Avatar of nigel8013
nigel8013 asked on

Cisco 877 Router - Suspected Nat Problem (Locks Up)

I have been experiencing a recurring problem with a Cisco 877 Router.

Without explanation, the router appears to freeze. I lose internet connectivity and am unable to ping any external IP's, BUT I can still telnet into the router from internal, Am able to VPN (PPTP) through the router to a server sitting behind it and able to telnet to port 25 through the router to a mail server sitting behind it.

I would really apreciate it if people could check over my configuration (have removed IP's but replaced with letters to depict the different subnets) and let me know if it is possibly a configuration issue as opposed to a hardware issue?

Many Thanks in advance.

Nigel
Building configuration...
 
Current configuration : 2785 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-22.T.bin
boot-end-marker
!
logging message-counter syslog
enable password XXXXXXXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip inspect audit-trail
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall ica
ip inspect name Firewall icabrowser
ip inspect name Firewall realaudio
ip inspect name Firewall ftp
ip inspect name Firewall smtp
ip inspect name Firewall pop3
ip inspect name Firewall http
ip inspect name Firewall https
ip inspect name Firewall dns
ip inspect name Firewall telnet
ip inspect name Firewall pptp
ip inspect name Firewall icmp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
!
interface FastEthernet1
 switchport access vlan 2
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
 switchport access vlan 2
!
interface Vlan1
 description vlan1 INTERNET
 ip address AA.AA.AA.32 255.255.255.0
 ip access-group 100 in
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly
!
interface Vlan2
 description vlan2 NETWORK
 ip address BB.BB.BB.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 AA.AA.AA.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 23 interface Vlan1 overload
ip nat inside source static tcp BB.BB.BB.1 25 AA.AA.AA.32 25 extendable
ip nat inside source static tcp BB.BB.BB.1 80 AA.AA.AA.32 80 extendable
ip nat inside source static tcp BB.BB.BB.1 443 AA.AA.AA.32 443 extendable
ip nat inside source static tcp BB.BB.BB.1 1723 AA.AA.AA.32 1723 extendable
ip nat inside source static tcp BB.BB.BB.1 3389 AA.AA.AA.32 3389 extendable
ip nat inside source static tcp BB.BB.BB.1 4125 AA.AA.AA.32 4125 extendable
ip nat inside source static tcp BB.BB.BB.2 80 AA.AA.AA.33 80 extendable
ip nat inside source static tcp BB.BB.BB.2 443 AA.AA.AA.33 443 extendable
!
access-list 23 permit any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq 443
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq 1723
access-list 100 permit tcp any any eq 3389
access-list 100 permit tcp any any eq 4125
access-list 100 permit gre any any
access-list 100 permit tcp any any established
access-list 100 deny   tcp any any
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password XXXXXXXXXXX
 login
!
scheduler max-task-time 5000
end

Open in new window

Networking Hardware-OtherRoutersHardware Firewalls

Avatar of undefined
Last Comment
nigel8013

8/22/2022 - Mon
memo_tnt

Hi
what do u do to get internet back?
di u reload the router ??

send sh version results?

plz advise what these for???:
1- ip nat inside source static tcp BB.BB.BB.1 80 AA.AA.AA.32 80 extendable
2- ip nat inside source static tcp BB.BB.BB.2 80 AA.AA.AA.33 80 extendable

BR
ASKER
nigel8013

Simply performing a reload brings the router back or alternatively the power switch.

Sh Ver attached.

Reason for two entries on port 80 - We have two external static IP's routing to do different Internal web servers.

Nigel
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(22)T, R
ELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 10-Oct-08 12:57 by prod_rel_team
 
ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE
 
MediHome uptime is 1 hour, 15 minutes
System returned to ROM by power-on
System image file is "flash:c870-advipservicesk9-mz.124-22.T.bin"
 
 
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
 
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
 
If you require further assistance please contact us by sending email to
export@cisco.com.
 
Cisco 877 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memo
ry.
Processor board ID FHK104410P1
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
36864K bytes of processor board System flash (Intel Strataflash)
 
Configuration register is 0x2102

Open in new window

memo_tnt

Im worrying that all www traffic went to these two Web servers,,
so, u need to check where www traffic goes by:: sh ip nat trans ?? send its results !

also ,, try to remove ::

1- ip nat inside source static tcp BB.BB.BB.1 80 AA.AA.AA.32 80 extendable
2- ip nat inside source static tcp BB.BB.BB.2 80 AA.AA.AA.33 80 extendable

check and reply

BR
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
nigel8013

Sh Ip Nat Trans  attached.
Pro Inside global      Inside local       Outside local      Outside global
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.150.142.246:28185 90.150.142.246:28185
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.150.235.148:59516 90.150.235.148:59516
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.96.178:44927 90.151.96.178:44927
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.97.81:28761 90.151.97.81:28761
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.140.162:29954 90.151.140.162:29954
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.186.132:59890 90.151.186.132:59890
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.191.248:3131 90.151.191.248:3131
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.212.0:3829  90.151.212.0:3829
tcp AA.AA.AA.32:135     AA.AA.AA.33:135     90.151.251.253:3154 90.151.251.253:3154
udp AA.AA.AA.32:1027    AA.AA.AA.33:1027    60.222.224.140:40275 60.222.224.140:40275
tcp AA.AA.AA.32:25      BB.BB.BB.1:25        67.212.167.10:36296 67.212.167.10:36296
tcp AA.AA.AA.32:25      BB.BB.BB.1:25        77.68.40.108:45081 77.68.40.108:45081
tcp AA.AA.AA.32:25      BB.BB.BB.1:25        119.63.204.51:46666 119.63.204.51:46666
tcp AA.AA.AA.32:25      BB.BB.BB.1:25        ---                ---
tcp AA.AA.AA.32:80      BB.BB.BB.1:80        ---                ---
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.196:51052 82.132.136.196:51052
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.196:54375 82.132.136.196:54375
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.198:36079 82.132.136.198:36079
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.198:37977 82.132.136.198:37977
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.198:44779 82.132.136.198:44779
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.199:36827 82.132.136.199:36827
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.200:37630 82.132.136.200:37630
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.203:42876 82.132.136.203:42876
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.203:49808 82.132.136.203:49808
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.203:50966 82.132.136.203:50966
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.203:54845 82.132.136.203:54845
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.203:55755 82.132.136.203:55755
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.205:55743 82.132.136.205:55743
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.205:59429 82.132.136.205:59429
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:35751 82.132.136.207:35751
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:45835 82.132.136.207:45835
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:47724 82.132.136.207:47724
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:47809 82.132.136.207:47809
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:48679 82.132.136.207:48679
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:48766 82.132.136.207:48766
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:52502 82.132.136.207:52502
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:53163 82.132.136.207:53163
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.207:53446 82.132.136.207:53446
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.211:37876 82.132.136.211:37876
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.211:42562 82.132.136.211:42562
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.213:42355 82.132.136.213:42355
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       82.132.136.213:46330 82.132.136.213:46330
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       90.217.108.223:49346 90.217.108.223:49346
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       193.35.132.238:3728 193.35.132.238:3728
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       194.176.105.1:63630 194.176.105.1:63630
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       194.176.105.1:64133 194.176.105.1:64133
tcp AA.AA.AA.32:443     BB.BB.BB.1:443       ---                ---
tcp AA.AA.AA.32:1723    BB.BB.BB.1:1723      ---                ---
tcp AA.AA.AA.32:3389    BB.BB.BB.1:3389      ---                ---
tcp AA.AA.AA.32:4125    BB.BB.BB.1:4125      ---                ---
udp AA.AA.AA.32:53316   BB.BB.BB.1:53316     90.152.0.226:53    90.152.0.226:53
tcp AA.AA.AA.33:80      BB.BB.BB.2:80        ---                ---
tcp AA.AA.AA.33:443     BB.BB.BB.2:443       ---                ---
tcp AA.AA.AA.32:2296    BB.BB.BB.10:2296     194.42.124.38:443  194.42.124.38:443
tcp AA.AA.AA.32:2310    BB.BB.BB.10:2310     82.109.127.10:443  82.109.127.10:443
tcp AA.AA.AA.32:2543    BB.BB.BB.10:2543     66.249.91.17:80    66.249.91.17:80
tcp AA.AA.AA.32:2545    BB.BB.BB.10:2545     66.249.91.189:80   66.249.91.189:80
tcp AA.AA.AA.32:2546    BB.BB.BB.10:2546     66.249.91.189:80   66.249.91.189:80
tcp AA.AA.AA.32:2548    BB.BB.BB.10:2548     66.249.91.17:80    66.249.91.17:80
tcp AA.AA.AA.32:3813    BB.BB.BB.12:3813     86.53.218.22:1935  86.53.218.22:1935
tcp AA.AA.AA.32:3824    BB.BB.BB.12:3824     86.53.218.22:1935  86.53.218.22:1935
tcp AA.AA.AA.32:3828    BB.BB.BB.12:3828     212.58.227.138:80  212.58.227.138:80
tcp AA.AA.AA.32:4062    BB.BB.BB.12:4062     92.122.213.192:80  92.122.213.192:80
tcp AA.AA.AA.32:4159    BB.BB.BB.12:4159     80.252.91.46:80    80.252.91.46:80
tcp AA.AA.AA.32:1370    BB.BB.BB.16:1370     82.109.127.10:443  82.109.127.10:443
tcp AA.AA.AA.32:1851    BB.BB.BB.18:1851     212.58.226.79:80   212.58.226.79:80
tcp AA.AA.AA.32:1857    BB.BB.BB.18:1857     212.58.226.73:80   212.58.226.73:80
tcp AA.AA.AA.32:1894    BB.BB.BB.18:1894     212.58.227.137:80  212.58.227.137:80
tcp AA.AA.AA.32:4316    BB.BB.BB.19:4316     212.58.227.137:80  212.58.227.137:80
tcp AA.AA.AA.32:4393    BB.BB.BB.19:4393     212.58.227.137:80  212.58.227.137:80
tcp AA.AA.AA.32:4395    BB.BB.BB.19:4395     212.58.227.137:80  212.58.227.137:80
tcp AA.AA.AA.32:3676    BB.BB.BB.28:3676     63.88.212.56:80    63.88.212.56:80
tcp AA.AA.AA.32:3916    BB.BB.BB.28:3916     74.125.79.99:80    74.125.79.99:80
tcp AA.AA.AA.32:3917    BB.BB.BB.28:3917     64.233.183.147:80  64.233.183.147:80
tcp AA.AA.AA.32:3920    BB.BB.BB.28:3920     91.198.174.2:80    91.198.174.2:80
tcp AA.AA.AA.32:3921    BB.BB.BB.28:3921     91.198.174.2:80    91.198.174.2:80
tcp AA.AA.AA.32:3922    BB.BB.BB.28:3922     91.198.174.3:80    91.198.174.3:80
tcp AA.AA.AA.32:3923    BB.BB.BB.28:3923     91.198.174.3:80    91.198.174.3:80
tcp AA.AA.AA.32:1635    BB.BB.BB.29:1635     92.122.209.33:80   92.122.209.33:80
tcp AA.AA.AA.32:1637    BB.BB.BB.29:1637     65.55.149.123:80   65.55.149.123:80
tcp AA.AA.AA.32:1644    BB.BB.BB.29:1644     92.122.209.33:80   92.122.209.33:80
tcp AA.AA.AA.32:1653    BB.BB.BB.29:1653     65.55.197.247:80   65.55.197.247:80
tcp AA.AA.AA.32:1664    BB.BB.BB.29:1664     80.252.91.52:80    80.252.91.52:80
tcp AA.AA.AA.32:1666    BB.BB.BB.29:1666     92.122.208.240:80  92.122.208.240:80
tcp AA.AA.AA.32:1668    BB.BB.BB.29:1668     92.122.208.240:80  92.122.208.240:80
tcp AA.AA.AA.32:1671    BB.BB.BB.29:1671     80.252.91.52:80    80.252.91.52:80
tcp AA.AA.AA.32:1672    BB.BB.BB.29:1672     92.122.209.33:80   92.122.209.33:80
tcp AA.AA.AA.32:1673    BB.BB.BB.29:1673     65.55.149.123:80   65.55.149.123:80
tcp AA.AA.AA.32:1674    BB.BB.BB.29:1674     65.55.197.247:80   65.55.197.247:80
tcp AA.AA.AA.32:1675    BB.BB.BB.29:1675     209.62.178.57:80   209.62.178.57:80
tcp AA.AA.AA.32:1676    BB.BB.BB.29:1676     194.129.79.21:80   194.129.79.21:80
tcp AA.AA.AA.32:1677    BB.BB.BB.29:1677     74.125.242.89:80   74.125.242.89:80
tcp AA.AA.AA.32:1678    BB.BB.BB.29:1678     216.73.84.17:80    216.73.84.17:80
tcp AA.AA.AA.32:1680    BB.BB.BB.29:1680     65.55.197.247:80   65.55.197.247:80
tcp AA.AA.AA.32:1681    BB.BB.BB.29:1681     194.129.79.21:80   194.129.79.21:80
tcp AA.AA.AA.32:1682    BB.BB.BB.29:1682     64.158.223.128:80  64.158.223.128:80
tcp AA.AA.AA.32:1683    BB.BB.BB.29:1683     84.53.151.182:443  84.53.151.182:443
tcp AA.AA.AA.32:1684    BB.BB.BB.29:1684     65.55.249.68:80    65.55.249.68:80
tcp AA.AA.AA.32:1685    BB.BB.BB.29:1685     194.129.79.21:80   194.129.79.21:80
tcp AA.AA.AA.32:1686    BB.BB.BB.29:1686     194.129.79.21:80   194.129.79.21:80
tcp AA.AA.AA.32:1687    BB.BB.BB.29:1687     92.122.208.171:80  92.122.208.171:80
tcp AA.AA.AA.32:1136    BB.BB.BB.30:1136     92.122.208.227:80  92.122.208.227:80
tcp AA.AA.AA.32:1098    BB.BB.BB.31:1098     74.125.79.103:80   74.125.79.103:80
tcp AA.AA.AA.32:3372    BB.BB.BB.36:3372     64.156.132.215:80  64.156.132.215:80
tcp AA.AA.AA.32:1290    BB.BB.BB.37:1290     92.122.208.200:80  92.122.208.200:80

Open in new window

ASKER
nigel8013

I am unable to remove those two lines requested at present because they are in use during the working day.

I may go for 2 weeks without a problem but then I may get the problem 3 times in one day.... there is no clear explanation to it other than possibly...

1)  Very heavy usage causing the router to slow down considerably
2)  A hardware fault

I can confirm that I have already updated the IOS from an older version that was reported to have had NAT problems defined very similar to the problems I am experiencing.
Faruk Onder Yerli

Cisco 870 series router can have such problem because of high session count on router for NAT. You can use "clear ip nat translation *". NAT will start to work. In same time you can check your LAN sync attacks and virus traffic. If you have more than 50 host in LAN, 870 series router is not correct solution for NAT operation.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
nigel8013

I thought it may have something to do with traffic.  I will review the logs the next time it happens to see if there is a high volume of traffic accordingly.

We do only have 14 hosts behind the router and on some occasions the office has been closed when this has happened.  On top of this we do have 100 staff hitting OWA and WSS3 on the server behind this router, although probably no more than 20 at a time.

I think I will go with the option to upgrade rather than waste more time investigating this one.

Nigel
SOLUTION
Faruk Onder Yerli

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
nigel8013

Have applied this to the router now... the last two lines failed to be accepted by the router...

ip audit notify log
ip audit po max-events 100

Please advise...

Nigel
memo_tnt

it's ok,,never mind,
so check ur router and send results,,
if it keeps crashing ,, then try change ur IOS image !!

BR
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
nigel8013

I have changed the IOS once already from an older version. Still will keep an eye on it.

Many thanks for your help,

Nigel
ASKER
nigel8013

Thanks Guys.  I will keep an eye on the router.