IPSEC VTI won't route

Hi everyone,

Just trying to lab a simple IPSEC VTI tunnel in GNS3.  The tunnel is up, but it just won't route.  In an attempt to simplify, I even took out simple EIGRP and put in static routing, and it still won't route across the tunnel.  I can't figure it out.  Please help.

I have the source and destination interfaces on a point to point ethernet connection - between routers 2 and 3 - 23.0.0.0/24 with .2 on one side, .3 on the other side.  The tunnel interfaces are 69.69.69.0/24 with .2 and .3.

 

R2#

R2#sh run | s ip route|isakmp|ipsec|interface

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco address 0.0.0.0        

crypto isakmp keepalive 10 3 periodic

crypto ipsec transform-set TSET esp-3des esp-md5-hmac 

 mode tunnel

crypto ipsec profile CRYPTO

 description VPN_SITE_TO_SITE

 set transform-set TSET 

 set pfs group2

interface Tunnel1

 description VPN_TO_PKX

 ip address 69.69.69.2 255.255.255.0

 tunnel source 23.0.0.2

 tunnel mode ipsec ipv4

 tunnel destination 23.0.0.3

 tunnel bandwidth transmit 25000

 tunnel bandwidth receive 25000

 tunnel protection ipsec profile CRYPTO

interface FastEthernet0/0

 ip address 23.0.0.2 255.255.255.0

 speed auto

 duplex auto

interface FastEthernet0/1

 ip address 10.0.0.2 255.255.255.0

 speed auto

 duplex auto

interface FastEthernet1/0

 no ip address

 shutdown

 speed auto

 duplex auto

interface FastEthernet1/1

 no ip address

 shutdown

 speed auto

 duplex auto

ip route 10.0.0.0 255.255.0.0 10.0.0.1 name INSIDE

ip route 10.1.0.0 255.255.0.0 69.69.69.3 name TUNNEL

alias exec sir show ip route

R2# 

 

R2#

R2#sh crypto ses

R2#sh crypto session 

Crypto session current status

 

Interface: Tunnel1

Session status: UP-ACTIVE     

Peer: 23.0.0.3 port 500 

  IKEv1 SA: local 23.0.0.2/500 remote 23.0.0.3/500 Active 

  IKEv1 SA: local 23.0.0.2/500 remote 23.0.0.3/500 Active 

  IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 

        Active SAs: 2, origin: crypto map

 

R2#sh crypto isakmp sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

23.0.0.2        23.0.0.3        QM_IDLE           1001 ACTIVE

23.0.0.3        23.0.0.2        QM_IDLE           1002 ACTIVE

 

IPv6 Crypto ISAKMP SA

 

R2#sh crypto ipsec sa

 

interface: Tunnel1

    Crypto map tag: Tunnel1-head-0, local addr 23.0.0.2

 

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   current_peer 23.0.0.3 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 1484, #pkts encrypt: 1484, #pkts digest: 1484

    #pkts decaps: 1333, #pkts decrypt: 1333, #pkts verify: 1333

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

 

     local crypto endpt.: 23.0.0.2, remote crypto endpt.: 23.0.0.3

     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0

     current outbound spi: 0x7B5CB5EE(2069673454)

     PFS (Y/N): Y, DH group: group2

 

     inbound esp sas:

      spi: 0xFAFF5987(4211038599)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 9, flow_id: 9, sibling_flags 80000040, crypto map: Tunnel1-head-0

        sa timing: remaining key lifetime (k/sec): (4300118/2524)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE(ACTIVE)

 

     inbound ah sas:

 

     inbound pcp sas:

 

     outbound esp sas:

      spi: 0x7B5CB5EE(2069673454)

        transform: esp-3des esp-md5-hmac ,

        in use settings ={Tunnel, }

        conn id: 10, flow_id: 10, sibling_flags 80000040, crypto map: Tunnel1-head-0

        sa timing: remaining key lifetime (k/sec): (4300115/2524)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE(ACTIVE)

 

     outbound ah sas:

 

     outbound pcp sas:

R2# 

 

R2#

R2#sh ip int brief | ex unas

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        23.0.0.2        YES manual up                    up      

FastEthernet0/1        10.0.0.2        YES manual up                    up      

Tunnel1                69.69.69.2      YES manual up                    up      

 

R2#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1              127   ca01.43fc.0008  ARPA   FastEthernet0/1

Internet  10.0.0.2                -   ca02.44ac.0006  ARPA   FastEthernet0/1

Internet  23.0.0.2                -   ca02.44ac.0008  ARPA   FastEthernet0/0

Internet  23.0.0.3              138   ca03.435c.0008  ARPA   FastEthernet0/0

R2#

R2#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

 

Gateway of last resort is not set

 

      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

S        10.0.0.0/16 [1/0] via 10.0.0.1

C        10.0.0.0/24 is directly connected, FastEthernet0/1

L        10.0.0.2/32 is directly connected, FastEthernet0/1

S        10.1.0.0/16 [1/0] via 69.69.69.3

      23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        23.0.0.0/24 is directly connected, FastEthernet0/0

L        23.0.0.2/32 is directly connected, FastEthernet0/0

      69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        69.69.69.0/24 is directly connected, Tunnel1

L        69.69.69.2/32 is directly connected, Tunnel1

R2# 

R2#sh ip cef

Prefix               Next Hop             Interface

0.0.0.0/0            no route

0.0.0.0/8            drop

0.0.0.0/32           receive              

10.0.0.0/16          10.0.0.1             FastEthernet0/1

10.0.0.0/24          attached             FastEthernet0/1

10.0.0.0/32          receive              FastEthernet0/1

10.0.0.1/32          attached             FastEthernet0/1

10.0.0.2/32          receive              FastEthernet0/1

10.0.0.255/32        receive              FastEthernet0/1

10.1.0.0/16          69.69.69.3           Tunnel1

23.0.0.0/24          attached             FastEthernet0/0

23.0.0.0/32          receive              FastEthernet0/0

23.0.0.2/32          receive              FastEthernet0/0

23.0.0.3/32          attached             FastEthernet0/0

23.0.0.255/32        receive              FastEthernet0/0

69.69.69.0/24        attached             Tunnel1

69.69.69.0/32        receive              Tunnel1

69.69.69.2/32        receive              Tunnel1

69.69.69.3/32        69.69.69.3           Tunnel1

69.69.69.255/32      receive              Tunnel1

127.0.0.0/8          drop

Prefix               Next Hop             Interface

224.0.0.0/4          drop

224.0.0.0/24         receive              

240.0.0.0/4          drop

255.255.255.255/32   receive              

R2#

 

 

 

========================================================================

R3#

R3#sh run | s ip route|isakmp|ipsec|interface

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco address 0.0.0.0        

crypto isakmp keepalive 10 3 periodic

crypto ipsec transform-set TSET esp-3des esp-md5-hmac 

 mode tunnel

crypto ipsec profile CRYPTO

 description VPN_SITE_TO_SITE

 set transform-set TSET 

 set pfs group2

interface Tunnel1

 description VPN_TO_PKX

 ip address 69.69.69.3 255.255.255.0

 tunnel source 23.0.0.3

 tunnel mode ipsec ipv4

 tunnel destination 23.0.0.2

 tunnel bandwidth transmit 25000

 tunnel bandwidth receive 25000

 tunnel protection ipsec profile CRYPTO

interface FastEthernet0/0

 ip address 23.0.0.3 255.255.255.0

 speed auto

 duplex auto

interface FastEthernet0/1

 ip address 10.1.1.3 255.255.255.0

 speed auto

 duplex auto

interface FastEthernet1/0

 no ip address

 shutdown

 speed auto

 duplex auto

interface FastEthernet1/1

 no ip address

 shutdown

 speed auto

 duplex auto

ip route 10.0.0.0 255.255.0.0 69.69.69.2 name TUNNEL

ip route 10.1.0.0 255.255.0.0 10.1.1.4 name INSIDE

alias exec sir show ip route

R3# 

 

 

R3#

R3#sh ip int brief | ex unas

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        23.0.0.3        YES manual up                    up      

FastEthernet0/1        10.1.1.3        YES manual up                    up      

Tunnel1                69.69.69.3      YES manual up                    up      

 

 

R3#sh ip arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.1.1.3                -   ca03.435c.0006  ARPA   FastEthernet0/1

Internet  10.1.1.4              112   ca04.49c8.0008  ARPA   FastEthernet0/1

Internet  23.0.0.2              139   ca02.44ac.0008  ARPA   FastEthernet0/0

Internet  23.0.0.3                -   ca03.435c.0008  ARPA   FastEthernet0/0

R3#

R3#sh ip cef

Prefix               Next Hop             Interface

0.0.0.0/0            no route

0.0.0.0/8            drop

0.0.0.0/32           receive              

10.0.0.0/16          69.69.69.2           Tunnel1

10.1.0.0/16          10.1.1.4             FastEthernet0/1

10.1.1.0/24          attached             FastEthernet0/1

10.1.1.0/32          receive              FastEthernet0/1

10.1.1.3/32          receive              FastEthernet0/1

10.1.1.4/32          attached             FastEthernet0/1

10.1.1.255/32        receive              FastEthernet0/1

23.0.0.0/24          attached             FastEthernet0/0

23.0.0.0/32          receive              FastEthernet0/0

23.0.0.2/32          attached             FastEthernet0/0

23.0.0.3/32          receive              FastEthernet0/0

23.0.0.255/32        receive              FastEthernet0/0

69.69.69.0/24        attached             Tunnel1

69.69.69.0/32        receive              Tunnel1

69.69.69.2/32        69.69.69.2           Tunnel1

69.69.69.3/32        receive              Tunnel1

69.69.69.255/32      receive              Tunnel1

127.0.0.0/8          drop

Prefix               Next Hop             Interface

224.0.0.0/4          drop

224.0.0.0/24         receive              

240.0.0.0/4          drop

255.255.255.255/32   receive              

R3# 

 

 

Comments

  • On a quick look your config looks good, also I see encrypted and decrypted packets on the tunnel do traffic is flowing and being routed through the tunnel. It may be a gns issue, try reload.

    Sent from my iPhone

    On Jun 9, 2015, at 03:17, Pseudocyber <[email protected]> wrote:

    Hi everyone,

    Just trying to lab a simple IPSEC VTI tunnel in GNS3.  The tunnel is up, but it just won't route.  In an attempt to simplify, I even took out simple EIGRP and put in static routing, and it still won't route across the tunnel.  I can't figure it out.  Please help.

    I have the source and destination interfaces on a point to point ethernet connection - between routers 2 and 3 - 23.0.0.0/24 with .2 on one side, .3 on the other side.  The tunnel interfaces are 69.69.69.0/24 with .2 and .3.

     

    R2#

    R2#sh run | s ip route|isakmp|ipsec|interface

    crypto isakmp policy 1

     encr 3des

     authentication pre-share

     group 2

    crypto isakmp key cisco address 0.0.0.0        

    crypto isakmp keepalive 10 3 periodic

    crypto ipsec transform-set TSET esp-3des esp-md5-hmac 

     mode tunnel

    crypto ipsec profile CRYPTO

     description VPN_SITE_TO_SITE

     set transform-set TSET 

     set pfs group2

    interface Tunnel1

     description VPN_TO_PKX

     ip address 69.69.69.2 255.255.255.0

     tunnel source 23.0.0.2

     tunnel mode ipsec ipv4

     tunnel destination 23.0.0.3

     tunnel bandwidth transmit 25000

     tunnel bandwidth receive 25000

     tunnel protection ipsec profile CRYPTO

    interface FastEthernet0/0

     ip address 23.0.0.2 255.255.255.0

     speed auto

     duplex auto

    interface FastEthernet0/1

     ip address 10.0.0.2 255.255.255.0

     speed auto

     duplex auto

    interface FastEthernet1/0

     no ip address

     shutdown

     speed auto

     duplex auto

    interface FastEthernet1/1

     no ip address

     shutdown

     speed auto

     duplex auto

    ip route 10.0.0.0 255.255.0.0 10.0.0.1 name INSIDE

    ip route 10.1.0.0 255.255.0.0 69.69.69.3 name TUNNEL

    alias exec sir show ip route

    R2# 

     

    R2#

    R2#sh crypto ses

    R2#sh crypto session 

    Crypto session current status

     

    Interface: Tunnel1

    Session status: UP-ACTIVE     

    Peer: 23.0.0.3 port 500 

      IKEv1 SA: local 23.0.0.2/500 remote 23.0.0.3/500 Active 

      IKEv1 SA: local 23.0.0.2/500 remote 23.0.0.3/500 Active 

      IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 

            Active SAs: 2, origin: crypto map

     

    R2#sh crypto isakmp sa

    IPv4 Crypto ISAKMP SA

    dst             src             state          conn-id status

    23.0.0.2        23.0.0.3        QM_IDLE           1001 ACTIVE

    23.0.0.3        23.0.0.2        QM_IDLE           1002 ACTIVE

     

    IPv6 Crypto ISAKMP SA

     

    R2#sh crypto ipsec sa

     

    interface: Tunnel1

        Crypto map tag: Tunnel1-head-0, local addr 23.0.0.2

     

       protected vrf: (none)

       local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

       remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

       current_peer 23.0.0.3 port 500

         PERMIT, flags={origin_is_acl,}

        #pkts encaps: 1484, #pkts encrypt: 1484, #pkts digest: 1484

        #pkts decaps: 1333, #pkts decrypt: 1333, #pkts verify: 1333

        #pkts compressed: 0, #pkts decompressed: 0

        #pkts not compressed: 0, #pkts compr. failed: 0

        #pkts not decompressed: 0, #pkts decompress failed: 0

        #send errors 0, #recv errors 0

     

         local crypto endpt.: 23.0.0.2, remote crypto endpt.: 23.0.0.3

         path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0

         current outbound spi: 0x7B5CB5EE(2069673454)

         PFS (Y/N): Y, DH group: group2

     

         inbound esp sas:

          spi: 0xFAFF5987(4211038599)

            transform: esp-3des esp-md5-hmac ,

            in use settings ={Tunnel, }

            conn id: 9, flow_id: 9, sibling_flags 80000040, crypto map: Tunnel1-head-0

            sa timing: remaining key lifetime (k/sec): (4300118/2524)

            IV size: 8 bytes

            replay detection support: Y

            Status: ACTIVE(ACTIVE)

     

         inbound ah sas:

     

         inbound pcp sas:

     

         outbound esp sas:

          spi: 0x7B5CB5EE(2069673454)

            transform: esp-3des esp-md5-hmac ,

            in use settings ={Tunnel, }

            conn id: 10, flow_id: 10, sibling_flags 80000040, crypto map: Tunnel1-head-0

            sa timing: remaining key lifetime (k/sec): (4300115/2524)

            IV size: 8 bytes

            replay detection support: Y

            Status: ACTIVE(ACTIVE)

     

         outbound ah sas:

     

         outbound pcp sas:

    R2# 

     

    R2#

    R2#sh ip int brief | ex unas

    Interface              IP-Address      OK? Method Status                Protocol

    FastEthernet0/0        23.0.0.2        YES manual up                    up      

    FastEthernet0/1        10.0.0.2        YES manual up                    up      

    Tunnel1                69.69.69.2      YES manual up                    up      

     

    R2#sh ip arp

    Protocol  Address          Age (min)  Hardware Addr   Type   Interface

    Internet  10.0.0.1              127   ca01.43fc.0008  ARPA   FastEthernet0/1

    Internet  10.0.0.2                -   ca02.44ac.0006  ARPA   FastEthernet0/1

    Internet  23.0.0.2                -   ca02.44ac.0008  ARPA   FastEthernet0/0

    Internet  23.0.0.3              138   ca03.435c.0008  ARPA   FastEthernet0/0

    R2#

    R2#sh ip route

    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

           E1 - OSPF external type 1, E2 - OSPF external type 2

           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

           ia - IS-IS inter area, * - candidate default, U - per-user static route

           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

           + - replicated route, % - next hop override

     

    Gateway of last resort is not set

     

          10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks

    S        10.0.0.0/16 [1/0] via 10.0.0.1

    C        10.0.0.0/24 is directly connected, FastEthernet0/1

    L        10.0.0.2/32 is directly connected, FastEthernet0/1

    S        10.1.0.0/16 [1/0] via 69.69.69.3

          23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

    C        23.0.0.0/24 is directly connected, FastEthernet0/0

    L        23.0.0.2/32 is directly connected, FastEthernet0/0

          69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

    C        69.69.69.0/24 is directly connected, Tunnel1

    L        69.69.69.2/32 is directly connected, Tunnel1

    R2# 

    R2#sh ip cef

    Prefix               Next Hop             Interface

    0.0.0.0/0            no route

    0.0.0.0/8            drop

    0.0.0.0/32           receive              

    10.0.0.0/16          10.0.0.1             FastEthernet0/1

    10.0.0.0/24          attached             FastEthernet0/1

    10.0.0.0/32          receive              FastEthernet0/1

    10.0.0.1/32          attached             FastEthernet0/1

    10.0.0.2/32          receive              FastEthernet0/1

    10.0.0.255/32        receive              FastEthernet0/1

    10.1.0.0/16          69.69.69.3           Tunnel1

    23.0.0.0/24          attached             FastEthernet0/0

    23.0.0.0/32          receive              FastEthernet0/0

    23.0.0.2/32          receive              FastEthernet0/0

    23.0.0.3/32          attached             FastEthernet0/0

    23.0.0.255/32        receive              FastEthernet0/0

    69.69.69.0/24        attached             Tunnel1

    69.69.69.0/32        receive              Tunnel1

    69.69.69.2/32        receive              Tunnel1

    69.69.69.3/32        69.69.69.3           Tunnel1

    69.69.69.255/32      receive              Tunnel1

    127.0.0.0/8          drop

    Prefix               Next Hop             Interface

    224.0.0.0/4          drop

    224.0.0.0/24         receive              

    240.0.0.0/4          drop

    255.255.255.255/32   receive              

    R2#

     

     

     

    ========================================================================

    R3#

    R3#sh run | s ip route|isakmp|ipsec|interface

    crypto isakmp policy 1

     encr 3des

     authentication pre-share

     group 2

    crypto isakmp key cisco address 0.0.0.0        

    crypto isakmp keepalive 10 3 periodic

    crypto ipsec transform-set TSET esp-3des esp-md5-hmac 

     mode tunnel

    crypto ipsec profile CRYPTO

     description VPN_SITE_TO_SITE

     set transform-set TSET 

     set pfs group2

    interface Tunnel1

     description VPN_TO_PKX

     ip address 69.69.69.3 255.255.255.0

     tunnel source 23.0.0.3

     tunnel mode ipsec ipv4

     tunnel destination 23.0.0.2

     tunnel bandwidth transmit 25000

     tunnel bandwidth receive 25000

     tunnel protection ipsec profile CRYPTO

    interface FastEthernet0/0

     ip address 23.0.0.3 255.255.255.0

     speed auto

     duplex auto

    interface FastEthernet0/1

     ip address 10.1.1.3 255.255.255.0

     speed auto

     duplex auto

    interface FastEthernet1/0

     no ip address

     shutdown

     speed auto

     duplex auto

    interface FastEthernet1/1

     no ip address

     shutdown

     speed auto

     duplex auto

    ip route 10.0.0.0 255.255.0.0 69.69.69.2 name TUNNEL

    ip route 10.1.0.0 255.255.0.0 10.1.1.4 name INSIDE

    alias exec sir show ip route

    R3# 

     

     

    R3#

    R3#sh ip int brief | ex unas

    Interface              IP-Address      OK? Method Status                Protocol

    FastEthernet0/0        23.0.0.3        YES manual up                    up      

    FastEthernet0/1        10.1.1.3        YES manual up                    up      

    Tunnel1                69.69.69.3      YES manual up                    up      

     

     

    R3#sh ip arp

    Protocol  Address          Age (min)  Hardware Addr   Type   Interface

    Internet  10.1.1.3                -   ca03.435c.0006  ARPA   FastEthernet0/1

    Internet  10.1.1.4              112   ca04.49c8.0008  ARPA   FastEthernet0/1

    Internet  23.0.0.2              139   ca02.44ac.0008  ARPA   FastEthernet0/0

    Internet  23.0.0.3                -   ca03.435c.0008  ARPA   FastEthernet0/0

    R3#

    R3#sh ip cef

    Prefix               Next Hop             Interface

    0.0.0.0/0            no route

    0.0.0.0/8            drop

    0.0.0.0/32           receive              

    10.0.0.0/16          69.69.69.2           Tunnel1

    10.1.0.0/16          10.1.1.4             FastEthernet0/1

    10.1.1.0/24          attached             FastEthernet0/1

    10.1.1.0/32          receive              FastEthernet0/1

    10.1.1.3/32          receive              FastEthernet0/1

    10.1.1.4/32          attached             FastEthernet0/1

    10.1.1.255/32        receive              FastEthernet0/1

    23.0.0.0/24          attached             FastEthernet0/0

    23.0.0.0/32          receive              FastEthernet0/0

    23.0.0.2/32          attached             FastEthernet0/0

    23.0.0.3/32          receive              FastEthernet0/0

    23.0.0.255/32        receive              FastEthernet0/0

    69.69.69.0/24        attached             Tunnel1

    69.69.69.0/32        receive              Tunnel1

    69.69.69.2/32        69.69.69.2           Tunnel1

    69.69.69.3/32        receive              Tunnel1

    69.69.69.255/32      receive              Tunnel1

    127.0.0.0/8          drop

    Prefix               Next Hop             Interface

    224.0.0.0/4          drop

    224.0.0.0/24         receive              

    240.0.0.0/4          drop

    255.255.255.255/32   receive              

    R3# 

     

     




    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sign In or Register to comment.