I have 871w set up as VPN client. Provider's cable is plugged into WAN port (FastEthernet 4) - that's now I access its LAN. Then I have to dial to their VPN server to access global internet. And the problem is that sometimes my dialer connection just hangs up and I can't debug the reason. It doesn't disconnect - just hangs and I can't even ping any host from cisco terminal (and from client computers too of course). I noticed however that this weird thing will 100% occure if I turn on torrent client or watch some videos on youtube. But it won't hang immediately - it can take an hour or some to happen. I tried to work without youtube and torrents - and got 3 days of stable uptime for example.
So what could it be? Looks like some buffer overflowing. But how do I debug? Here's my config, I removed wifi sections to make it a bit smaller:
! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service internal ! hostname 871w ! boot-start-marker boot-end-marker ! logging message-counter syslog no logging buffered enable secret 5 $1$oW4O$dwbYXwqcD4QdS7VBrWaP0/ ! no aaa new-model ! ! ip source-route no ip gratuitous-arps ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.16.1.1 ! ip dhcp pool HOME import all network 10.16.1.0 255.255.255.0 default-router 10.16.1.1 dns-server 10.16.1.1 lease 0 2 ! ! ip cef ip domain timeout 1 ip host members.dyndns.org 184.108.40.206 ip multicast-routing ip ddns update method DynDNS HTTP add http://***= remove http://***= interval maximum 28 0 0 0 ! no ipv6 cef ntp master ntp server 220.127.116.11 prefer ! multilink bundle-name authenticated ! vpdn enable ! vpdn-group 22 request-dialin protocol pptp rotary-group 0 initiate-to ip 172.16.4.1 ! ! archive log config hidekeys ! ! bridge irb ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ip address 172.23.10.59 255.255.255.0 ip verify unicast reverse-path no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly speed auto full-duplex no cdp enable ! interface Vlan1 no ip address ip flow ingress ip nat inside ip virtual-reassembly bridge-group 1 ! interface Dialer0 mtu 1450 ip address negotiated ip pim dense-mode ip nat outside ip virtual-reassembly encapsulation ppp dialer in-band dialer idle-timeout 0 dialer string 123 dialer vpdn dialer-group 22 no peer neighbor-route no keepalive no cdp enable ppp pfc local request ppp pfc remote apply ppp encrypt mppe auto ppp chap hostname *** ppp chap password 0 *** ppp ipcp dns request ! interface BVI1 ip address 10.16.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 18.104.22.168 255.255.240.0 172.23.10.1 ip route 22.214.171.124 255.255.248.0 172.23.10.1 ip route 126.96.36.199 255.255.255.192 172.23.10.1 ip route 188.8.131.52 255.255.255.128 172.23.10.1 ip route 172.16.0.0 255.240.0.0 172.23.10.1 ip route 192.168.0.0 255.255.0.0 172.23.10.1 no ip http server no ip http secure-server ! ! ip dns view default domain timeout 1 domain resolver source-interface Dialer0 ip dns view-list default-list ip dns server ip dns spoofing ip nat inside source list NAT_INTERNET interface Dialer0 overload ip nat inside source list NAT_ISP interface FastEthernet4 overload ! ip access-list extended NAT_INTERNET deny ip 10.16.1.0 0.0.0.255 184.108.40.206 0.255.255.255 log deny ip 10.16.1.0 0.0.0.255 220.127.116.11 0.0.0.255 deny ip 10.16.1.0 0.0.0.255 18.104.22.168 0.0.0.255 deny ip 10.16.1.0 0.0.0.255 22.214.171.124 0.0.0.255 deny ip 10.16.1.0 0.0.0.255 126.96.36.199 0.0.0.255 deny ip 10.16.1.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip 10.16.1.0 0.0.0.255 any ip access-list extended NAT_ISP remark From home LAN to ISP LAN permit ip 10.16.1.0 0.0.0.255 any ! logging trap debugging dialer-list 22 protocol ip permit no cdp run
! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! line con 0 no modem enable transport preferred none line aux 0 line vty 0 4 privilege level 15 password *** login transport input telnet ssh ! scheduler max-task-time 5000 end
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...