Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

internet connection disconnecting frequently

Hi,

we have mgre setup which we are connecting to home offices from head office over DSL lines at home office side.

everything working fine, the tunnel is up and running but the internet connection getting droped frequently, but to my surprise the vpn connection is active and working.

gre tunnel is formed over dsl (same as DMVPN) to connect head office and normal internet traffic will go through nat device towards internet.

lan ip is provided to the pc through DHCP server from the router 881.

My topology is like

Head Office(cisco 1941)---->Internet--------->nat device---->cisco 881---->PC.

i can ping to head office continuously but when i am doing the same with internet the packets are getting droped .

attaching the cisco 881 config.

can any one help..

4 REPLIES

internet connection disconnecting frequently

Asif,

Can you post the results of 'show ip nat translations' when you are initiating traffic from the spoke (home office). I want to make sure a translation is taking place.

Also, can you post the results from a traceroute to 8.8.8.8 from a PC on that spoke.

New Member

Re: internet connection disconnecting frequently

Hi John,

Thanks for the reply,

attaching the output from router and pc

actual ips are in output as i changed in the first discussion

pc ip : 192.168.75.250

gateway 192.168.75.249(cisco 881)

Re: internet connection disconnecting frequently

Hello

Looking at you first file you sent, (I cannot open the second one you posted )

You have a 192.168.50.0/24 being advertiesd by rip but you pysical interface is /29

and your acl statement for NAT doesnt look correct with denying 192.168.1.0/24 and 192.168.2.0/24 and permmiting everything else even though they are not in the same subnetwork of the physical interface - I would specify the actual subnet to be permitted and not leave it to ip any any.

You seem to have only part of the cryptographic vpn configured, are you wanting to use ipsec also ?

For your NHRP sepcifying a tunnel mode, enabling multicast and NOT as far as I am aware  specifying a tunnel destination

is required.

crypto isakmp key xxxx address 0.0.0.0 0.0.0.0 - ( on HUB and SPOKE - this adds dynamic pre−shared keys for all of the remote VPNs)

crypto ipsec transform-set NHRP esp-3des esp-md5-hmac

crypto ipsec profile TEST

set security-association lifetime seconds xxx

set transform-set NHRP

int tun0

ip nhrp map multicast dynamic

NO  tunnel destination

tunnel mode gre multipoint

tunnel protection ipsec profile TEST

no access-list 2000

access-list 2000 permit ip any

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
New Member

internet connection disconnecting frequently

Hi ,

thank you for the reply..

we have home offices in different regions and some isps blocking port 4500 so i am not using ipsec for them.

as per the natting, the access list filters the traffic going on wan , and direct the intrested traffic on tunnel and all other will be going to internet so i specified any any.

and the rip, there is nothing wrong with the network connection to my head office and there are no packet drops on the tunnel, but when i am pinging to ips like 8.8.8.8 and 4.2.2.2 the pings started to getting droped after 5 or 10 min.

855
Views
0
Helpful
4
Replies