Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco 877 Router - Suspected Nat Problem (Locks Up)

Avatar of nigel8013
nigel8013 asked on
RoutersHardware FirewallsNetworking Hardware-Other
13 Comments1 Solution2779 ViewsLast Modified:
I have been experiencing a recurring problem with a Cisco 877 Router.

Without explanation, the router appears to freeze. I lose internet connectivity and am unable to ping any external IP's, BUT I can still telnet into the router from internal, Am able to VPN (PPTP) through the router to a server sitting behind it and able to telnet to port 25 through the router to a mail server sitting behind it.

I would really apreciate it if people could check over my configuration (have removed IP's but replaced with letters to depict the different subnets) and let me know if it is possibly a configuration issue as opposed to a hardware issue?

Many Thanks in advance.

Nigel
Building configuration...
 
Current configuration : 2785 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-22.T.bin
boot-end-marker
!
logging message-counter syslog
enable password XXXXXXXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip inspect audit-trail
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall ica
ip inspect name Firewall icabrowser
ip inspect name Firewall realaudio
ip inspect name Firewall ftp
ip inspect name Firewall smtp
ip inspect name Firewall pop3
ip inspect name Firewall http
ip inspect name Firewall https
ip inspect name Firewall dns
ip inspect name Firewall telnet
ip inspect name Firewall pptp
ip inspect name Firewall icmp
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
!
interface FastEthernet1
 switchport access vlan 2
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
 switchport access vlan 2
!
interface Vlan1
 description vlan1 INTERNET
 ip address AA.AA.AA.32 255.255.255.0
 ip access-group 100 in
 ip nat outside
 ip inspect Firewall out
 ip virtual-reassembly
!
interface Vlan2
 description vlan2 NETWORK
 ip address BB.BB.BB.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 AA.AA.AA.1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 23 interface Vlan1 overload
ip nat inside source static tcp BB.BB.BB.1 25 AA.AA.AA.32 25 extendable
ip nat inside source static tcp BB.BB.BB.1 80 AA.AA.AA.32 80 extendable
ip nat inside source static tcp BB.BB.BB.1 443 AA.AA.AA.32 443 extendable
ip nat inside source static tcp BB.BB.BB.1 1723 AA.AA.AA.32 1723 extendable
ip nat inside source static tcp BB.BB.BB.1 3389 AA.AA.AA.32 3389 extendable
ip nat inside source static tcp BB.BB.BB.1 4125 AA.AA.AA.32 4125 extendable
ip nat inside source static tcp BB.BB.BB.2 80 AA.AA.AA.33 80 extendable
ip nat inside source static tcp BB.BB.BB.2 443 AA.AA.AA.33 443 extendable
!
access-list 23 permit any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq 443
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any any eq 1723
access-list 100 permit tcp any any eq 3389
access-list 100 permit tcp any any eq 4125
access-list 100 permit gre any any
access-list 100 permit tcp any any established
access-list 100 deny   tcp any any
!
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password XXXXXXXXXXX
 login
!
scheduler max-task-time 5000
end
ASKER CERTIFIED SOLUTION
Avatar of memo_tnt
memo_tntFlag of Palestine, State of image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 13 Comments.
See Answers