Router woes

johnrobo123 · ‎01-29-2003

Hello, I have a Cisco 1720 with a VPN module (see below) and periodically, once a day, the router stops functioning and requires a reload. All techs in the office access a group of production servers through a point to point VPN and the router also provides internet and mail access for the office. The router's behavior is odd. A classic example starts with the mail server being unreachable but current sessions with production servers are still active. Perhaps a minute after mail unavailability the prod servers sessions die, the internet connection dies and I have to reload the router. I have suggested that we stop receiving mail through the VPN since I believe the VPN is the guity party. I just started this job and was told that the router had a software upgrade recently.

-------------------------------------------------------------------------------------------------------

Cisco1720#sh flash

System flash directory:

File Length Name/status

1 7289632 c1700-k9o3sy7-mz.122-8.T1.bin

2 814 running-config

3 4342 good-config

4 4320 startup-config

5 4337 ciscp-171002

[7303772 bytes used, 1084836 available, 8388608 total]

8192K bytes of processor board System flash <Read/Write>

------------------------------------------------------------------------------------------------------

Cisco1720#sh run

Building configuration...

Current configuration : 4197 bytes

!

version 12.2

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname Cisco1720

!

boot system flash c1700-k9o3sy7-mz.122-8.T1.bin

boot system flash

logging buffered 16384 notifications

no logging console

no logging monitor

aaa new-model

!

aaa authentication login userauthen local

aaa session-id common

enable secret xcxcxcxcxcxc

enable password zxzxzxzxzx

!

username s********** password ^^^^^^^^^^^^^^^

memory-size iomem 20

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

ip name-server &&&&&&&&&&&&

ip dhcp excluded-address KKKKKKKKKKKKK

ip dhcp excluded-address IIIIIIIIIIIIIIIIIIIIIIIII

!

ip dhcp pool 1

network 192.XXXXXXXXXXXX

domain-name bellnexxia.net

default-router 192.NNNNNNNNN

dns-server CCCCCCCCCCC

!

ip inspect audit-trail

ip inspect max-incomplete low 300

ip inspect max-incomplete high 1000

ip inspect one-minute high 600

ip inspect udp idle-time 7200

ip inspect dns-timeout 7

ip inspect tcp idle-time 7200

ip inspect tcp finwait-time 10

ip inspect tcp synwait-time 35

ip inspect tcp max-incomplete host 50 block-time 1

ip inspect name jack rcmd timeout 15

ip inspect name jack cuseeme timeout 20

ip inspect name jack smtp timeout 120

ip inspect name jack tftp timeout 60

ip inspect name jack realaudio timeout 120

ip inspect name jack streamworks timeout 120

ip inspect name jack tcp timeout 7200

ip inspect name jack udp timeout 7200

ip audit notify log

ip audit po max-events 100

vpdn-group pppoe

!

crypto isakmp policy 1

authentication pre-share

lifetime 300

crypto isakmp key jill address NNNNNNN

!

crypto ipsec transform-set cm-transformset-1 esp-des esp-sha-hmac

!

crypto map cm-cryptomap 1 ipsec-isakmp

set peer KKKKKKKKKKK

set transform-set cm-transformset-1

match address 115

!

interface Ethernet0

description connected to Internet

ip address XXXXXXXXXXXXXXX

ip access-group 125 in

ip mtu 1492

ip nat outside

ip inspect destina out

no ip route-cache

no ip mroute-cache

no keepalive

half-duplex

crypto map cm-cryptomap

!

interface FastEthernet0

description connected to EthernetLAN

ip address XXXXXXXXXXXXXXXXXX

ip nat inside

ip tcp adjust-mss 1452

speed auto

!

router rip

version 2

network 192.xxxxxxxx

no auto-summary

!

ip local pool ippool 172.xxxxxxxxxxxxxxxx

ip nat inside source route-map nonat interface Ethernet0 overload

ip classless

ip route 0xxxxxxxxxxxxxxxxxxxxxxxx

ip route 1xxxxxxxxxxxxxxxxxxxxxxxxx9

ip route 2xxxxxxxxxxxxxxxxxxxxxxxxx7

Cisco1720#exit

-------------------------------------------------------------------------------------------------

When the router comes up it complains in the following manner:

cisco 1720 (MPC860T) processor (revision 0x601) with 27853K/4915K bytes of memory.

Processor board ID JAD061301QE (2828269743), with hardware revision 0000

MPC860T processor: part number 0, mask 32

Bridging software.

X.25 software, Version 3.0.0.

1 Ethernet/IEEE 802.3 interface(s)

1 FastEthernet/IEEE 802.3 interface(s)

1 Virtual Private Network (VPN) Module(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

Memory configuration adjustment:

Image size=21863296, PMem req=27329120, I/O mem=6710272, PMem avail=26844160

Warning: Attempting a memory percentage that does not provide enough Processor memory for the currently running image. If you save your running-config now,

this version of software may not be able to run.

% VPDN is not enabled

--------------------------------------------------------------------------------------------------------

Thanks in advance for any help provided.

RJ

Andrew.Prescott · ‎01-29-2003

This is typical of a device running out of memory.

The router S/W requires more memory than the previous S/W. (This may be due to increased funtionality)

Either upgrade the amount of memory or revert back to the previous version of S/W. (You may not be able to revert back to the earlier version if the upgrade was to provide increased functionality - ie encryption etc.)

regards

Andy Prescott.