i have 3845 router having E1 link with me SP.i use this E1 link for my internet traffic and intranet traffic,some times the traffic destined to internet gets stuck but my intranet traffic shows no problem. after rebooting the router it comes to normal. can some one guide me i will be very obliged.waiting for your response.
attached is the show run of my router. serila 3/0:0 is the link with ITI SP this link fails to pass internet traffic some times and after resetting the router traffic continue to pass.Gigabitethernet0/0 is fiber wan link which also shows the same behaviour as serial 3/0:0.
your router is not performing NAT and is acting as the border router.
I see you have enabled both NBAR and netflow on some interfaces I would keep only netflow that can be more scalable and you have also configured NDE export. So stats can be seen on the collector.
I have some doubts about your routing config:
You have :
Two default static routes but the first one has AD 1 it is not a floating static route.
ip route 0.0.0.0 0.0.0.0 192.168.20.57 name primary-Fiber
ip route 0.0.0.0 0.0.0.0 192.168.198.201 200 name backup-Radio
in addition to these two you have an EBGP session with your ISP peer 192.168.20.57 and you accept only the prefix 0.0.0./0 but this shouldn't be installed in your routing table but the first static route.
You have two GRE tunnels sourced by g0/0 interface
access-list 100 permit gre host 192.168.20.58 host 192.168.90.26
access-list 101 permit gre host 192.168.20.58 host 192.168.16.12
I don't understand why you have configured the crypto map under both tunnels and under the lan interface.
your ACLs 100 and 101 clearly show that you would like to transport GRE tunnels inside the IPSec packets and not the opposite.
So I would suggest to remove the crypto maps inside tunnel 3 and tunnel 4 configs.
Try this and see if the router provides internet access.
now you are right there are two default route,tell me one thing if we have two default routes and one has AD 200 and other has AD 1 then why they can not be floating static route?you meant to say that the default route having AD 1 should have AD other than 1? regarding crypto map its not under lan interface and GIG0/0 is their fiber WAN interface. last thing access-lists are passed in crypto maps. why you are suggesting to remove crypto maps inside tunnel 3 and tunnel 4.
my actual problem is my router stops internet traffic some times but most of times i can access internet with this configuration. why stopped internet traffic restores afer rebooting.please come with the actual reason i will be highly obliged.
actually the way you suggested needs to sit in customer premises and wait for router to stuck. after analysing the configuration it appered that link towrad ITI is not for internet connectivity rather the link towards cybernet fiber at Gig0/0 is for internet.if you will see the routes then it will be exposed to you also.GIg0/0 has been configured for many things i.e internet and secure VPN etc.Now if some times their VPN tunnnels are woring fine then why internet gets disturb. and suddenly their ITI link shows no traffic at all at the same time.client is saying that the out side world connects to their internal servers thruogh ITI link which is serial 3/0:0.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...