Имеем вот такую железяку:
Маршрутизатор 2851 w/ AC PWR,2GE,4HWIC,3PVDM,1NME-XD,2AIM,IP BASE,64F/256D
2 проблемы с цифровым пулом модемов V.92
1. Клиенты которые соединяются по коммутируемому каналу к СВК на модемы v.92, отваливаются по истечению SessionTimeout, т.к. счетчик LastInput продолжает расти вне зависимости от наличия данных(не обнуляется). На аналоговом пуле v.34 все нормально, такой проблемы нет.
2. Низкая скорость при соединении на цифровой пул.
при скачивании файла с общедоступного ресурса на аналоговом пуле при соединении на V.34 - линейная скорость 33,6 кбит, скорость трансфера 3,6 кбайта на бинарном файле, на цифровом пуле при соединении на V.90 - линейная скорость 45,2 кбит, скорость скачивания 1,4 - 2,2 кбайта
В результате чего клиенты, работающие по коммутируемым каналам при соединении на цифровой пул - не имеют возможности скачивать большие файлы.Проводил вот такие работы:
Просим выслать результат команды «Show line 0/322 0/345 » и debug одного из модемов, который разрывает соединение.- анализ ничего критичного не показал
: Вероятнее всего это происходит из-за высокой степени резервирования(max-reserved-bandwidth 100)попробуйте понизить до 80 – так же не помогло…
Что можно ещё попробовать?
конфиг покажите
и вывод
sh contr e1 x/x/x
>конфиг покажите
>и вывод
>sh contr e1 x/x/x!
!
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
service compress-config
service udp-small-servers
service tcp-small-servers
!
hostname Frontier
!
boot-start-marker
boot-end-marker
!
card type e1 0 1
logging message-counter syslog
logging buffered 8192
enable secret 5 $1$j.dJ$Vogw33nWLb3IhlCtHYC8u/
enable password 7 030752180500
!
aaa new-model
!
!
aaa group server tacacs+ PIB
!
aaa authentication password-prompt password:
aaa authentication username-prompt login:
aaa authentication login default local group tacacs+ enable
aaa authentication login AUX line none
aaa authentication login CONSOLE line enable none
aaa authentication ppp default if-needed group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa authorization network vpn_client local
aaa authorization network pppaz group tacacs+
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting system default
action-type start-stop
group tacacs+
!
!
!
aaa session-id common
clock timezone KMR 6
clock summer-time KMR recurring last Sun Mar 2:00 last Sun Oct 3:00
no network-clock-participate wic 0
network-clock-participate wic 1
network-clock-select 1 E1 0/1/0
!
modem firmware slot 0 location flash:v3_11.axf
modem country smart_acf russia
modem country v12 russia
modem recovery threshold 10
modem recovery action download
dot11 syslog
ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name *********
ip host rill ***.**.112.254
ip host k750 ***.**.112.114
no ipv6 cef
ntp server ***.**.112.254
!
multilink bundle-name authenticated
!
!
!
!
isdn switch-type primary-qsig
isdn voice-call-failure 0
!
modemcap entry v92_v44:MSC=s62=8s63=0s21=15s29=12
modemcap entry lk_string:MSC=&FS0=0S29=6S21=3Q2
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-2749436880
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2749436880
revocation-check none
rsakeypair TP-self-signed-2749436880
!
!
crypto pki certificate chain TP-self-signed-2749436880
certificate self-signed 01
3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373439 34333638 3830301E 170D3039 30373038 30363531
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37343934
33363838 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B738 007C1145 4A11B417 808760F6 C8FDBB3E FAD95016 506C1444 6E0CA6FB
04967B21 169F5EAC 06441E7B B8476B4C 4F912E1B 684488B7 437EC52C C0E24440
A4DBAC18 0936297B 413EAABD 215238E5 9B59BC61 0AD718F7 BED97E0E 31C554D2
518EC234 1416F826 CFF92ED9 F3E48BCF BEF6EA08 9E195D84 EAF86F4C D8F48AF7
1EA10203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
03551D11 04253023 82214163 63657373 53657276 6572312E 73766B2E 6B656D65
726F766F 2E636272 2E727530 1F060355 1D230418 30168014 4652E617 8E3D7718
1ACF3C96 0C63C322 5ADDDF9F 301D0603 551D0E04 16041446 52E6178E 3D77181A
CF3C960C 63C3225A DDDF9F30 0D06092A 864886F7 0D010104 05000381 810079DE
BAE0C42F 85E4E3CB 4AA43045 23FBFB70 7E17DD17 0D1A01D1 CE3B100F DEE44EE4
569F964C 5B87E421 AB79B982 259DBB29 99B5650B E0CA8C4C EDF0C441 004123B9
CBAAAE57 7607A7F8 F1815222 FCC0B033 981ECD2B 13DBF599 F123208D C6575FC8
329B615B A550B8A1 5C714C49 7E2578D5 34333273 EC5DB0AE 5C8D39A5 CC2D
quit
!
!
username gazzel secret 5 $1$jIw5$WcjBWC.hAXuUywhzU3kLV1
archive
log config
hidekeys
!
crypto logging session
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 100
encr aes 256
authentication pre-share
group 2
crypto isakmp key CjkJ[f=4 address ***.0.1.9
crypto isakmp key client2 address ***.0.3.17
crypto isakmp key 00cisco address ***.0.3.9
crypto isakmp key h19d#@%% address ***.0.1.17
crypto isakmp key loshad address ***.**.96.254
crypto isakmp key HoJI$78a address ***.*.112.106
crypto isakmp key ZG69[av] address ***.**.112.82
crypto isakmp key NKyA427V address ***.**.112.66
crypto isakmp key ##HY8ab7 address ***.**.112.58
crypto isakmp key !F6SEvs& address ***.**.112.50
crypto isakmp key E%NC51iu address ***.0.1.42
crypto isakmp key &pc*#FV9 address ***.0.8.9
crypto isakmp key T%bX#x%E address ***.0.1.50
crypto isakmp keepalive 20 10
!
crypto isakmp client configuration group VPN_KB727
key RT&ga207
pool VPNPOOL_KB727
acl 100
!
crypto isakmp client configuration group VPN_KB740
key M6Nmw*G3
pool VPNPOOL_KB740
acl 100
!
crypto isakmp client configuration group VPN_KB117
key M6Nmw*G3
pool VPNPOOL_KB117
acl 100
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set TS esp-aes 256 esp-sha-hmac
crypto ipsec transform-set DESMD5 esp-des esp-md5-hmac
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map VPN_DYNMAP 1
set transform-set 3DES-SHA
reverse-route
!
!
crypto map ALEMAR 100 ipsec-isakmp
set peer ***.**.112.58
set ip access-group External_In in
set transform-set TS
match address IPSEC_ALEMAR
!
crypto map APK 101 ipsec-isakmp
set peer ***.**.112.50
set ip access-group External_In in
set transform-set 3DES-SHA
match address IPSEC_APK
!
crypto map CLIENT isakmp authorization list vpn_client
crypto map CLIENT client configuration address respond
crypto map CLIENT 1 ipsec-isakmp dynamic VPN_DYNMAP
!
!
crypto map MY_BANK 100 ipsec-isakmp
set peer ***.**.112.106
set ip access-group External_In in
set transform-set TS
match address IPSEC_MY_BANK
!
crypto map *** 100 ipsec-isakmp
set peer ***.**.112.66
set ip access-group External_In in
set transform-set TS
match address IPSEC_---****
!
crypto map *** 101 ipsec-isakmp
set peer ***.**.112.82
set ip access-group External_In in
set transform-set 3DES-SHA
match address IPSEC_***
!
crypto map STK 100 ipsec-isakmp
set peer ***.0.3.9
set transform-set TS
match address IPSEC_CL1
crypto map STK 200 ipsec-isakmp
set peer ***.0.3.17
set transform-set TS
match address IPSEC_CL2
!
crypto map STK270 100 ipsec-isakmp
description --- ----
set peer ***.0.1.9
set ip access-group External_In in
set transform-set TS
match address IPSEC_***
crypto map STK270 200 ipsec-isakmp
description --- ---
set peer ***.0.1.17
set ip access-group External_In in
set transform-set TS
match address IPSEC_***
crypto map STK270 300 ipsec-isakmp
description --- ---
set peer ***.0.1.42
set ip access-group External_In in
set transform-set TS
match address IPSEC_***
crypto map STK270 400 ipsec-isakmp
description --- ---
set peer ***.0.1.50
set ip access-group External_In in
set transform-set TS
match address IPSEC-***
!
crypto map TTK 100 ipsec-***
description --- ---
set peer ***.0.8.9
set ip access-group External_In in
set transform-set TS
match address IPSEC-TKB-GU
!
crypto map VPN_CLIENT isakmp authorization list vpn_client
crypto map VPN_CLIENT client configuration address respond
crypto map VPN_CLIENT 1 ipsec-isakmp dynamic VPN_DYNMAP
!
!
!
controller E1 0/1/0
pri-group timeslots 1-16
!
controller E1 0/1/1
!
ip ssh version 1
!
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cm
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all Forbank09727-cmap
match access-group name Forbank09727-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
class-map match-all ****-cmap
match access-group name ****-dst-addr
!
!
policy-map TO_CAT_pmap
class ****-cmap
shape peak 192000
class ****-cmap
shape average 10000000
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 2048000
queue-limit 32000 bytes
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 256000
queue-limit 128 packets
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 1024000
queue-limit 128 packets
class ****-cmap
shape average 2048000
queue-limit 32000 bytes
class ****-cmap
shape average 64000
queue-limit 128 packets
class ****-cmap
shape average 1024000
queue-limit 128 packets
class ****-cmap
shape average 2048000
queue-limit 32000 bytes
class ****-cm
shape average 32000
class ****-cm
shape average 32000
class ****-cm
shape average 100000
queue-limit 128 packets
class ****-cm
shape average 32000
class *****-cm
shape average 32000
class ******-cm
shape average 32000
class ******-cm
shape average 32000
class ****-cmap
shape average 64000
queue-limit 128 packets
class class-default
bandwidth 10000
!
!
!
!
!
interface Loopback0
ip address ***.16.1.1 255.255.255.255
!
interface Tunnel0
ip address ***.16.6.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.6.1
!
interface Tunnel1
description -- ---
ip address ***.16.15.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.15.1
!
interface Tunnel2
description --- ---
ip address ***.16.5.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.5.1
!
interface Tunnel3
description ------
ip address ***.16.2.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.2.1
!
interface Tunnel4
description --- ---
ip address ***.16.9.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.9.1
!
interface Tunnel5
description ------
ip address ***.16.8.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.8.1
!
interface Tunnel6
description -----
ip address ***.16.11.6 255.255.255.252
tunnel source GigabitEthernet0/0.10
tunnel destination ***.16.11.1
!
interface GigabitEthernet0/0
description External Network
bandwidth 1000000
no ip address
load-interval 30
duplex full
speed 100
no mop enabled
service-policy output TO_CAT_pmap
hold-queue 500 in
!
interface GigabitEthernet0/0.1
description ------
bandwidth 64
encapsulation dot1Q 61
ip address ***.***.112.1 255.255.255.248
ip access-group External_In in
ip access-group External_Out out
ip accounting output-packets
no cdp enable
!
interface GigabitEthernet0/0.2
description ------
bandwidth 384
encapsulation dot1Q 62
ip address ***.21.112.9 255.255.255.248
ip access-group External_In in
ip access-group External_Out out
ip accounting output-packets
no cdp enable
!
interface GigabitEthernet0/0.4
description ------
encapsulation dot1Q 710
ip address ***.**.12.81 255.255.255.248
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
no cdp enable
crypto map ***
!
interface GigabitEthernet0/0.5
description --------
encapsulation dot1Q 64
ip address ***.**.112.121 255.255.255.248
ip access-group External_In in
ip access-group External_Out out
no cdp enable
!
interface GigabitEthernet0/0.6
description ---
encapsulation dot1Q 700
ip address ***.**.112.49 255.255.255.248
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
no cdp enable
crypto map ***
!
interface GigabitEthernet0/0.7
description ------
encapsulation dot1Q 702
ip address ***.**.112.57 255.255.255.248
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
no cdp enable
crypto map ***
crypto ipsec df-bit clear
!
interface GigabitEthernet0/0.8
description ------
encapsulation dot1Q 703
ip address ***.**.112.105 255.255.255.248
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
no cdp enable
crypto map ***
!
interface GigabitEthernet0/0.9
description ---***---
encapsulation dot1Q 704
ip address ***.**.112.65 255.255.255.248
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
no cdp enable
crypto map ***
!
interface GigabitEthernet0/0.10
description --- ---
encapsulation dot1Q 800
ip address ***.**.112.253 255.255.255.252
!
interface GigabitEthernet0/0.11
description --- ---
bandwidth 64
encapsulation dot1Q 270
ip address ***.0.1.1 255.255.255.252
ip access-group STK_IN in
ip access-group STK_OUT out
ip accounting output-packets
no cdp enable
crypto map ***
!
interface GigabitEthernet0/0.12
description ------
encapsulation dot1Q 271
ip address ***.0.2.1 255.255.255.252
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
no cdp enable
arp timeout 300
crypto map VPN_CLIENT
!
interface GigabitEthernet0/0.13
description ------
bandwidth 128
encapsulation dot1Q 65
ip address ***.**.112.97 255.255.255.248
ip access-group External_In in
ip access-group External_Out out
no ip redirects
no ip unreachables
no cdp enable
!
interface GigabitEthernet0/0.14
description --- ---
encapsulation dot1Q 705
ip address ***.0.8.1 255.255.255.252
ip access-group VPN_CLIENT in
ip access-group VPN_CLIENT out
ip accounting output-packets
crypto map TTK
!
interface GigabitEthernet0/0.100
description TEST
encapsulation dot1Q 57
ip address ***.0.3.1 255.255.255.252
crypto map ***
!
interface GigabitEthernet0/1
ip address ***.16.1.158 255.255.255.224
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 2000
no ip address
no ip redirects
no ip unreachables
no ip mroute-cache
load-interval 30
shutdown
keepalive 60
clock rate 2016000
hold-queue 4096 out
!
interface Serial0/0/1
bandwidth 64
no ip address
encapsulation frame-relay IETF
shutdown
fair-queue 300 16 0
clock rate 2016000
!
interface Serial0/0/2
description ---------
bandwidth 1024
ip address ***.**.112.89 255.255.255.248
ip access-group External_In in
ip access-group External_Out out
no ip redirects
no ip unreachables
ip accounting output-packets
ip mtu 1460
no ip mroute-cache
fair-queue 180 32 16
no cdp enable
hold-queue 200 out
!
interface Serial0/0/3
bandwidth 128
no ip address
no ip redirects
no ip unreachables
shutdown
fair-queue 300 64 16
clock rate 2016000
no cdp enable
hold-queue 330 out
!
interface Serial0/1/0:15
no ip address
encapsulation ppp
load-interval 30
timeout absolute 6 0
isdn switch-type primary-qsig
isdn timer T310 60000
isdn incoming-voice voice
isdn contiguous-bchan
isdn bchan-number-order ascending
no fair-queue
no cdp enable
hold-queue 300 out
!
interface Serial0/2/0
no ip address
no ip redirects
no ip unreachables
no ip mroute-cache
shutdown
no fair-queue
clock rate 125000
no cdp enable
!
interface Serial0/2/1
bandwidth 128
no ip address
no ip redirects
no ip unreachables
no ip mroute-cache
shutdown
no keepalive
no fair-queue
clock rate 125000
no cdp enable
!
interface Virtual-Template1
description VPN-outside
ip unnumbered Loopback0
ip access-group External_In in
ip access-group External_Out out
no peer default ip address
no keepalive
ppp authentication ms-chap
!
interface Group-Async0
bandwidth 56
ip unnumbered Loopback0
ip access-group External_In in
ip access-group External_Out out
encapsulation ppp
no logging event link-status
load-interval 30
async dynamic address
async dynamic routing
async mode dedicated
no peer default ip address
fair-queue 300 32 8
ppp authentication ms-chap chap
group-range 0/322 0/345
max-reserved-bandwidth 100
routing dynamic
!
interface Group-Async1
bandwidth 33
ip unnumbered Loopback0
ip access-group External_In in
ip access-group External_Out out
encapsulation ppp
no logging event link-status
load-interval 30
async dynamic address
async dynamic routing
async mode dedicated
no peer default ip address
fair-queue 300 32 8
ppp authentication ms-chap chap
group-range 1/0 1/15
routing dynamic
hold-queue 350 out
!
ip local pool VPNPOOL_KB786 ***.**.112.58 ***.21.112.62
ip local pool VPNPOOL_KB706 ***.0.2.9 ***.0.2.10
ip local pool VPNPOOL_KB727 ***.0.2.26
ip local pool VPNPOOL_KB750 ***.**.112.50 ***.**.112.54
ip local pool VPNPOOL_KB740 ***.0.2.17 ***.0.2.21
ip local pool VPNPOOL_KB117 ***.0.2.65 ***.0.2.125
no ip forward-protocol nd
ip route 10.15.0.48 255.255.255.252 ***.16.1.129
ip route ***.0.1.0 255.255.255.0 ***.0.1.2
ip route ***.0.2.16 255.255.255.248 ***.0.2.2
ip route ***.0.2.24 255.255.255.248 ***.0.2.2
ip route ***.0.3.0 255.255.255.0 ***.0.3.2
ip route ***.0.8.8 255.255.255.248 ***.0.8.2
ip route ***.16.2.0 255.255.255.0 ***.16.2.5
ip route ***.16.2.1 255.255.255.255 ***.21.112.254
ip route ***.16.5.0 255.255.255.0 ***.16.5.5
ip route ***.16.5.1 255.255.255.255 ***.21.112.254
ip route ***.16.6.0 255.255.255.0 ***.16.6.5
ip route ***.16.6.1 255.255.255.255 ***.21.112.254
ip route ***.16.8.0 255.255.255.0 ***.16.8.5
ip route ***.16.8.1 255.255.255.255 ***.21.112.254
ip route ***.16.9.0 255.255.255.0 ***.16.9.5
ip route ***.16.9.1 255.255.255.255 ***.21.112.254
ip route ***.16.11.0 255.255.255.0 ***.16.11.5
ip route ***.16.11.1 255.255.255.255 ***.21.112.254
ip route ***.16.15.0 255.255.255.0 ***.16.15.5
ip route ***.16.15.1 255.255.255.255 ***.21.112.254
ip route ***.21.96.128 255.255.255.224 ***.16.1.129
ip route ***.21.97.30 255.255.255.255 ***.16.1.129
ip route ***.21.112.24 255.255.255.248 ***.21.112.17
ip route ***.21.114.0 255.255.255.0 ***.16.2.5
ip route 192.168.0.0 255.255.0.0 Null0
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list extended ALEMAR-dst-addr
permit ip any ***.21.112.56 0.0.0.7
ip access-list extended APK-dst-addr
permit ip any ***.21.112.48 0.0.0.7
ip access-list extended BMos-dst-addr
permit ip any ***.21.112.96 0.0.0.7
ip access-list extended CUST03-dst-addr
permit gre any host ***.16.11.1
ip access-list extended CUST06-dst-addr
permit gre any host ***.16.9.1
ip access-list extended CUST09-dst-addr
permit gre any host ***.16.2.1
ip access-list extended CUST13-dst-addr
permit gre any host ***.16.5.1
ip access-list extended CUST14-dst-addr
permit gre any host ***.16.15.1
ip access-list extended CUST15-dst-addr
permit gre any host ***.16.6.1
ip access-list extended CUST36-dst-addr
permit gre any host ***.16.8.1
ip access-list extended External_In
permit tcp host ***.21.112.91 host ***.16.1.135 established
permit tcp host ***.21.112.91 host ***.16.1.135 eq 1030
permit tcp host ***.21.112.91 host ***.16.1.135 eq ident
permit icmp ***.21.112.88 0.0.0.7 host ***.16.1.135
permit tcp host ***.21.112.91 range ftp-data ftp host ***.16.1.135 gt 1023
permit icmp any ***.21.96.0 0.0.0.255 echo-reply
permit tcp any host ***.21.96.141 eq smtp
permit tcp any host ***.21.96.135 eq pop3
permit tcp any host ***.21.96.135 eq 143
permit tcp any host ***.21.96.141 eq www
permit tcp any host ***.21.96.141 eq 443
permit tcp any host ***.21.96.141 eq 1414
permit tcp any host ***.21.96.143 eq telnet
permit tcp any eq 1414 host ***.21.96.141 gt 1024
permit udp any host ***.21.96.141 eq 5001
permit udp any eq 5001 host ***.21.96.141
deny udp any any
deny igmp any any
permit icmp ***.21.112.0 0.0.0.255 ***.21.112.0 0.0.0.255
permit icmp any ***.21.96.0 0.0.0.255 echo
permit icmp any host ***.16.1.1 echo
permit icmp any host ***.16.1.1 echo-reply
permit tcp any host ***.21.96.146 eq www
permit tcp any host ***.21.96.146 eq 443
permit tcp any host ***.21.96.141 eq 5001
permit tcp any eq 5001 host ***.21.96.141
deny ip any any log
ip access-list extended External_Out
permit tcp any any established
permit tcp host ***.16.1.135 host ***.21.112.91 eq pop3
permit tcp host ***.16.1.135 host ***.21.112.91 eq smtp
permit tcp host ***.16.1.135 gt 1023 host ***.21.112.91 range ftp-data ftp
permit tcp host ***.16.1.135 gt 1023 host ***.21.112.91 gt 1023
permit tcp host ***.21.96.141 eq 443 any
permit tcp host ***.21.96.135 eq 143 any
permit tcp host ***.21.96.133 eq pop3 any
permit tcp host ***.21.96.135 eq pop3 any
permit tcp host ***.21.96.141 eq www any
permit tcp host ***.21.96.141 eq 1414 any
permit tcp host ***.21.96.143 eq telnet any
permit tcp host ***.21.96.141 eq smtp any
permit tcp host ***.21.96.141 gt 1024 any eq 1414
permit icmp any any echo
permit icmp any any echo-reply
permit tcp host ***.21.96.146 eq www any
permit tcp host ***.21.96.146 eq 443 any
permit tcp host ***.21.96.141 any eq 5001
deny ip any any log
permit udp host ***.21.96.141 any eq 5001
ip access-list extended Forbank09727-dst-addr
permit ip any ***.0.2.24 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.0.1.40 0.0.0.7
ip access-list extended IPSEC-***
permit ip ***.21.96.0 0.0.0.255 ***.0.1.48 0.0.0.7
ip access-list extended IPSEC-***
permit ip ***.21.96.0 0.0.0.255 ***.0.8.8 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.56 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.48 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.8 0.0.0.7 ***.0.3.8 0.0.0.7
ip access-list extended IPSEC_CL2
permit ip ***.21.96.0 0.0.0.255 ***.0.3.16 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.0.1.40 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.24 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.104 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.64 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.21.112.80 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.0.1.16 0.0.0.7
ip access-list extended IPSEC_***
permit ip ***.21.96.0 0.0.0.255 ***.0.1.8 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.0.2.16 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.21.112.104 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.21.112.64 0.0.0.7
ip access-list extended ***-rtr-to-***
permit ip any ***.21.96.128 0.0.0.31
permit ip any ***.16.1.128 0.0.0.31
ip access-list extended ***-dst-addr
permit ip any ***.21.112.80 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.21.112.8 0.0.0.7
ip access-list extended STK_IN
permit icmp ***.0.1.0 0.0.0.255 host ***.0.1.1 echo
permit icmp ***.0.1.0 0.0.0.255 host ***.0.1.1 echo-reply
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any source-quench
permit icmp any any parameter-problem
deny udp any any eq netbios-ns
deny udp any any eq netbios-dgm
deny udp any host 255.255.255.255
permit udp any host ***.0.1.1 gt 20000
permit icmp any any ttl-exceeded
permit esp ***.0.1.1 0.0.0.248 host ***.0.1.1
permit esp host ***.0.1.42 host ***.0.1.1
permit udp ***.0.1.1 0.0.0.248 host ***.0.1.1 eq isakmp
permit udp host ***.0.1.42 host ***.0.1.1 eq isakmp
permit esp host ***.0.1.25 host ***.0.1.1
permit udp host ***.0.1.25 host ***.0.1.1 eq isakmp
permit tcp host ***.21.112.254 eq telnet host ***.21.96.25 gt 1023
permit tcp host ***.21.112.254 gt 1023 host ***.21.96.27 eq tacacs
permit tcp host ***.21.112.254 gt 1023 host ***.21.96.28 eq tacacs
permit icmp host ***.21.112.254 any
deny ip any any log
ip access-list extended STK_OUT
permit icmp host ***.0.1.1 any echo
permit icmp host ***.0.1.1 any echo-reply
permit icmp any any unreachable
permit icmp any any packet-too-big
permit icmp any any source-quench
permit icmp any any parameter-problem
permit esp host ***.0.1.1 ***.0.1.1 0.0.0.248
permit esp host ***.0.1.1 host ***.0.1.42
permit udp host ***.0.1.1 ***.0.1.1 0.0.0.248 eq isakmp
permit udp host ***.0.1.1 host ***.0.1.42 eq isakmp
permit esp host ***.0.1.1 host ***.0.1.25
permit udp host ***.0.1.1 host ***.0.1.25 eq isakmp
deny ip any any log
ip access-list extended ***-Nkz-dst-addr
permit ip any ***.0.8.8 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.0.1.16 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.21.112.120 0.0.0.7
ip access-list extended ***-dst-addr
permit ip any ***.0.1.8 0.0.0.7
ip access-list extended ***_CLIENT
permit icmp host ***.0.2.5 host ***.0.2.1 echo
permit icmp host ***.0.2.9 host ***.0.2.1 echo
permit icmp host ***.0.2.25 host ***.0.2.1 echo
permit icmp host ***.0.2.1 any echo
permit icmp ***.21.112.1 0.0.0.248 ***.21.112.2 0.0.0.248 echo
permit icmp ***.21.112.2 0.0.0.248 ***.21.112.1 0.0.0.248 echo
permit icmp ***.0.2.1 0.0.0.252 ***.0.2.2 0.0.0.252 echo
permit icmp ***.0.2.2 0.0.0.252 ***.0.2.1 0.0.0.252 echo
permit icmp any any echo-reply
permit icmp any any echo
permit esp any any
permit udp any any eq isakmp
permit icmp any any packet-too-big
permit icmp any any unreachable
permit icmp any any time-exceeded
deny udp any any range netbios-ns netbios-dgm
deny ip any any log
ip access-list extended ***-dst-addr
permit ip any ***.21.112.0 0.0.0.7
!
logging history informational
logging trap notifications
logging ***.21.96.131
logging ***.21.96.132
access-list 5 permit ***.21.96.0 0.0.0.31
access-list 5 permit ***.21.96.128 0.0.0.31
access-list 5 deny any
access-list 23 permit ***.16.1.1
access-list 23 permit ***.21.96.25
access-list 23 permit 10.15.0.48 0.0.0.7
access-list 100 permit ip ***.21.96.0 0.0.0.255 any
access-list 133 permit ip host 10.50.6.155 any
!
dialer dnis group DNIS
number 80xx
dialer-list 1 protocol ip permit
!
!
!
!
!
tacacs-server host ***.21.96.131
tacacs-server host ***.21.96.132
tacacs-server directed-request
tacacs-server key 7 101F5B4A514244
!
control-plane
!
!
!
!
mgcp fax t38 ecm
!
!
!
!
!
banner login _
*********************************************
* *
*********************************************_
alias exec ike sh cry isa sa
alias exec acl sh access-l
alias exec cc clear counter
alias exec pol sh policy-map int
alias exec -tm term no mon
alias exec tm term mon
alias exec summ sh int sum
alias exec acc sh ip accounting
alias exec ip sh ip int brie
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line 1/0 1/15
session-timeout 7
modem Dialin
exec-character-bits 8
special-character-bits 8
no exec
transport input all
escape-character NONE
stopbits 1
flowcontrol hardware
line 0/322 0/345
session-timeout 7 output
no flush-at-activation
modem Dialin
modem autoconfigure discovery
exec-character-bits 8
special-character-bits 8
no exec
transport input all
escape-character NONE
autoselect ppp
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
password 7 104D000A0618
logging synchronous
exec-character-bits 8
special-character-bits 8
transport preferred none
transport input all
escape-character NONE
line vty 5 15
access-class 23 in
exec-timeout 0 0
privilege level 15
logging synchronous
exec-character-bits 8
special-character-bits 8
transport preferred none
transport input all
escape-character NONE
line vty 16 515
access-class 23 in
!
scheduler allocate 20000 1000
end