We help IT Professionals succeed at work.
Get Started

Cisco 1811W keep failing after 1 to 2 hours

LnxOne
LnxOne asked
on
535 Views
Last Modified: 2010-04-21
Help!

I just configured Cisco router 1811W for my office to connect to an ISP.  Things are working pretty good until 2 hours later the connection from my Cisco 1811W router to the ISP CSU/DSU keep dropping. It keeps doing this for over a week and it's driving crazy!!!

Here is my current configure file:

FE0: ip address 146.xxx.xxx.178  ==>> ISP CSU/DSU Interface:  146.xxx.xxx.177
Internal gateway BVI1: 192.168.xxx.65

Here are my Nating table:
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
ip nat inside source static tcp 192.168.xxx.67 80 interface FA0 80
ip nat inside source static tcp 192.168.xxx.67 110 interface FA0 110

Here is my ip routes:
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
router rip
 version 2
 passive-interface FastEthernet0
 passive-interface BVI1
 network 146.xxx.0.0
 network 192.168.xxx.0
 no auto-summary

...

Below text is my show run command:

!This is the show startup-config output of the router: show startup-config
!----------------------------------------------------------------------------

Using 8057 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1811W
!
boot-start-marker
boot-end-marker
!
logging buffered 5xxx0 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 xxx3 2:00 Oct 26 xxx3 2:00
!
!
ip cef
ip dhcp excluded-address 192.168.2.0 192.168.2.254
ip dhcp excluded-address 192.168.xxx.65 192.168.xxx.80
!
!
ip domain name localdomain.local
ip name-server 192.168.xxx.70
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW esmtp
!
appfw policy-name SDM_LOW
  application http
!
password encryption aes
!
crypto pki trustpoint TP-self-signed-4072465080
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4072465080
 revocation-check none
 rsakeypair TP-self-signed-4072465080
!
!
crypto pki certificate chain TP-self-signed-4072465080
 certificate self-signed 01 nvram:IOS-Self-Sig#3005.cer
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
 class sdm_p2p_gnutella
 class sdm_p2p_bittorrent
 class sdm_p2p_edonkey
 class sdm_p2p_kazaa
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group RVPN-SN20
 key xxxxxxxxxxxxxxxx
 dns 192.168.xxx.70
 wins 192.168.xxx.70
 domain localdomain
 pool VPN-PL20
 max-users 50
 netmask 255.255.255.192
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile RVPN-SN20
 set transform-set ESP-3DES-SHA
!
!
crypto dynamic-map SDM_DYNMAP_2 1
 set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_2 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_2 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_2 client configuration address respond
crypto map SDM_CMAP_2 65535 ipsec-isakmp dynamic SDM_DYNMAP_2
!
bridge irb
!
!
!
interface FastEthernet0
 description $ETH-LAN$$FW_OUTSIDE$
 ip address 146.xxx.xxx.178 255.255.255.248
 ip access-group 101 in
 ip verify unicast reverse-path
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 ip nat outside
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
 description VLAN1
!
interface FastEthernet3
 description VLAN1
!
interface FastEthernet4
 description VLAN1
!
interface FastEthernet5
 description VLAN1
!
interface FastEthernet6
 description VLAN1
!
interface FastEthernet7
 description VLAN1
!
interface FastEthernet8
 description VLAN1
!
interface FastEthernet9
 description VLAN1
!
interface Dot11Radio0
 description VL1- VLAN1
 no ip address
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid MY-WLAN
    vlan 1
    authentication open
    authentication key-management wpa
    wpa-psk ascii 0 xxxxxxxxxxxxxxxx
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 basic-24.0 36.0 48.0 54.0
 rts threshold 2312
 power local cck 20
 power local ofdm 17
 channel 2462
 station-role root
!
interface Dot11Radio0.1
 description VL1- VLAN1
 encapsulation dot1Q 1 native
 no snmp trap link-status
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 ip virtual-reassembly
 shutdown
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 description BVI1$ETH-SW-LAUNCH$$INTF-INFO-FE 2$
 no ip address
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Async1
 no ip address
 ip virtual-reassembly
 encapsulation slip
!
interface BVI1
 description VL1- VLAN1$FW_INSIDE$
 ip address 192.168.xxx.65 255.255.255.192
 ip access-group 100 in
 no ip redirects
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1300
 crypto map SDM_CMAP_2
!
router rip
 version 2
 passive-interface FastEthernet0
 passive-interface BVI1
 network 146.xxx.0.0
 network 192.168.xxx.0
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 146.xxx.xxx.177
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat Stateful id 1
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.xxx.67 110 interface FastEthernet0 110
ip nat inside source static tcp 192.168.xxx.67 80 interface FastEthernet0 80
ip nat inside source static 192.168.xxx.65 146.xxx.xxx.178
ip nat inside source static 192.168.xxx.67 146.xxx.xxx.179
!
ip access-list extended RMC_Out
 remark SDM_ACL Category=2
 deny   ip host 192.168.xxx.67 any
 deny   ip host 192.168.xxx.65 any
 permit ip any any
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ahp any host 192.168.xxx.65
access-list 100 permit esp any host 192.168.xxx.65
access-list 100 permit udp any host 192.168.xxx.65 eq isakmp
access-list 100 permit udp any host 192.168.xxx.65 eq non500-isakmp
access-list 100 deny   ip 146.xxx.xxx.176 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 146.xxx.xxx.179
access-list 101 permit tcp any host 146.xxx.xxx.179
access-list 101 permit udp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178
access-list 101 permit tcp any host 146.xxx.xxx.178 eq www
access-list 101 permit tcp any host 146.xxx.xxx.178 eq pop3
access-list 101 deny   ip 192.168.xxx.64 0.0.0.63 any
access-list 101 permit icmp any host 146.xxx.xxx.178 echo-reply
access-list 101 permit icmp any host 146.xxx.xxx.178 time-exceeded
access-list 101 permit icmp any host 146.xxx.xxx.178 unreachable
access-list 101 permit udp any any eq rip
access-list 101 permit ip any host 224.0.0.9
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address RMC_Out
!
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115xxx
 flowcontrol hardware
line aux 0
line vty 0 4
 transport input ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

Comment
Watch Question
Top Expert 2009
Commented:
This problem has been solved!
Unlock 1 Answer and 30 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE