why does cisco887 get reloaded?

Unanswered Question
Jul 24th, 2013
User Badges:

Hi guys,


I have a router  Cisco 887

c870-advsecurityk9-mz.124-15.XY3.bin


When I am connecting to the router using Cisco VPN client and trying to ping any host from private range 192.168.0.0/24 except the cisco's ip address 192.168.0.254 the router gets reloaded after the first ping.


It all worked before and this started happening at some point though I did not make any changes in configuration.

Can you help me what might be the problem?


Here is my config:


thanks guys!


Building configuration...



Current configuration : 10632 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login vpn_xauth local

aaa authentication login sslvpn local

aaa authorization network vpn_group local

!

!

aaa session-id common

!

!

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes 256

hash md5

authentication pre-share

group 2

!

crypto isakmp client configuration group ciscogroup

key ciscogroup

pool VPN-Pool

acl 196

max-users 5

crypto isakmp profile vpn-ike-profile-1

   match identity group ciscogroup

   client authentication list vpn_xauth

   isakmp authorization list vpn_group

   client configuration address respond

   virtual-template 2

!

!

crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac

!

crypto ipsec profile VPN-Profile-1

set transform-set encrypt-method-1

!

!

!

crypto pki trustpoint TP-self-signed-2379352192

enrollment selfsigned

ip-address cef

subject-name cn=IOS-Self-Signed-Certificate-2379352192

revocation-check none

rsakeypair TP-self-signed-2379352192

!

!

!

!

ip cef

!

!

!        



archive

log config

  hidekeys

!

!

!

class-map type inspect match-all cmap-in-outa-base

match protocol tcp

match protocol udp

match protocol sip

class-map type inspect match-all cmap-outa-in-base

match access-group 191

class-map type inspect match-any cm_vpnin

match access-group name FOR_VPNCLIENTS

class-map type inspect match-any cm_invpn

match access-group name FOR_VPNCLIENTS

class-map type inspect match-all cmap-outa-out-permit

match access-group 195

class-map type inspect match-any cmap-in-out-base

match protocol http

match protocol https

match protocol pop3

match protocol dns

match protocol smtp

match protocol icmp

match protocol pptp

match protocol sip

match access-group 193

class-map type inspect match-any cmap-out-in-base

match protocol http

match protocol ftp

match protocol smtp

match protocol pop3

match protocol lotusnote

match access-group 192

class-map type inspect match-any cmap-out-in-itng

match access-group 10

match access-group 100

class-map type inspect match-any cmap-in-out-excp

match access-group 190

class-map type inspect match-any cmap-out-self-base

match access-group 10

match access-group 100

match access-group 197

!

!

policy-map type inspect pm_vpnin

class type inspect cm_vpnin

  pass

class class-default

policy-map type inspect pm_invpn

class type inspect cm_invpn

  pass

class class-default

policy-map type inspect pmap-in-outa-base

class type inspect cmap-in-outa-base

  inspect

class class-default

policy-map type inspect pmap-outa-in-base

class type inspect cmap-outa-in-base

  inspect

class class-default

policy-map type inspect pmap-out-self-base

class type inspect cmap-out-self-base

  inspect

class class-default

policy-map type inspect pmap-in-out-base

class type inspect cmap-in-out-excp

  pass

class type inspect cmap-in-out-base

  inspect

class class-default

policy-map type inspect pmap-out-in-base

class type inspect cmap-out-in-base

  inspect

class type inspect cmap-in-out-excp

  pass

class type inspect cmap-out-in-itng

  inspect

class class-default

policy-map type inspect pmap-out-out-a-base

class type inspect cmap-outa-out-permit

  inspect

class class-default

  pass

!

zone security in

description ZONE_INTERNAL

zone security out

description ZONE_EXTERNAL

zone security out-a

description ZONE_EXTERNAL

zone security VPN

description For VPN users

zone-pair security zpair-out-self source out destination self

service-policy type inspect pmap-out-self-base

zone-pair security zpair-out-in source out destination in

service-policy type inspect pmap-out-in-base

zone-pair security zpair-out-out-a source out destination out-a

service-policy type inspect pmap-out-out-a-base

zone-pair security zpair-out-a-out source out-a destination out

service-policy type inspect pmap-out-out-a-base

zone-pair security zpair-in--out source in destination out

service-policy type inspect pmap-in-out-base

zone-pair security zpait-in-outa-base source in destination out-a

service-policy type inspect pmap-in-outa-base

zone-pair security zpair-outa-in source out-a destination in

service-policy type inspect pmap-outa-in-base

zone-pair security zp_vpnin source VPN destination in

service-policy type inspect pm_vpnin

zone-pair security zp_invpn source in destination VPN

service-policy type inspect pm_invpn

!

!

!

interface Loopback10

ip address Y 255.255.255.255

ip nat outside

ip virtual-reassembly

zone-member security out-a

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 8/35

  encapsulation aal5snap

  protocol ppp dialer

  dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!        

interface FastEthernet3

!

interface Virtual-Template2 type tunnel

ip unnumbered Dialer0

zone-member security VPN

tunnel mode ipsec ipv4

tunnel protection ipsec profile VPN-Profile-1

!

interface Vlan1

description all-one-gateway

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

zone-member security in

ip tcp adjust-mss 1452

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

zone-member security out

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname

ppp chap password 0

!

interface Dialer1

no ip address

!        

ip local pool ippool 192.168.181.1 192.168.181.254

ip local pool VPN-Pool 192.168.90.20 192.168.90.25

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source route-map nonat interface Dialer0 overload

ip nat inside source static tcp 192.168.0.11 88 X.X.X.X 88 extendable

ip nat inside source static tcp 192.168.0.11 110 X.X.X.X 110 extendable

ip nat inside source static tcp 192.168.0.11 8080 X.X.X.X 8080 extendable

ip nat inside source static tcp 192.168.0.10 20 X.X.X.X 20 extendable

ip nat inside source static tcp 192.168.0.10 21 X.X.X.X 21 extendable

ip nat inside source static tcp 192.168.0.11 25 X.X.X.X 25 extendable

ip nat inside source static tcp 192.168.0.10 80 X.X.X.X 80 extendable

ip nat inside source static tcp 192.168.0.11 81 X.X.X.X 81 extendable

ip nat inside source static tcp 192.168.0.101 443 X.X.X.X 443 extendable

ip nat inside source static tcp 192.168.0.11 1352 X.X.X.X 1352 extendable

ip nat inside source static tcp 192.168.0.10 1723 X.X.X.X 1723 extendable

ip nat inside source static tcp 192.168.0.10 3389 X.X.X.X 3389 extendable

ip nat inside source static tcp 192.168.0.11 3389 X.X.X.X 3390 extendable

ip nat inside source static tcp 192.168.0.72 5700 X.X.X.X 5700 extendable

ip nat inside source static tcp 192.168.0.11 5900 X.X.X.X 5900 extendable

ip nat inside source static tcp 192.168.0.72 6631 X.X.X.X 6631 extendable

ip nat inside source static tcp 192.168.0.56 6900 X.X.X.X 6900 extendable

ip nat inside source static tcp 192.168.0.10 3389 X.X.X.X 53389 extendable

ip nat inside source static 192.168.0.12 X.X.X.X

!

ip access-list extended FOR_VPNCLIENTS

permit ip any 192.168.0.0 0.0.0.255

permit ip 192.168.0.0 0.0.0.255 any

!        

access-list 10 permit X.X.X.X

access-list 10 permit X.X.X.X

access-list 100 permit icmp any host 192.168.0.12

access-list 100 permit ip any host 192.168.0.12

access-list 100 permit ip 192.168.90.0 0.0.0.255 any

access-list 102 permit tcp any host X.X.X.X eq 1352

access-list 102 permit tcp any host X.X.X.X eq 8080

access-list 102 permit tcp any host 192.168.0.11 eq 81

access-list 102 permit tcp any host 192.168.0.10 eq 1723

access-list 102 permit ip any host 192.168.91.1

access-list 110 deny   ip 192.168.0.0 0.0.0.255 192.168.181.0 0.0.0.255

access-list 110 deny   ip 192.168.0.0 0.0.0.255 192.168.90.0 0.0.0.255

access-list 110 permit ip 192.168.0.0 0.0.0.255 any

access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.181.0 0.0.0.255

access-list 190 permit gre any any

access-list 191 permit tcp any host X.X.X.X eq 3389

access-list 192 permit tcp any host X.X.X.X eq 1352

access-list 192 permit tcp any host X.X.X.X eq 8080

access-list 192 permit tcp any host 192.168.0.11 eq 81

access-list 192 permit tcp any host 192.168.0.10 eq 1723

access-list 192 permit ip any host 192.168.91.1

access-list 192 permit tcp any host 192.168.0.11 eq 3389

access-list 193 permit tcp host 192.168.0.10 any

access-list 193 permit tcp host 192.168.0.11 any

access-list 193 permit ip any 192.168.90.0 0.0.0.255

access-list 193 permit ip host 192.168.91.1 any

access-list 193 permit tcp host 192.168.0.121 any

access-list 193 permit tcp host 192.168.0.101 any

access-list 193 permit tcp host 192.168.0.102 any

access-list 194 permit ip host X.X.X.X any

access-list 194 permit ip 192.168.0.0 0.0.0.255 any

access-list 194 permit ip 192.168.91.0 0.0.0.255 any

access-list 195 permit ip any any

access-list 195 permit icmp any any

access-list 196 permit ip 192.168.0.0 0.0.0.255 any

access-list 197 permit udp any any eq isakmp

access-list 197 permit ahp any any

access-list 197 permit esp any any

access-list 197 permit udp any any eq non500-isakmp

no cdp run



!

!

route-map nonat permit 10

match ip address 110

!

!

control-plane

!



line con 0

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

transport input telnet ssh

!

scheduler max-task-time 5000



!

webvpn cef

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Wed, 07/24/2013 - 23:49
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Post the output to the command "sh version".

glebpe185 Wed, 07/24/2013 - 23:55
User Badges:

Sure


Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)XY3, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Fri 23-May-08 10:08 by prod_rel_team



ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE



exe02991863 uptime is 1 hour, 38 minutes

System returned to ROM by reload

System image file is "flash:c870-advsecurityk9-mz.124-15.XY3.bin"

Last reload reason: Unknown reason







This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.



A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html



If you require further assistance please contact us by sending email to

[email protected].



Cisco 877 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.

Processor board ID FHK111412XA

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

4 FastEthernet interfaces

1 ATM interface

128K bytes of non-volatile configuration memory.

28672K bytes of processor board System flash (Intel Strataflash)


Configuration register is 0x2102

Leo Laohoo Thu, 07/25/2013 - 23:19
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

System returned to ROM by reload

Last reload reason: Unknown reason

Someone issued the "reload" command.

glebpe185 Thu, 07/25/2013 - 23:28
User Badges:

No it reboots without issuing any commands otherwise I would not have posted the message here.

Actions

This Discussion