Buongiorno a tutti,
ho un problema con un Cisco 1841 appena acquistato...in pratica circa una volta al giorno si impalla e non riesco più a raggiungerlo con un ping (ha 1 inside ed una outside e nessuna delle due funziona,al massimo ho risposta ad un ping su 10).
Riavviando il router tutto torna alla normalità.
Cosa posso fare per capire cosa genera il problema?
Ho provato due diversi IOS (uno 12.3 e uno 12.4),ma non è cambiato nulla.
Posto la conf attuale:
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname BBC1841
!
boot-start-marker
boot-end-marker
!
enable secret
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
memory-size iomem 15
clock timezone GMT 1
clock summer-time GMT date Mar 31 2000 0:00 Sep 30 2000 0:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.5.2.100 10.5.2.254
!
ip dhcp pool pool1
network 10.5.2.0 255.255.255.0
default-router 10.5.2.254
dns-server 212.97.32.2 94.141.24.92
!
!
no ip ips deny-action ips-interface
ip name-server 212.97.32.2
ip name-server 94.141.24.92
ip name-server 208.67.222.222
ip name-server 208.67.220.220
!
no ftp-server write-enable
!
!
!
username password
username password
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 5
hash md5
authentication pre-share
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 5
lifetime 7200
!
crypto isakmp policy 30
encr 3des
authentication pre-share
group 2
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
crypto isakmp key address no-xauth
no crypto isakmp ccm
!
crypto isakmp client configuration group
key
dns 10.5.2.254
domain
pool ippool
acl 195
!
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto ipsec transform-set strongset esp-aes 256 esp-sha-hmac
!
crypto dynamic-map dynmap1 199
set transform-set myset
!
!
crypto map rtp client authentication list userauthen
crypto map rtp isakmp authorization list groupauthor
crypto map rtp client configuration address respond
crypto map rtp 10 ipsec-isakmp
description SB
set peer
set transform-set rtpset
match address 101
crypto map rtp 15 ipsec-isakmp
description ROS
set peer
set transform-set myset
match address 102
crypto map rtp 20 ipsec-isakmp
description MA
set peer
set transform-set rtpset
match address 104
crypto map rtp 25 ipsec-isakmp
description DE
set peer
set transform-set rtpset
match address 105
crypto map rtp 30 ipsec-isakmp
description GA
set peer
set transform-set strongset
set pfs group5
match address 106
crypto map rtp 35 ipsec-isakmp
description SE
set peer
set transform-set rtpset
match address 107
crypto map rtp 40 ipsec-isakmp
description BO
set peer
set transform-set myset
match address 108
crypto map rtp 45 ipsec-isakmp
description SBS
set peer
set transform-set rtpset
match address 109
crypto map rtp 199 ipsec-isakmp dynamic dynmap1
!
!
!
interface FastEthernet0/0
ip address 10.5.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map rtp
!
ip local pool ippool 10.5.1.1 10.5.1.254
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
ip route 10.5.1.0 255.255.255.0 FastEthernet0/0
ip route 10.5.2.0 255.255.255.0 FastEthernet0/0
!
no ip http server
no ip http secure-server
ip nat translation timeout 1800
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
ip access-list extended addr-pool
ip access-list extended default-domain
ip access-list extended dns-servers
ip access-list extended idletime
ip access-list extended inacl
ip access-list extended key-exchange
ip access-list extended protocol
ip access-list extended service
ip access-list extended timeout
ip access-list extended tty6
ip access-list extended tty7
ip access-list extended tty8
ip access-list extended tty9
ip access-list extended tunnel-password
ip access-list extended wins-servers
!
access-list 101 permit ip 10.0.0.0 0.255.255.255 10.5.3.0 0.0.0.255
access-list 101 permit ip 192.168.70.0 0.0.0.255 10.5.3.0 0.0.0.255
access-list 102 permit ip 10.5.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 10.5.1.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 102 permit ip 10.5.1.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 102 permit ip 10.5.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 10.5.2.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 102 permit ip 10.5.2.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 102 permit ip 10.5.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 10.5.3.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 102 permit ip 10.5.3.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 102 permit ip 10.5.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit ip 10.5.4.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 102 permit ip 10.5.4.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 104 permit ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.3.255
access-list 104 permit ip 10.5.0.0 0.0.255.255 10.0.8.0 0.0.3.255
access-list 104 permit ip 10.5.0.0 0.0.255.255 10.0.20.0 0.0.3.255
access-list 105 permit ip 10.5.0.0 0.0.255.255 10.45.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.11.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.12.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.13.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.14.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.15.0.0 0.0.255.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.80.0.0 0.0.0.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.80.1.0 0.0.0.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.80.2.0 0.0.0.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 10.80.3.0 0.0.0.255
access-list 106 permit ip 10.5.0.0 0.0.255.255 192.168.70.0 0.0.0.255
access-list 107 permit ip 10.5.0.0 0.0.255.255 10.152.0.0 0.0.255.255
access-list 107 permit ip 10.5.0.0 0.0.255.255 10.156.0.0 0.0.255.255
access-list 107 permit ip 10.5.0.0 0.0.255.255 10.163.0.0 0.0.255.255
access-list 108 permit ip 10.5.1.0 0.0.0.255 10.4.4.0 0.0.0.255
access-list 108 permit ip 10.5.2.0 0.0.0.255 10.4.4.0 0.0.0.255
access-list 109 permit ip 10.5.1.0 0.0.0.255 10.5.5.0 0.0.0.255
access-list 109 permit ip 10.5.2.0 0.0.0.255 10.5.5.0 0.0.0.255
access-list 120 deny ip 10.0.0.0 0.255.255.255 10.5.3.0 0.0.0.255
access-list 120 deny ip 192.168.70.0 0.0.0.255 10.5.3.0 0.0.0.255
access-list 120 deny ip 10.5.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.5.1.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 120 deny ip 10.5.1.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 120 deny ip 10.5.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.5.2.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 120 deny ip 10.5.2.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 120 deny ip 10.5.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.5.3.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 120 deny ip 10.5.3.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 120 deny ip 10.5.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 120 deny ip 10.5.4.0 0.0.0.255 10.15.16.0 0.0.0.255
access-list 120 deny ip 10.5.4.0 0.0.0.255 10.15.17.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.0.0.0 0.0.3.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.0.8.0 0.0.3.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.0.20.0 0.0.3.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.45.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.11.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.12.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.13.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.14.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.15.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.80.0.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.80.1.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.80.2.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.80.3.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 192.168.70.0 0.0.0.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.152.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.156.0.0 0.0.255.255
access-list 120 deny ip 10.5.0.0 0.0.255.255 10.163.0.0 0.0.255.255
access-list 120 deny ip 10.5.1.0 0.0.0.255 10.4.4.0 0.0.0.255
access-list 120 deny ip 10.5.2.0 0.0.0.255 10.4.4.0 0.0.0.255
access-list 120 deny ip 10.5.1.0 0.0.0.255 10.5.5.0 0.0.0.255
access-list 120 deny ip 10.5.2.0 0.0.0.255 10.5.5.0 0.0.0.255
access-list 120 permit ip 10.5.2.0 0.0.0.255 any
access-list 195 permit ip 10.152.0.0 0.0.255.255 any
access-list 195 permit ip 10.156.0.0 0.0.255.255 any
access-list 195 permit ip 10.163.0.0 0.0.255.255 any
access-list 195 permit ip 10.10.0.0 0.0.255.255 any
access-list 195 permit ip 10.11.0.0 0.0.255.255 any
access-list 195 permit ip 10.12.0.0 0.0.255.255 any
access-list 195 permit ip 10.13.0.0 0.0.255.255 any
access-list 195 permit ip 10.14.0.0 0.0.255.255 any
access-list 195 permit ip 10.15.0.0 0.0.255.255 any
access-list 195 permit ip 10.0.0.0 0.0.3.255 any
access-list 195 permit ip 10.0.8.0 0.0.3.255 any
access-list 195 permit ip 10.0.20.0 0.0.3.255 any
access-list 195 permit ip 10.45.0.0 0.0.255.255 any
access-list 195 permit ip 10.5.0.0 0.0.255.255 any
access-list 195 permit ip 192.168.1.0 0.0.0.255 any
access-list 195 permit ip 192.168.70.0 0.0.0.255 any
access-list 195 permit ip 10.80.0.0 0.0.255.255 any
access-list 195 permit ip 10.4.4.0 0.0.0.255 any
access-list 195 permit ip 10.5.5.0 0.0.0.255 any
route-map nonat permit 10
match ip address 120
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
password
line aux 0
line vty 0 4
password
!
scheduler allocate 20000 1000
end
Cisco 1841 che va in palla,come faccio a capire perchè?
Moderatore: Federico.Lagni
-
Richi_one
- Cisco pathologically enlightened user
- Messaggi: 175
- Iscritto il: sab 10 set , 2005 2:51 pm
- Località: Bologna
Per la cronaca,sembra tutto risolto semplicemente così
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX <--- ip pubblico router accesso internet
mah.
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX <--- ip pubblico router accesso internet
mah.
