OK Cisco Gurus, can you help me with a question. I had a problem yesterday with my Internet connection going down and all my VPNs could not send me data. I got it going late last night, but I want to know why….read on.
I have a Cisco 515 as the center spoke to my network. I have one remote office connected over a VPN through an E1 (Cisco 501). I also have 10 remote sites (and many more on the way) that have DSL and connect to me over VPNs via Linksys RV042s. I have been installing the RV042s over the last week or so, adding one or two a day.
Yesterday morning, my E1 (501) site called me to say their Internet was very slow. Then they lost browsing, but messenger still worked. Eventually they lost all Internet connectivity, including our VPN link. I still had access to this site and the Cisco 501 over a RSH connection, but eventually I lost this connection also.
As I was tying to figure out what happened to my connection to my remote 501, I lost Internet at my main site. I had a laptop connected outside my Firewall (515) with a public IP and it still had Internet, so I did not lose Internet from my T1 provider, I just could not get anything out or in from my private LAN. I could not even ping my laptop from my 515 though they were on the same segment. I had not changed anything since the day before, so I was baffled. Besides I just added a few lines of code for NAT avoidance and a Peer Address for my Crypto Maps. Also, the one remote RV042 that I allow Internet Access to (port 80) also lost Internet connection. All the other sites have Port 80 blocked.
I reviewed the code over and over, line by line and I could not figure out what happened. I checked my ISAKMP SAs, and my remote VPNs from my RV042s were still connecting, but I could not send them data. I tried reloading, clearing connections, clearing IPSEC and ISAKMP SAs, etc. It was like my default gateway went away, but I verified it was still there.
I decided to copy the config from a text file I had saved from 6 months ago, before I began experimenting with VPNs, and paste the lines into my Telnet session to my 515. Note, I did not return my 515 to factory just yet; I just copied the lines from my archived Text File and paste them to my current Telnet Session. The second I did this, my Internet came up. I cleaned up the config and made sure it was current. Again, all my previous lines for my new VPNs and my Access Lists were still there from before. Anyway, I could now communicate with all my RV042s over their VPNs.
Shortly thereafter, I could RSH back to my Mexico site. After clearing my IPSEC SAs and ISAKMP SAs, that VPN came back up. All is well now. I found out my provider to my remote E1 (501) had a problem (thought they won’t admit it) with their E1 feed to me. In any case, all is working well now, but I just want to know what I did, and if there is something else I could do.