We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


router internet connection drops out !

Medium Priority
Last Modified: 2012-05-06
Hi there,
I've an internet site (running a cisco router) but after every 1 week or so,
we always have to restart the router and then only it can send traffic.
At that instant when router doesnt responsd, we tested a ping to a WAN I.P and
got ttl expired in transit instead of request timed out ... we always have to
restart the router whenever this is the case .....

Below is my config and show version output
Current configuration : 5300 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxx
logging buffered 51200 warnings
no aaa new-model
clock timezone ACST 9 30
clock summer-time ACST recurring last Sun Oct 2:00 last Sun Mar 2:00
crypto pki trustpoint TP-self-signed-1394679709
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1394679709
 revocation-check none
 rsakeypair TP-self-signed-1394679709
crypto pki certificate chain TP-self-signed-1394679709
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31333934 36373937 3039301E 170D3032 30333031 30303035
  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33393436
  37393730 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BF55 847CE78D 5FB8B3E1 17DC6CB9 4FB3DC22 52A99099 736E495B A8311A99
  CF79998B ED8837A8 04991455 1F228E59 2ABF80C7 FCCF030E 25BCDAEC 45017F09
  8AA65D9F 5E80D8AD 200A9C21 D8A1984F DE338634 5260BFEF 86D5EB57 AB3DE649
  B66FFCA0 89AB8AF6 8E26F764 3F8EAA0E 945E4EC3 9D80BDC9 79F034B5 EB15015F
  C06B0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 14C94D0E D753B0F9 73E94A24 7AFCAA01 C85CA260
  37301D06 03551D0E 04160414 C94D0ED7 53B0F973 E94A247A FCAA01C8 5CA26037
  300D0609 2A864886 F70D0101 04050003 81810014 65F1B28C 0EA37A22 5FEC5729
  A7328E1A DDEC0C47 4F7746FB D5C6D27C 89E3E9C8 C6FB2AA1 498E39B1 0BB3BA81
  FF5FE05F 4FC585F0 B3D586C2 6E659A18 33F420FD 23A15FED 377C16F2 D846C271
  7DB46A9F 21348292 5EA4B62C FD72A572 28555F1A DCCB7941 8A3C39D8 5CCDF041
  5240BCE6 2FB9505C C56B0B4B A06E5F93 C74E81
ip cef
no ip domain lookup
ip domain name xxx
multilink bundle-name authenticated
username xxxx privilege 15 xxxxx
 log config
track 1 rtr 1 reachability
 delay down 30
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 dsl operating-mode auto
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
 description VLAN1_subnet1
 ip address secondary
 ip address secondary
 ip address
 ip tcp adjust-mss 1452
 standby delay minimum 20 reload 25
 standby 0 ip
 standby 0 preempt
 standby 1 priority 120
 standby 1 preempt
 standby 1 track 1 decrement 20
interface Dialer1
 description -- IPWAN ADSL2+ "ggbondi" --
 bandwidth 1000
 ip address negotiated
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname xxxx
 ppp chap password 0 xxxx
 ppp multilink
interface Dialer2
 no ip address
 no cdp enable
ip local policy route-map IPWAN_access
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip route Dialer1
ip route permanent
no ip http server
no ip http secure-server
ip nat inside source static tcp 5631 interface Dialer2 5631
ip nat inside source static tcp 5631 interface Dialer2 5633
ip sla 1
 timeout 4000
 frequency 5
 history hours-of-statistics-kept 24
ip sla schedule 1 life forever start-time now
access-list 101 permit icmp any host echo
snmp-server community public RO
no cdp run
route-map IPWAN_access permit 10
 match ip address 101
 set interface Dialer1 Null0
banner login ^C
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 terminal-type vt100
 length 25
 transport output all
 stopbits 1
line aux 0
 transport output all
line vty 0 4
 session-timeout 10  output
 access-class 10 in
 privilege level 15
 password 7 xxxx
 login local
 terminal-type vt100
 length 25
 transport input all
 transport output all
scheduler max-task-time 5000
webvpn cef

Open in new window

Watch Question


I've removed
snmp-server community public RO
but any thing apart from that ?


and i'd say also ignore the misconfigured standby since there is no other peer ... this is the only router ...
Can you provide a "sh version" for this router.  Your problem sounds like the router is running out of resources after that period of time (related to NAT table or Memory)
What are the types of traffic passing through this router? any "peer-to-peer" traffic? (not really for the bandwidth, but more on the number of connections the router has to NAT at any given time)


Yes, its an internet cafe where people use P2P traffic but its all data traffic only that passed through, no voip traffic .... There are 28 PC's in this site and usually all of them are online at the same time ... but we just started having this issue about a couple of weeks ago ... we have to restart the router that time and then it comes back to normal only ...

router1.ggbondi#sh version
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T1,
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 16:47 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

router1.ggbondi uptime is 6 days, 1 hour, 21 minutes
System returned to ROM by power-on
System image file is "flash:c870-advipservicesk9-mz.124-15.T1.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco 877-M (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of me
Processor board ID FCZ114691SH
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102
Couple of ideas here - off the bat you can start with this
ip nat translation udp-timeout 900
ip nat translation tcp-timeout 900

This will make sure un-used NAT entries are cleared automatically every 15 minutes, instead of default which may be up to 24 hours.

Second: over a period of time (ie. during high peak times), see how many entries are being kept in NAT table.  You'll get that info by doing "show ip nat statist"
What is the "total active translations" at these times...?
By default the IOS doesn't impose a limit on the number of active translations (your mileage will vary based on device's memory ), but you can impose a limit on how many translations which are created by using the "ip nat translations max-entries <n>" command.


guess what, am kinda confused here  ! lol ...
wht u are saying absolutely makes sense .... but there is no ip nat inside, ip nat outside defined in the config on any of the interfaces .  ... there are just 2 port forwarding rules defined thru Nat, thats it ! It's a bit strange ! how can they get out to the internet right now if there is no nat ?


sorry, please ignore my previous entry ...
actually this goes through one of our core routers that is natted .. sorry for above ! my mistake .... but this also means that there is no nat happening at the current site in question ... so i guess i'd rule out teh nat table size or anything coz there is no nat happening at all ... Nat only happens at one of the core routers ... this is just a branch site with no natting ...
I've been wondering the same thing as well...can you post the following:

"sh ip int br | e unas"

"sh ip route"



Interface                  IP-Address      OK? Method Status                Prot
FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    down

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    down

ATM0                       unassigned      YES NVRAM  up                    up

Vlan1                      10.x.x.x   YES NVRAM  up                    up

Dialer1                    172.25.x.x   YES IPCP   up                    up

Dialer2                    unassigned      YES NVRAM  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

NVI0                       unassigned      NO  unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    up


so yeah no nat with this configuration .... ur article is abt configuring ppoatm which is already done !


and in the routing table, the default route is going via dialer 1 (the next hop) ... rest are just inside routes to a couple of servers ...


Hi there,
Any idea as to might might be in the configuration causing the error ... Else, Do you suggest an IOS upgrade if there are any known issues with this version ? Thanks...

i have the same router same specifications but with this IOS image
it's working 100% ,,
uptime is 1 week, 19 hours, 22 minutes
try it and reply results


so ur using version 8 and i got 15 ? but anyway i will try your version if my router needs the usual restart again ! ...after ive removed those SNMP commands which made the router vulnerable to DOS attacks, things have been good so far ! if it restarts again, ill move to ur version ... thanks
i didnt notice that,,
try create an ACL that permit specific IPs to read SNMP
and deny any any
this will prevent u from vulnerable attacks
plus if this didnt solve try my IOS version

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.