1$lrr4$6WalMHIErl.kKjXu5n8Ng.
    enable password 7 070D334D5D0C1511181C
    !
    aaa new-model
    !
    !
    !
    aaa session-id common
    memory-size iomem 10
    clock timezone EST -5
    clock summer-time EDT recurring
    no network-clock-participate slot 1
    no network-clock-participate slot 2
    no ip source-route
    ip cef
    !
    !
    !
    !
    ip flow-cache timeout active 1
    no ip bootp server
    ip domain name yearone.com
    ip name-server 166.102.165.13
    ip name-server 198.6.100.53
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip ips signature 2002 0 disable
    ip ips signature 2005 0 disable
    ip ips name IDR1
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ip ftp source-interface Loopback0
    ip ftp username anonymous
    ip ftp password 7 032752180500721B1C5C391C121319030A2F6527273E
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    buffers small permanent 68
    buffers small max-free 98
    buffers small min-free 20
    buffers middle permanent 40
    buffers middle max-free 57
    buffers middle min-free 12
    !
    !
    !
    interface Loopback0
    description Loopback interface. Used for SysLog messages, etc.
    ip address 10.30.0.1 255.255.255.255
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    !
    interface Null0
    no ip unreachables
    !
    interface FastEthernet0/0
    description AllTel 10mbps Internet circuit (GALODI51484) --- with IDS.
    bandwidth 102400
    ip address 166.102.152.254 255.255.255.252
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    speed 100
    full-duplex
    no cdp enable
    !
    interface Serial0/0
    description MCI/UUNet DS1 DIA circuit (wcomw0k39264) --- with IDS.
    bandwidth 1581
    no ip address
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    encapsulation frame-relay IETF
    ip route-cache flow
    no keepalive
    no fair-queue
    service-module t1 timeslots 1-24
    frame-relay lmi-type ansi
    !
    interface Serial0/0.1 point-to-point
    description MCI/UUNet DS1 DIA circuit (wcomw0k39264) --- with IDS.
    ip address 157.130.77.38 255.255.255.252
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    no keepalive
    frame-relay interface-dlci 500 IETF
    !
    interface FastEthernet0/1
    description Year One Braselton 206.82.80.0/24 (Windstream)
    bandwidth 102400
    ip address 206.82.80.1 255.255.255.0
    ip access-group 111 in
    ip access-group 111 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    shutdown
    speed 100
    full-duplex
    no cdp enable
    !
    interface FastEthernet1/0
    description Year One Braselton 65.207.168.192/27 (MCI/UUNET).
    bandwidth 102400
    ip address 65.207.168.193 255.255.255.224
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    ip policy route-map Ranger
    speed 100
    full-duplex
    no cdp enable
    !
    interface Serial1/0
    no ip address
    shutdown
    !
    interface FastEthernet2/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface TokenRing2/0
    no ip address
    shutdown
    ring-speed 16
    !
    router bgp 32042
    no synchronization
    no bgp log-neighbor-changes
    bgp deterministic-med
    network 206.82.80.0
    neighbor 157.130.77.37 remote-as 701
    neighbor 157.130.77.37 shutdown
    neighbor 157.130.77.37 route-map filter in
    neighbor 157.130.77.37 route-map prepend out
    neighbor 157.130.77.37 filter-list 85 in
    neighbor 157.130.77.37 filter-list 5 out
    neighbor 166.102.152.253 remote-as 7029
    neighbor 166.102.152.253 password 7 020C5C0B1B5656761C161D1A0D11045C18
    neighbor 166.102.152.253 update-source FastEthernet0/0
    neighbor 166.102.152.253 route-map filter in
    neighbor 166.102.152.253 filter-list 5 out
    no auto-summary
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 166.102.152.253
    ip route 0.0.0.0 0.0.0.0 157.130.77.37 250
    ip route 192.168.101.0 255.255.255.0 172.20.1.2
    !
    ip as-path access-list 5 permit ^$
    ip as-path access-list 85 permit ^701_[0-9]*$
    ip flow-export source FastEthernet0/1
    ip flow-export version 5 origin-as
    ip flow-export destination 206.82.80.32 9996
    !
    no ip http server
    no ip http secure-server
    !
    logging history size 250
    logging facility local1
    logging source-interface FastEthernet0/1
    logging 206.82.80.32
    access-list 1 deny any
    access-list 18 permit 65.207.168.192 0.0.0.31
    access-list 19 permit 157.130.77.36 0.0.0.3
    access-list 20 permit 192.43.244.18 log
    access-list 20 permit 66.187.233.4 log
    access-list 20 permit 192.5.41.40 log
    access-list 20 remark AL limiting time sync from trusted servers only.
    access-list 20 deny any log
    access-list 21 remark AL limiting time sync to trusted hosts only.
    access-list 21 permit 206.82.80.0 0.0.0.255
    access-list 21 permit 192.168.0.0 0.0.255.255
    access-list 21 permit 10.26.0.0 0.0.0.255
    access-list 21 permit 65.207.168.192 0.0.0.31
    access-list 21 deny any log
    access-list 25 remark SNMP ACL
    access-list 25 permit 206.82.80.0 0.0.0.255
    access-list 25 deny any log
    access-list 50 deny any log
    access-list 50 remark Block all access to Line AUX.
    access-list 50 remark Block all ag (external) interfaces.
    access-list 51 permit 68.233.181.208 log
    access-list 51 permit 192.168.0.0 0.0.255.255 log
    access-list 51 permit 10.26.0.0 0.0.0.255 log
    access-list 51 permit 206.82.80.0 0.0.0.255 log
    access-list 51 permit 166.102.54.0 0.0.0.255 log
    access-list 51 permit 65.207.168.192 0.0.0.31 log
    access-list 51 permit 170.192.0.0 0.63.255.255 log
    access-list 51 permit 63.230.24.16 0.0.0.7 log
    access-list 51 deny any log
    access-list 51 remark Blocks all SSH connections except from specified addresses
    access-list 51 remark Blocks all SSH connections except from specified addresses.
    access-list 110 remark ACL to deny ICMP redirects. Applly to all Internet-facin
    access-list 110 deny icmp any any redirect
    access-list 110 remark ACL to deny ICMP redirects. Applly to all Internet-facing (external) interfaces.
    access-list 121 permit udp host 192.43.244.18 host 10.30.0.1 eq ntp log-input
    snmp-server community public RO
    snmp-server community 168Wr0Q7 RO 25
    snmp-server ifindex persist
    snmp-server enable traps tty
    no cdp run
    !
    route-map filter permit 10
    match ip address 1
    !
    route-map setlocal permit 10
    set local-preference 500
    !
    route-map Ranger2 permit 19
    match ip address 19
    set interface Serial0/0 Serial0/0.1
    !
    route-map Ranger permit 18
    match ip address 18
    set interface Serial0/0 Serial0/0.1
    !
    route-map prepend permit 10
    set as-path prepend 32042 32042
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    dial-peer cor custom
    !
    alias router ro router
    alias exec ro router
    alias exec ac access-list
    alias exec b bgp
    !
    line con 0
    password 7 125308161B0701052461
    transport preferred ssh
    transport output all
    line aux 0
    access-class 50 in
    no exec
    transport preferred ssh
    transport output none
    line vty 0 4
    access-class 51 in
    exec-timeout 240 0
    password 7 134F1A130200092B256E
    transport preferred ssh
    transport input ssh
    transport output all
    !
    exception protocol ftp
    exception dump 206.82.80.32
    scheduler allocate 3000 1000
    ntp clock-period 17180638
    ntp source FastEthernet0/1
    ntp access-group peer 20
    ntp access-group serve-only 21
    ntp server 192.5.41.40 prefer
    ntp server 192.43.244.18
    ntp server 66.187.233.4
    !
    end

    Right now the problem I am having is I can get to the internet using the backup T1 3725 but I can not VPN into it from the outside.

    Can anyone help?
    Thanks.
    Bill

    Comment


    • #3
      Re: Cisco 3725 Setup Problems

      Just use HSRP and track your interfaces. If the primary goes down the backup will kick in. No need to swap cables. Do some googling regarding cisco HSRP.
      CCNA, CCNA-Security, CCNP
      CCIE Security (In Progress)

      Comment

      Working...
      X