I have an issue that I hope someone can help with.
I have a 3448 that I use as a VPN concentrator for my remote offices. While reviewing the configuration I have found that I have multiple entries for the same tunnel.
I am not sure if tis is causing any performance delays, but it certainly is causing extra work in keeping the configuration in check.
The device is waiting on a maintenance window to be rebooted... not coming soon enough for me.
ADTRAN, Inc. OS version 18.02.03.00.E
Mainline Version: ENM.11.003
Checksum: 9FC93B8A
Built on: Fri Nov 11 15:58:48 2011
Upgrade key: xxxxxxxxxxxxxxxxxxxxxxx
Boot ROM version 13.03.00.SB
Checksum: 70C3
Built on: Fri Nov 10 08:04:44 2006
Copyright (c) 1999-2011, ADTRAN, Inc.
Platform: NetVanta 3448, part number 1200821E1, CLEI code is DDC3RNDCAA
Serial number LBADTNxxxxxxxxxxxx
Flash: 33554432 bytes DRAM: 134217727 bytes
MW3448-FW uptime is 1 years, 44 weeks, 4 days, 19 hours, 6 minutes, 5 seconds
System returned to ROM by Soft Reset
Current system image file is "NV3448A-18-02-03-00-E.biz"
Primary boot system image file is "NV3448A-R11-2-0-E.biz"
Backup boot system image file is "NV3448A-18-02-03-00-E.biz"
Primary system configuration file is "startup-config"
Entry 87 - allow list VPN-130-vpn-selectors1 stateless
Entry 88 - allow list VPN-120-vpn-selectors stateless
Entry 89 - allow list VPN-110-vpn-selectors stateless
Entry 90 - allow list VPN-90-vpn-selectors stateless
Entry 91 - allow list VPN-60-vpn-selectors stateless
Entry 92 - allow list VPN-50-vpn-selectors stateless
Entry 93 - allow list VPN-20-vpn-selectors stateless
Entry 94 - allow list VPN-160-vpn-selectors stateless
Entry 95 - allow list VPN-130-vpn-selectors1 stateless
Entry 96 - allow list VPN-120-vpn-selectors stateless
Entry 97 - allow list VPN-110-vpn-selectors stateless
Entry 98 - allow list VPN-90-vpn-selectors stateless
Entry 99 - allow list VPN-60-vpn-selectors stateless
Entry 100 - allow list VPN-50-vpn-selectors stateless
Entry 101 - allow list VPN-20-vpn-selectors stateless
Entry 102 - allow list VPN-130-vpn-selectors1 stateless
Entry 103 - allow list VPN-120-vpn-selectors stateless
Entry 104 - allow list VPN-110-vpn-selectors stateless
Entry 105 - allow list VPN-90-vpn-selectors stateless
Entry 106 - allow list VPN-60-vpn-selectors stateless
Entry 107 - allow list VPN-50-vpn-selectors stateless
Entry 108 - allow list VPN-20-vpn-selectors stateless
Entry 109 - allow list VPN-160-vpn-selectors stateless
Entry 110 - allow list VPN-130-vpn-selectors1 stateless
Entry 111 - allow list VPN-120-vpn-selectors stateless
Entry 112 - allow list VPN-110-vpn-selectors stateless
Entry 113 - allow list VPN-90-vpn-selectors stateless
Entry 114 - allow list VPN-60-vpn-selectors stateless
Entry 115 - allow list VPN-50-vpn-selectors stateless
Entry 116 - allow list VPN-20-vpn-selectors stateless
Entry 117 - allow list VPN-130-vpn-selectors1 stateless
Entry 118 - allow list VPN-120-vpn-selectors stateless
Entry 119 - allow list VPN-110-vpn-selectors stateless
Entry 120 - allow list VPN-90-vpn-selectors stateless
Entry 121 - allow list VPN-60-vpn-selectors stateless
Entry 122 - allow list VPN-50-vpn-selectors stateless
Larry:
Thank you for asking this question in the support community forum. It looks like these entries may have been added through the web interface. I would recommend deleting the duplicate entries through the command line interface, as well as upgrading your firmware to the current recommended maintenance release, which is indicated on the firmware downloads page (at the time of this post it is R10.9.4.).
As you mentioned, the configuration is cumbersome, but functionality is not affected because in access-control lists, the first match is used; therefore, in this configuration, none of the duplicates will ever be used.
Please, let me know if you have any questions, I will be happy to help in any way I can.
Levi
Larry:
Thank you for asking this question in the support community forum. It looks like these entries may have been added through the web interface. I would recommend deleting the duplicate entries through the command line interface, as well as upgrading your firmware to the current recommended maintenance release, which is indicated on the firmware downloads page (at the time of this post it is R10.9.4.).
As you mentioned, the configuration is cumbersome, but functionality is not affected because in access-control lists, the first match is used; therefore, in this configuration, none of the duplicates will ever be used.
Please, let me know if you have any questions, I will be happy to help in any way I can.
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi