Attention: The forums will be placed on read only mode this Saturday (Oct. 20, 2018)

During this outage (6:30 AM to 8 PM PDT) the forums will be placed on read only mode. We apologize for this inconvenience. Click here to read details

Networking & Wireless forum

General discussion

cisco 871 series vpn 4 locations -getting kicked off by isp?

by teeneebee / November 1, 2009 11:41 AM PST

Default cisco 871 series vpn network 4 locations complications


Hello there,

I have just started my IT business this year and don't have alot of experience with constructing networks from the ground up. I can troubleshoot, but am learning still about many little quirks in dealing with ISPs and customers themselves.

I had some trouble with some old SMC routers and decided to replace them (they aren't supported by SMC anymore). I got the company some 871 series cisco routers. We have 4 locations, one main that is hosted by one ISP, and 3 others that is hosted by a different local ISP. When I hook up the routers, they are fine for the first 2hrs. The last time I tried, I was even able to ping my server through the VPN tunnel at the main location from a remote location. They then quit and stop all internet traffic. I at first configured the routers statically and have since decided to go with dynamic. Telus, the main office ISP said they have never allowed clients to connect to the static ip addresses statically, and so I configured the main office router as a DHCP server. Same thing, on fine for 2hrs, then it stops all operation. I know the time precisely because there is someone using the wireless next to the main office and reports to me when the internet is down. It takes the same length of time everytime to go down, and works beforehand almost perfectly.

Any idea what might be happening? I would appreciate any input at this point. I am also just learning command line through and using hyperterminal as well.

Thanks.

Discussion is locked
You are posting a reply to: cisco 871 series vpn 4 locations -getting kicked off by isp?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: cisco 871 series vpn 4 locations -getting kicked off by isp?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
What you learn is.
by R. Proffitt Forum moderator / November 1, 2009 9:23 PM PST

That wireless is not reliable. You'll get calls from wifi users no matter what you do. It's a lesson that many take years to learn. I can't explain why this lesson takes longer than others.

If they want to stay connected, get them wired.

Collapse -
Try cisco
by bill091 / November 1, 2009 11:24 PM PST
In reply to: What you learn is.

I would post your question to
http://forums.cisco.com/eforum/servlet/NetProf?page=main

Since you are using commercial equipment you might as well take advantage of the support group. To speed things up make sure you post the configurations "SHOW RUN" from your hub router as well as one of your spoke routers. Make sure you remove any shared keys or passwords.

Since I do not know these smaller routers well I will just provide you with some idea to look at.

First I assume you are not running Dynamic Multipoint VPN "DMVPN" and are not running a routing protocol such as OSPF. Both these can cause you to lose connectivity if they are not configured correctly.

Depending what you are losing.

1. If the IPSEC tunnels are staying active but traffic does not pass then you have a issue between the inside addresses and not the internet. This could be a true routing issue or it could be a DHCP thing on the client side. I would try to use static routes and static ip's on the clients.

2. If you are losing the IPSEC I would recommend you look at the DEBUG CRYTPO IPSEC command. This will show why you are losing the tunnel. It could be many things

You may want to remove the IPSEC and see if you can get it to work with just GRE tunnels. Even though GRE is not secure you could see if it stayed up and then encrypt the GRE traffic after. IPSEC encrypted GRE is a common configuration for large scale VPN networks.

Still I would post your question to the cisco forums there are many people there that deal with VPN on a daily basis unlike me.

Collapse -
871 series buggy
by teeneebee / November 2, 2009 2:28 PM PST
In reply to: Try cisco

Turns out that this model of cisco router has a memory problem. Fills up memory in about 2 hours and then freezes. If you reboot the router it's fine, but it will continue the cycle. Had to update the firmware for it and now am hoping that it will stick.

Thanks tho.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!