ā07-24-2013 11:20 PM - edited ā03-07-2019 02:34 PM
Hi guys,
I have a router Cisco 887
c870-advsecurityk9-mz.124-15.XY3.bin
When I am connecting to the router using Cisco VPN client and trying to ping any host from private range 192.168.0.0/24 except the cisco's ip address 192.168.0.254 the router gets reloaded after the first ping.
It all worked before and this started happening at some point though I did not make any changes in configuration.
Can you help me what might be the problem?
Here is my config:
thanks guys!
Building configuration...
Current configuration : 10632 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_xauth local
aaa authentication login sslvpn local
aaa authorization network vpn_group local
!
!
aaa session-id common
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes 256
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group ciscogroup
key ciscogroup
pool VPN-Pool
acl 196
max-users 5
crypto isakmp profile vpn-ike-profile-1
match identity group ciscogroup
client authentication list vpn_xauth
isakmp authorization list vpn_group
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
!
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
!
!
!
crypto pki trustpoint TP-self-signed-2379352192
enrollment selfsigned
ip-address cef
subject-name cn=IOS-Self-Signed-Certificate-2379352192
revocation-check none
rsakeypair TP-self-signed-2379352192
!
!
!
!
ip cef
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-all cmap-in-outa-base
match protocol tcp
match protocol udp
match protocol sip
class-map type inspect match-all cmap-outa-in-base
match access-group 191
class-map type inspect match-any cm_vpnin
match access-group name FOR_VPNCLIENTS
class-map type inspect match-any cm_invpn
match access-group name FOR_VPNCLIENTS
class-map type inspect match-all cmap-outa-out-permit
match access-group 195
class-map type inspect match-any cmap-in-out-base
match protocol http
match protocol https
match protocol pop3
match protocol dns
match protocol smtp
match protocol icmp
match protocol pptp
match protocol sip
match access-group 193
class-map type inspect match-any cmap-out-in-base
match protocol http
match protocol ftp
match protocol smtp
match protocol pop3
match protocol lotusnote
match access-group 192
class-map type inspect match-any cmap-out-in-itng
match access-group 10
match access-group 100
class-map type inspect match-any cmap-in-out-excp
match access-group 190
class-map type inspect match-any cmap-out-self-base
match access-group 10
match access-group 100
match access-group 197
!
!
policy-map type inspect pm_vpnin
class type inspect cm_vpnin
pass
class class-default
policy-map type inspect pm_invpn
class type inspect cm_invpn
pass
class class-default
policy-map type inspect pmap-in-outa-base
class type inspect cmap-in-outa-base
inspect
class class-default
policy-map type inspect pmap-outa-in-base
class type inspect cmap-outa-in-base
inspect
class class-default
policy-map type inspect pmap-out-self-base
class type inspect cmap-out-self-base
inspect
class class-default
policy-map type inspect pmap-in-out-base
class type inspect cmap-in-out-excp
pass
class type inspect cmap-in-out-base
inspect
class class-default
policy-map type inspect pmap-out-in-base
class type inspect cmap-out-in-base
inspect
class type inspect cmap-in-out-excp
pass
class type inspect cmap-out-in-itng
inspect
class class-default
policy-map type inspect pmap-out-out-a-base
class type inspect cmap-outa-out-permit
inspect
class class-default
pass
!
zone security in
description ZONE_INTERNAL
zone security out
description ZONE_EXTERNAL
zone security out-a
description ZONE_EXTERNAL
zone security VPN
description For VPN users
zone-pair security zpair-out-self source out destination self
service-policy type inspect pmap-out-self-base
zone-pair security zpair-out-in source out destination in
service-policy type inspect pmap-out-in-base
zone-pair security zpair-out-out-a source out destination out-a
service-policy type inspect pmap-out-out-a-base
zone-pair security zpair-out-a-out source out-a destination out
service-policy type inspect pmap-out-out-a-base
zone-pair security zpair-in--out source in destination out
service-policy type inspect pmap-in-out-base
zone-pair security zpait-in-outa-base source in destination out-a
service-policy type inspect pmap-in-outa-base
zone-pair security zpair-outa-in source out-a destination in
service-policy type inspect pmap-outa-in-base
zone-pair security zp_vpnin source VPN destination in
service-policy type inspect pm_vpnin
zone-pair security zp_invpn source in destination VPN
service-policy type inspect pm_invpn
!
!
!
interface Loopback10
ip address Y 255.255.255.255
ip nat outside
ip virtual-reassembly
zone-member security out-a
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template2 type tunnel
ip unnumbered Dialer0
zone-member security VPN
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
!
interface Vlan1
description all-one-gateway
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname
ppp chap password 0
!
interface Dialer1
no ip address
!
ip local pool ippool 192.168.181.1 192.168.181.254
ip local pool VPN-Pool 192.168.90.20 192.168.90.25
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map nonat interface Dialer0 overload
ip nat inside source static tcp 192.168.0.11 88 X.X.X.X 88 extendable
ip nat inside source static tcp 192.168.0.11 110 X.X.X.X 110 extendable
ip nat inside source static tcp 192.168.0.11 8080 X.X.X.X 8080 extendable
ip nat inside source static tcp 192.168.0.10 20 X.X.X.X 20 extendable
ip nat inside source static tcp 192.168.0.10 21 X.X.X.X 21 extendable
ip nat inside source static tcp 192.168.0.11 25 X.X.X.X 25 extendable
ip nat inside source static tcp 192.168.0.10 80 X.X.X.X 80 extendable
ip nat inside source static tcp 192.168.0.11 81 X.X.X.X 81 extendable
ip nat inside source static tcp 192.168.0.101 443 X.X.X.X 443 extendable
ip nat inside source static tcp 192.168.0.11 1352 X.X.X.X 1352 extendable
ip nat inside source static tcp 192.168.0.10 1723 X.X.X.X 1723 extendable
ip nat inside source static tcp 192.168.0.10 3389 X.X.X.X 3389 extendable
ip nat inside source static tcp 192.168.0.11 3389 X.X.X.X 3390 extendable
ip nat inside source static tcp 192.168.0.72 5700 X.X.X.X 5700 extendable
ip nat inside source static tcp 192.168.0.11 5900 X.X.X.X 5900 extendable
ip nat inside source static tcp 192.168.0.72 6631 X.X.X.X 6631 extendable
ip nat inside source static tcp 192.168.0.56 6900 X.X.X.X 6900 extendable
ip nat inside source static tcp 192.168.0.10 3389 X.X.X.X 53389 extendable
ip nat inside source static 192.168.0.12 X.X.X.X
!
ip access-list extended FOR_VPNCLIENTS
permit ip any 192.168.0.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
!
access-list 10 permit X.X.X.X
access-list 10 permit X.X.X.X
access-list 100 permit icmp any host 192.168.0.12
access-list 100 permit ip any host 192.168.0.12
access-list 100 permit ip 192.168.90.0 0.0.0.255 any
access-list 102 permit tcp any host X.X.X.X eq 1352
access-list 102 permit tcp any host X.X.X.X eq 8080
access-list 102 permit tcp any host 192.168.0.11 eq 81
access-list 102 permit tcp any host 192.168.0.10 eq 1723
access-list 102 permit ip any host 192.168.91.1
access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.181.0 0.0.0.255
access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.181.0 0.0.0.255
access-list 190 permit gre any any
access-list 191 permit tcp any host X.X.X.X eq 3389
access-list 192 permit tcp any host X.X.X.X eq 1352
access-list 192 permit tcp any host X.X.X.X eq 8080
access-list 192 permit tcp any host 192.168.0.11 eq 81
access-list 192 permit tcp any host 192.168.0.10 eq 1723
access-list 192 permit ip any host 192.168.91.1
access-list 192 permit tcp any host 192.168.0.11 eq 3389
access-list 193 permit tcp host 192.168.0.10 any
access-list 193 permit tcp host 192.168.0.11 any
access-list 193 permit ip any 192.168.90.0 0.0.0.255
access-list 193 permit ip host 192.168.91.1 any
access-list 193 permit tcp host 192.168.0.121 any
access-list 193 permit tcp host 192.168.0.101 any
access-list 193 permit tcp host 192.168.0.102 any
access-list 194 permit ip host X.X.X.X any
access-list 194 permit ip 192.168.0.0 0.0.0.255 any
access-list 194 permit ip 192.168.91.0 0.0.0.255 any
access-list 195 permit ip any any
access-list 195 permit icmp any any
access-list 196 permit ip 192.168.0.0 0.0.0.255 any
access-list 197 permit udp any any eq isakmp
access-list 197 permit ahp any any
access-list 197 permit esp any any
access-list 197 permit udp any any eq non500-isakmp
no cdp run
!
!
route-map nonat permit 10
match ip address 110
!
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
!
webvpn cef
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
ā07-24-2013 11:49 PM
Post the output to the command "sh version".
ā07-24-2013 11:55 PM
Sure
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(15)XY3, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 23-May-08 10:08 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE
exe02991863 uptime is 1 hour, 38 minutes
System returned to ROM by reload
System image file is "flash:c870-advsecurityk9-mz.124-15.XY3.bin"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 877 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK111412XA
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
ā07-25-2013 11:19 PM
System returned to ROM by reload
Last reload reason: Unknown reason
Someone issued the "reload" command.
ā07-25-2013 11:28 PM
No it reboots without issuing any commands otherwise I would not have posted the message here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: