Link to home
Start Free TrialLog in
Avatar of shanehooton

asked on

Remote Cisco 2811 Disconnection

We have several remote sites with 2811 Routers that have a IPsec VPN connection back to our main office ASA 5510s.

3 of the sites will occasionally drop their connection. When this happens, the devices attached to the Routers lose their network access. However, we can still remotely log into the Router over the VPN connection.

When we reload the router, everything comes back online. However, sometimes it will work for as little as 2 minutes before doing the same thing again.

When this is happening this particular error shows up in solarwinds in the syslog message for the node:

Bad refcount in datagram_done, ptr=4602BD2C, count=0, -Traceback= 0x4038D5C8z 0x402EC9D0z 0x405A65D4z 0x402EB2B8z 0x4001003Cz 0x40011570z

Any one have any idea what might be causing this to occur?
Avatar of asavener
Flag of United States of America image

The user receives the %SYS-2-BADSHARE: Bad refcount in datagram_done error message
VERSION 2  Click to view document history
Core issue

%SYS-2-BADSHARE: Bad refcount in [chars], ptr=[hex], count=[hex]


A reference count is used to track the usage of many data structures. A function increments the count when it begins to use a structure and decrements it when it is finished. When the count becomes zero, the data structure is freed. When the count is accessed, it is found to be negative, which means that the data structure is not freed until the system is re-loaded. The error message indicates that the process is trying to free a packet which no one is referencing.


On a Catalyst 6500 running native Cisco IOS  Software Release 12.1E, the error message is sometimes displayed. It is followed by a traceback, under heavy traffic conditions.


Normally, this is an informational error, and it should not affect the switch performance.

To fix this problem, perform one of these procedures:

    Turn off globally IGMP snooping by issuing the no ip igmp snooping command.      
    Upgrade to the latest Cisco IOS Software available.

For more information, refer to these Cisco bug IDs:


Symptoms: A router that is configured for Dynamic Multipoint VPN (DMVPN) may frequently generate the following error message:

%SYS-2-BADSHARE: Bad refcount in datagram_done.

Conditions: This symptom is observed on the Cisco 871 and Cisco 1800 series routers that function as a DMVPN spoke.

Workaround: There is no workaround.
Check that you have the latest version of the IOS installed on these routers.

If that doesn't fix it, you may want to try virtual tunnel interface (VTI) instead of DMVPN.
Avatar of shanehooton


They are already using VTI and not DMVPN.

I'm more concerned about what is causing the routers to make the attached devices lose network, the error just happens to come up at the same time, whether it be related or not.
When you remote to the routers, are you using the tunnel interface address, the public IP, or the inside (LAN-facing) IP?

Are you using dynamic routes?
The inside LAN facing address.

No we are not.
Can you ping remote hosts while they are unable to connect?
Can you ping them from the router(s)?

I also suggest that you run "show arp" on the router during an outage.
what are the three previous syslog messages ?
Avatar of shanehooton

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No other solutions offered worked.