AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of nigel8013
nigel8013

asked on 

Cisco 877 Router - Suspected Nat Problem (Locks Up)

I have been experiencing a recurring problem with a Cisco 877 Router.

Without explanation, the router appears to freeze. I lose internet connectivity and am unable to ping any external IP's, BUT I can still telnet into the router from internal, Am able to VPN (PPTP) through the router to a server sitting behind it and able to telnet to port 25 through the router to a mail server sitting behind it.

I would really apreciate it if people could check over my configuration (have removed IP's but replaced with letters to depict the different subnets) and let me know if it is possibly a configuration issue as opposed to a hardware issue?

Many Thanks in advance.

Nigel
Building configuration...
 
Current configuration : 2785 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-22.T.bin
boot-end-marker
!
logging message-counter syslog
enable password XXXXXXXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip inspect audit-trail
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall ica
ip inspect name Firewall icabrowser
ip inspect name Firewall realaudio
ip inspect name Firewall ftp
ip inspect name Firewall smtp
ip inspect name Firewall pop3
ip inspect name Firewall http
ip inspect name Firewall https
ip inspect name Firewall dns
ip inspect name Firewall telnet
ip inspect name Firewall pptp
ip inspect name Firewall icmp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
!
interface FastEthernet1
 switchport access vlan 2
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
 switchport access vlan 2
!
interface Vlan1
 description vlan1 INTERNET
 ip address AA.AA.AA.32 255.255.255.0
 ip access-group 100 in
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly
!
interface Vlan2
 description vlan2 NETWORK
 ip address BB.BB.BB.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 AA.AA.AA.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 23 interface Vlan1 overload
ip nat inside source static tcp BB.BB.BB.1 25 AA.AA.AA.32 25 extendable
ip nat inside source static tcp BB.BB.BB.1 80 AA.AA.AA.32 80 extendable
ip nat inside source static tcp BB.BB.BB.1 443 AA.AA.AA.32 443 extendable
ip nat inside source static tcp BB.BB.BB.1 1723 AA.AA.AA.32 1723 extendable
ip nat inside source static tcp BB.BB.BB.1 3389 AA.AA.AA.32 3389 extendable
ip nat inside source static tcp BB.BB.BB.1 4125 AA.AA.AA.32 4125 extendable
ip nat inside source static tcp BB.BB.BB.2 80 AA.AA.AA.33 80 extendable
ip nat inside source static tcp BB.BB.BB.2 443 AA.AA.AA.33 443 extendable
!
access-list 23 permit any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq 443
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq 1723
access-list 100 permit tcp any any eq 3389
access-list 100 permit tcp any any eq 4125
access-list 100 permit gre any any
access-list 100 permit tcp any any established
access-list 100 deny   tcp any any
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password XXXXXXXXXXX
 login
!
scheduler max-task-time 5000
end

Open in new window

Networking Hardware-OtherRoutersHardware Firewalls
Avatar of undefined
Last Comment
nigel8013
8/22/2022 - Mon
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent