PLM 10.5.2 Installation

Download from Cisco
-CiscoPrimeLM_64bitLnx_10.5.2.10000-6.sgn.iso
-cucm_10.5_vmv8_v1.8.ova

Create dns entry for PLM (A and PTR record)
cucm 10.0.20.78

Prepare PLM bootable iso
https://nbctcp.wordpress.com/2015/07/30/converting-non-bootable-iso-to-bootable-iso/

Deploy cucm template
From ESXi console click menu File/Deploy OVF Template
open cucm_10.5_vmv8_v1.8.ova

click PLM vm/Edit Settings/
click Options/Advanced/Boot Options
We have 2 options there. Either increase “Power on Boot Delay: to 7000 or tick “Force BIOS Setup”
Power on PLM vm
connect Bootable_CiscoPrimeLM_64bitLnx_10.5.2.10000-6.sgn.iso

31-Jul 09.16.27

31-Jul 09.17.36

31-Jul 09.18.42

31-Jul 09.19.46

31-Jul 09.20.00

31-Jul 09.20.24

31-Jul 09.20.52

31-Jul 09.21.06

31-Jul 09.21.20

31-Jul 09.21.51

31-Jul 09.22.11

31-Jul 09.22.28

31-Jul 09.23.28

31-Jul 09.24.06

31-Jul 09.24.39

31-Jul 09.25.32

31-Jul 09.25.58

31-Jul 09.27.27

CUCM 10.5.2 Installation

Download from Cisco
-UCSInstall_UCOS_10.5.2.12901-1.sgn.iso
-cucm_10.5_vmv8_v1.8.ova

Create dns entry for cucm (A and PTR record)
cucm 10.0.20.77

Prepare CUCM bootable iso
https://nbctcp.wordpress.com/2015/07/30/converting-non-bootable-iso-to-bootable-iso/

Deploy cucm template
From ESXi console click menu File/Deploy OVF Template
open cucm_10.5_vmv8_v1.8.ova
NOTE:
Importing ova is the only way to make vmware tool running on CUCM vm.
Attaching CUCM vmdk to other vm will make vmware tools no running
Neither upgrading vm Virtual Hardware

click CUCM vm/Edit Settings/
click Options/Advanced/Boot Options
We have 2 options there. Either increase “Power on Boot Delay: to 7000 or tick “Force BIOS Setup”
Power on cucm vm
connect Bootable_UCSInstall_UCOS_10.5.2.12901-1.sgn.iso

29-Jul 12.53.31
click Skip
29-Jul 12.57.02
29-Jul 12.57.28
29-Jul 12.57.46
29-Jul 12.58.13
29-Jul 12.58.29
29-Jul 12.58.57
29-Jul 12.59.13
29-Jul 12.59.27
29-Jul 12.59.39
29-Jul 13.00.24
29-Jul 13.00.40
29-Jul 21.10.12
29-Jul 13.01.55
29-Jul 13.03.34
29-Jul 13.03.47
29-Jul 13.04.05
29-Jul 13.04.31
29-Jul 13.06.54
If you have smtp server then click Yes
29-Jul 13.07.20
29-Jul 13.07.54
29-Jul 13.08.19

Converting Non-Bootable iso to Bootable iso

SOURCE: http://htluo.blogspot.com/2010/04/how-to-make-non-bootable-iso-image.html

1. Download and install latest UltraISO from http://www.ezbsystems.com/ultraiso/download.htm
2. Download latest CUCM for example UCSInstall_UCOS_10.5.2.12901-1.sgn.iso from Cisco
3. Open UltraISO
click menu File/Open and open  UCSInstall_UCOS_10.5.2.12901-1.sgn.iso
extract /isolinux/isolinux.bin into desktop
click menu Bootable/Generate Bootinfotable
click menu Bootable/Load Boot File and open isolinux.bin in the desktop
click File/Save As/Bootable_UCSInstall_UCOS_10.5.2.12901-1.sgn.iso

Microsoft Windows 2012R2 CA and NPS Installation for Cisco vWLC

SERVER INFO:
AD1=AD+DNS+DHCP
IP 10.0.20.2
CA1=CA+NPS

IP 10.0.20.5

WLC
service ip 10.0.100.76
management ip 10.0.20.76

We are going to install CA+NPS in CA1 (not in AD1).
Reason:
a. You need to remove the CA services if you wanted to demote the Domain Controller

b. Not a requirement for Windows Server 2008 but back in the Windows 2003 Server days, the server you migrate the CA services to need to be the same name as the original so if your original CA server was DC01, the new one would also have to be DC01

1. run PowerShell as Administrator
>Import-Module ServerManager
>Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
>Add-WindowsFeature Web-Mgmt-Console
>Add-WindowsFeature Adcs-Web-Enrollment
>install-windowsfeature -name npas-policy-server -IncludeManagementTools
Reboot

2. configure AD CS
-Credentials
Credentials: DOMAIN\administrator
click Next
-Role Services
tick Certification Authority
tick Certification Authority Web Enrollment
click Next
-Setup Type
click Enterprise CA
click Next
-CA Type
click Root CA
click Next
-Private Key
click Create a new private key
click Next
-Cryptography
leave default
RSA 2048 SHA1
click Next
-CA Name
Common name for this CA: poc-CA1-CA
Distinguished name suffix: DC=poc,DC=com
Preview of distinguished name: CN=poc-CA1-CA,DC=poc,DC=com
click Next
-Validity Period
10 years
click Next
-Certificate Database
leave default
click Next
-Confirmation
leave default
click Configure
-Results

click Close

3. Create a WLC Certificate Template
-run Start/Programs/Administrative Tools/Certification Authority
-right click Server/Certificate Templates/Manage
-right click RAS and IAS Server/Duplicate Template
General:
Validity period 10 years
tick Publish certificate in Active Directory
Compatibility:
Certification Authority Windows Server 2012 R2
Certificate recipient Windows 8.1/Windows Server 2012 R2
Security:
click Authenticated Users
tick Read
tick Enroll

-right click Server/Certificate Templates/New/Certificate Template to Issue

choose WLC

4. Request a new certificate
-open CMD
>mmc
-click File Add/Remove Snap-in
click Certifictes
click Add
click Computer account
click Next
click Local computer
click Finish
click OK
-right click Certificates/Personal/Certificates/All Task/Request New Certificate
Before You Begin
click Next
Select Certificate Enrollment Policy
click Active Directory Enrollment Policy
click Next
Request Certificates
tick WLC
click Enroll

5. Export root certificate

-open CMD
>mmc
-click File Add/Remove Snap-in
click Certifictes
click Add
click Computer account
click Next
click Local computer
click Finish
click OK
-right click Certificates/Trusted Root Certification Authorities/Certificate/poc-CA1-CA-1/All Tasks/Export
Welcome to te Certificate Export Wizard
   click Next
Export File Format
   click DER encoded binary X.509
   click Next
File to Export
   click Next
Completing the Certificate Export Wizard
   click Finish
Send by email rootca.cer to user that has pc not join domain or IOS/Android user.

Ask them to open the cert to install into their device

6. Configure NPS
-run Start/Programs/Administrative Tools/Network Policy Server
-right click NPS (Local)/Register server in Active Directory

Image
-create a new Network Policy
Image
Image
Image
Image
Image

Image

7. Configure WLC
-open a browser and go to https://10.0.20.76
L: admin
P:

Image
Image
Image
Image

Image

8. Configure Client
-install rootca.cer from step 5
-now when you connect to NPS SSID. It will ask username and password.
type your AD username for example user1

vWLC Installation with AP AIR-LAP1242AG

-configure vWLC vm serial over telnet
2 ways to access vWLC:
1. by pressing any key when vWLC booted
2. configure serial over telnet in ESXi
-make sure your ESXi license either Evaluation or Enterprise
otherwise Serial over network won’t work
go to ESXi/Configuration/Software/Security Profile/Firewall Properties
tick VM serial port connected to vSPC
tick VM serial port connected over network

Image
If you want to telnet, telnet to ESXi host ip address
>telnet 10.0.100.200 3001

INFO:
-ESXi 5.5u2 IP: 10.0.100.200
-vWLC Service IP: 10.0.100.76
vWLC Management IP: 10.0.20.76
-AD+DNS+DHCP IP: 10.0.20.2

-CISCO AP subnet: 10.0.30.0/24

CISCO 3750:
-create dhcp relay in vlan 30
interface Vlan30
ip address 10.0.30.1 255.255.255.0
ip helper-address 10.0.20.2

AD:
-set dns for these records and PTR
CISCO-CAPWAP-CONTROLLER 10.0.20.76
CISCO-LWAPP-CONTROLLER 10.0.20.76
OPTIONAL:
-set dhcp option 43 for ip 10.0.20.76
Binary: 00f1040a00144c

-How AP discover Controller
1. LWAPP discovery broadcast on local subnet
2. Over-the-Air provisioning (OTAP)
3. Local stored controller IP address from prior successful join process
4. DHCP option 43
5. DNS resolution of CISCO-LWAPP-CONTROLLER

ESXi:
Check which vWLC supporting your AP
In my case since I am using 1242 AP. I can’t use vWLC 8.1 and must use 8.0
Download and install AIR-CTVM-K9-8-0-120-0.ova
Power on
When “Press any key to use this terminal as the default terminal” prompt appear, press ENTER
Would you like to terminate autoinstall? [yes]:
System Name (31 characters max): wlc
Enter Administrative User Name (24 characters max): admin
Enter Administrative Password (3 to 24 characters):
Re-enter Administrative Password:
Service Interface IP Address Configuration (static)(DHCP): static
Service Interface IP Address: 10.0.100.76
Service Interface Netmask: 255.255.255.0
Management Interface IP Address: 10.0.20.76
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.0.20.1
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num (1 to 1): 1
Management Interface DHCP Server IP Address: 10.0.20.2
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: WLC
Network Name (SSID): WLC
Configure DHCP Bridging Mode [yes][No]:
Allow Static IP Addresses [YES][no]:
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server
Enter Country Code list (enter ‘help’ for a list of countries)[US]:
Enable 802.11b Network [YES][no]:
Enable 802.11a Network [YES][no]:
Enable 802.11g Network [YES][no]:
Enable Auto-RF [YES][no]:
Configure a NTP server now? [YES][no]:
Enter the NTP server’s IP address: 10.0.20.2
Enter a polling interval between 3600 and 604800 secs: 3600
Would you like to configure IPv6 parameters[YES][no]: no

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

>show sysinfo

Manufacturer’s Name………………………… Cisco Systems Inc.
Product Name………………………………. Cisco Controller
Product Version……………………………. 8.0.120.0
RTOS Version………………………………. 8.0.120.0
Bootloader Version…………………………. 8.0.120.0
Emergency Image Version…………………….. 8.0.120.0
Build Type………………………………… DATA + WPS
System Name……………………………….. wlc
System Location…………………………….
System Contact……………………………..
System ObjectID……………………………. 1.3.6.1.4.1.9.1.1631
IP Address………………………………… 10.0.20.76
IPv6 Address………………………………. ::
System Up Time…………………………….. 0 days 0 hrs 3 mins 34 secs
System Timezone Location…………………….
System Stats Realtime Interval………………. 5
System Stats Normal Interval………………… 180
Configured Country…………………………. US  – United States
State of 802.11b Network……………………. Enabled
State of 802.11a Network……………………. Enabled
Number of WLANs……………………………. 1
Number of Active Clients……………………. 0
Burned-in MAC Address………………………. 00:0C:29:31:C8:E1
Maximum number of APs supported……………… 200
System Nas-Id……………………………… wlc
WLC MIC Certificate Types…………………… SHA1>show system interfaces

dtl0      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet addr:10.0.20.76  Bcast:10.0.20.255  Mask:255.255.255.0
dtl0:1    Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet addr:1.1.1.1  Bcast:1.1.1.1  Mask:255.255.255.255
eth0      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:D7
inet addr:10.0.100.76  Bcast:10.0.100.255  Mask:255.255.255.0
eth1      Link encap:Ethernet  HWaddr 00:0C:29:31:C8:E1
inet6 addr: fe80::20c:29ff:fe31:c8e1/64 Scope:Link
lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0>ping 10.0.0.1
Send count=3, Receive count=3 from 10.0.0.1

>show run-config
automatically convert unknown ap to flexconnect mode
>config ap autoconvert flexconnect
to reset to factory default, login using Recover-Config or
(Cisco Controller) > reset system
(Cisco Controller) > recover-config
to change management vlan id
>config wlan disable all
>config interface vlan management 0
to disabe http web gui and enable https web gui
>config network webmode disable
>config network secureweb enable
Now we can access web gui through service port 10.0.100.76 or management port 10.0.20.76
https://10.0.20.76
L: admin
P:Set Date and Time
-go to COMMAND
-click Set Date and Time
change date, time and time zone

Accept Self Signet Cert
-go to Security/AAA/AP Policies
-tick Accept Self Signed Certificate (SSC)

Enable management via wireless
-go to Management/Mgmt Via Wireless/
-tick Enable Controller Management to be accessible from Wireless Clients

Set log server
-go to Management/Logs/Config
set Syslog Server IP Address(Ipv4/Ipv6)

Set NTP Server
-go to Controller/NT/Server

Set user Interface
-go to Controller/Interfaces
create a new USER interface with VLAN 30

Configure LDAP Authentication
NOTE: This config is not secure because Security\LDAP\Secure Mode (TLS) is not enabled.
I don’t know yet how to configure it
Image

Image

Image

Enable DHCP proxy
If DHCP is different subnet than AP then enable DHCP Proxy
-go to Controller/Advances/DHCP
tick Enable DHCP ProxyEnable MAC Filtering if needed

Image
with Local or Radius MAC Filter

-go to Security/MAC Filering

Activate eval license
-go to MANAGEMENT/Software Activation/Licenses
-change Priority from Low to High
click Set Priority
accept EULA

Reboot vWLC
-go to COMMAND
-click Reboot

Expanding root disk

1. increase vm disk from ESXi console from 20GB to 100GB

2. login as root
# fdisk -l
Disk /dev/sda: 107.4 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders, total 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000462f5
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048      499711      248832   83  Linux
/dev/sda2          499712    41943039    20721664   8e  Linux LVM
-We can see that current disk size is 107.4GB
Disk /dev/sda: 107.4 GB, 107374182400 bytes
But currently we use only
Disk /dev/mapper/rootvg-rootvol: 18.1 GB, 18144559104 bytes
+
Disk /dev/mapper/rootvg-swapvol: 1023 MB, 1023410176 bytes
# df -h
Filesystem                  Size  Used Avail Use% Mounted on
/dev/mapper/rootvg-rootvol   17G  3.1G   13G  20% /
none                        4.0K     0  4.0K   0% /sys/fs/cgroup
udev                        3.9G  4.0K  3.9G   1% /dev
tmpfs                       798M  3.0M  795M   1% /run
none                        5.0M     0  5.0M   0% /run/lock
none                        3.9G     0  3.9G   0% /run/shm
none                        100M     0  100M   0% /run/user
/dev/sda1                   232M   42M  175M  20% /boot
# fdisk /dev/sda
Command (m for help): m
Command action
a   toggle a bootable flag
b   edit bsd disklabel
c   toggle the dos compatibility flag
d   delete a partition
l   list known partition types
m   print this menu
n   add a new partition
o   create a new empty DOS partition table
p   print the partition table
q   quit without saving changes
s   create a new empty Sun disklabel
t   change a partition’s system id
u   change display/entry units
v   verify the partition table
w   write table to disk and exit
x   extra functionality (experts only)

Command (m for help): n
Partition type:
p   primary (2 primary, 0 extended, 2 free)
e   extended
Select (default p): p
Partition number (1-4, default 3):
Using default value 3
First sector (41943040-209715199, default 41943040):
Using default value 41943040
Last sector, +sectors or +size{K,M,G} (41943040-209715199, default 209715199):
Using default value 209715199

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): 8e
Changed system type of partition 3 to 8e (Linux LVM)

Command (m for help): w
The partition table has been altered!

# reboot
# pvcreate /dev/sda3
Physical volume “/dev/sda3″ successfully created

# vgdisplay
— Volume group —
VG Name               rootvg
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No  5
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               19.76 GiB
PE Size               4.00 MiB
Total PE              5058
Alloc PE / Size       4570 / 17.85 GiB
Free  PE / Size       488 / 1.91 GiB
VG UUID               rD0jFD-GNsT-3ikl-Zfpy-hqy4-cz7W-GF9PeU

# vgextend rootvg /dev/sda3
Volume group “rootvg” successfully extended

# pvscan
PV /dev/sda2   VG rootvg   lvm2 [19.76 GiB / 1.91 GiB free]
PV /dev/sda3   VG rootvg   lvm2 [80.00 GiB / 80.00 GiB free]
Total: 2 [99.75 GiB] / in use: 2 [99.75 GiB] / in no VG: 0 [0   ]

# lvdisplay
— Logical volume —
LV Path                /dev/rootvg/rootvol
LV Name                rootvol
VG Name                rootvg
LV UUID                VjDqgV-ZlwK-H9J7-4gJo-OJBR-cXNH-kK0F7D
LV Write Access        read/write
LV Creation host, time unl01, 2014-10-03 06:34:04 +0000
LV Status              available
# open                 1
LV Size                16.90 GiB
Current LE             4326
Segments               2
Allocation             inherit
Read ahead sectors     auto
– currently set to     256
Block device           252:0

— Logical volume —
LV Path                /dev/rootvg/swapvol
LV Name                swapvol
VG Name                rootvg
LV UUID                U6SI57-45kI-wM4c-E0eq-yu3y-8eLI-dzJMjb
LV Write Access        read/write
LV Creation host, time unl01, 2014-10-03 06:34:22 +0000
LV Status              available
# open                 2
LV Size                976.00 MiB
Current LE             244
Segments               1
Allocation             inherit
Read ahead sectors     auto
– currently set to     256
Block device           252:1

# lvextend /dev/rootvg/rootvol /dev/sda3
Extending logical volume rootvol to 96.89 GiB
Logical volume rootvol successfully resized

# resize2fs /dev/rootvg/rootvol
resize2fs 1.42.9 (4-Feb-2014)
Filesystem at /dev/rootvg/rootvol is mounted on /; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 7
The filesystem on /dev/rootvg/rootvol is now 25400320 blocks long.

# df -h
Filesystem                  Size  Used Avail Use% Mounted on
/dev/mapper/rootvg-rootvol   96G  3.1G   89G   4% /
none                        4.0K     0  4.0K   0% /sys/fs/cgroup
udev                        3.9G  4.0K  3.9G   1% /dev
tmpfs                       798M  3.0M  795M   1% /run
none                        5.0M     0  5.0M   0% /run/lock
none                        3.9G     0  3.9G   0% /run/shm
none                        100M     0  100M   0% /run/user
/dev/sda1                   232M   42M  175M  20% /boot

Site-to-Site IPsec VPN Cisco Router to FortiGate

Image

SOURCE: http://blog.webernetz.net/2015/02/02/ipsec-site-to-site-vpn-fortigate-cisco-router/

ROUTER1
# sh run
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname RTR2811a
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M10.bin
warm-reboot count 10 uptime 7
boot-end-marker
aaa new-model
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 10.0.31.201 10.0.31.254
ip dhcp excluded-address 10.0.31.1 10.0.31.100
ip dhcp pool pool10.0.31.0
network 10.0.31.0 255.255.255.0
default-router 10.0.31.1
dns-server 8.8.8.8 8.8.4.4
no ip domain lookup
ip domain name nbctcp.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
multilink bundle-name authenticated
redundancy
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key P@ssw0rd address 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac
crypto ipsec profile 3DESMD5
set transform-set TS
set pfs group2
!
interface Tunnel1
ip unnumbered FastEthernet0/0.206
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.207
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel2
ip unnumbered FastEthernet0/0.221
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.221
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel3
ip unnumbered FastEthernet0/0.224
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.224
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel4
ip unnumbered FastEthernet0/0.226
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.226
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel5
ip unnumbered FastEthernet0/0.228
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.228
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel6
ip unnumbered FastEthernet0/0.230
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.230
tunnel protection ipsec profile 3DESMD5
!
interface Tunnel7
ip unnumbered FastEthernet0/0.232
tunnel source 10.0.10.206
tunnel mode ipsec ipv4
tunnel destination 10.0.10.232
tunnel protection ipsec profile 3DESMD5
!
interface FastEthernet0/0
ip address 10.0.10.206 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.31.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.10.1
ip route 10.0.41.0 255.255.255.0 Tunnel1
ip route 10.0.42.0 255.255.255.0 Tunnel2
ip route 10.0.43.0 255.255.255.0 Tunnel3
ip route 10.0.44.0 255.255.255.0 Tunnel4
ip route 10.0.45.0 255.255.255.0 Tunnel5
ip route 10.0.46.0 255.255.255.0 Tunnel6
ip route 10.0.47.0 255.255.255.0 Tunnel7
access-list 101 permit ip 10.0.31.0 0.0.0.255 any
!
control-plane
mgcp fax t38 ecm
mgcp profile default
line con 0
line aux 0
line vty 0 4
transport input all
line vty 5 15
transport input ssh
scheduler allocate 20000 1000
end

– refresh routing table if needed
# clear ip route *

FORTIGATE2
-create objects
Image

-create a vpn tunnel
Image

Image

Image

-create Policy/IPv4
Image
-create a static route
Image
-Back to Cisco1
make sure after 5min, 10.0.44.0 through Tunnel4 is appear
# clear ip route *
# sh ip route
S*    0.0.0.0/0 [1/0] via 10.0.10.1
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C        10.0.10.0/24 is directly connected, FastEthernet0/0
L        10.0.10.206/32 is directly connected, FastEthernet0/0
C        10.0.31.0/24 is directly connected, FastEthernet0/1
L        10.0.31.1/32 is directly connected, FastEthernet0/1
S        10.0.41.0/24 is directly connected, Tunnel1
S        10.0.43.0/24 is directly connected, Tunnel3
S        10.0.44.0/24 is directly connected, Tunnel4
S        10.0.47.0/24 is directly connected, Tunnel7

You can try ping from PC1 to PC2 now