Cisco 1605 router freezing

Discussion in 'Cisco' started by John Nordien, Dec 16, 2004.

  1. John Nordien

    John Nordien Guest

    I have a Cisco 1605R router as my gateway to the internet. Recently the
    router has become unreliable and prone to hanging in the middle of the
    night. It has also done this during the day. When the router hangs there
    is no response from any port. Even the console port is unresponsive. The
    only recourse is to power cycle the router. My config is below. I don't
    see what could be causing the failures. The only thing I can point my
    finger at is the NAT entries for TCP 80 & 8081 fwd to an internal
    webserver. I have a syslog server & am trying to capture debug information
    but there is nothing.
    Any ideas out there?

    *********************************************************
    Router#sh ver
    Cisco Internetwork Operating System Software
    IOS (tm) 1600 Software (C1600-NOSY-M), Version 12.2(2)T, RELEASE SOFTWARE
    (fc1)

    TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
    Copyright (c) 1986-2001 by cisco Systems, Inc.
    Compiled Sat 02-Jun-01 17:08 by ccai
    Compiled Sat 02-Jun-01 17:08 by ccai

    ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
    ROM: 1600 Software (C1600-RBOOT-R), Version 12.0(3)T, RELEASE SOFTWARE
    (fc1)

    Router uptime is 11 hours, 20 minutes
    System returned to ROM by power-on
    System restarted at 06:03:57 CST Thu Dec 16 2004
    System image file is "flash:c1600-nosy-mz.122-2.T.bin"

    cisco 1605 (68360) processor (revision C) with 18432K/6144K bytes of memory.
    Processor board ID 21576827, with hardware revision 00000003
    Bridging software.
    X.25 software, Version 3.0.0.
    2 Ethernet/IEEE 802.3 interface(s)
    1 Serial(sync/async) network interface(s)
    System/IO memory with parity disabled
    8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
    System running from RAM
    7K bytes of non-volatile configuration memory.
    16384K bytes of processor board PCMCIA flash (Read/Write)

    Configuration register is 0x2102

    *********************************************************
    Router#sh run
    Building configuration...

    Current configuration : 4803 bytes
    !
    version 12.2
    no parser cache
    no service single-slot-reload-enable
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname <Router>
    !
    boot system flash:
    logging buffered 4096 notifications
    logging rate-limit console 10 except errors
    enable password <removed>
    !
    username <removed> password <removed>
    clock timezone CST -6
    ip subnet-zero
    no ip domain-lookup
    !
    ip inspect max-incomplete high 1100
    ip inspect one-minute high 1100
    ip inspect name Ethernet_0 tcp
    ip inspect name Ethernet_0 udp
    ip inspect name Ethernet_0 cuseeme
    ip inspect name Ethernet_0 ftp
    ip inspect name Ethernet_0 h323
    ip inspect name Ethernet_0 rcmd
    ip inspect name Ethernet_0 realaudio
    ip inspect name Ethernet_0 smtp
    ip inspect name Ethernet_0 streamworks
    ip inspect name Ethernet_0 vdolive
    ip inspect name Ethernet_0 sqlnet
    ip inspect name Ethernet_0 tftp
    no ip dhcp-client network-discovery
    async-bootp dns-server 10.0.0.6
    async-bootp nbns-server 10.0.0.6
    vpdn enable
    !
    vpdn-group 1
    request-dialin
    protocol pppoe
    !
    vpdn-group VPN-PPTP
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 2
    !
    !
    !
    !
    interface Ethernet0
    description Internal LAN
    ip address 10.0.0.1 255.0.0.0
    ip nat inside
    no ip route-cache
    no ip mroute-cache
    no cdp enable
    !
    interface Ethernet1
    description connected to Internet
    no ip address
    no ip route-cache
    no ip mroute-cache
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Virtual-Template2
    description VPN client interface. NOT USED
    ip unnumbered Ethernet0
    peer default ip address pool VPNclients
    ppp authentication ms-chap
    !
    interface Serial0
    no ip address
    shutdown
    no cdp enable
    !
    interface Dialer1
    description Connected to Internet
    ip address negotiated
    ip access-group 101 in
    ip nat outside
    ip inspect Ethernet_0 out
    encapsulation ppp
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp pap sent-username <removed> password <removed>
    ip local pool VPNclients 10.250.0.1 10.250.0.99
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source static tcp 10.0.0.9 8081 <removed> 80 extendable
    ip nat inside source static tcp 10.0.0.14 20 <removed> 20 extendable
    ip nat inside source static tcp 10.0.0.14 21 <removed> 21 extendable
    ip nat inside source static tcp 10.0.0.10 443 <removed> 443 extendable
    ip nat inside source static tcp 10.0.0.10 25 <removed> 25 extendable
    ip nat inside source static tcp 10.0.0.12 3389 <removed> 3389 extendable
    ip nat inside source static tcp 10.0.0.9 8081 <removed> 8081 extendable
    ip nat inside source static tcp 10.0.0.1 23 <removed> 23 extendable
    ip nat inside source static tcp 10.0.0.32 5910 <removed> 5910 extendable
    ip nat inside source static tcp 10.0.0.7 1723 <removed> 1723 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 192.168.0.0 255.255.0.0 10.0.0.6
    no ip http server
    !
    logging trap debugging
    logging 10.0.0.5
    access-list 1 permit 10.0.0.0 0.255.255.255
    access-list 101 remark ACL inbound from Internet
    access-list 101 permit icmp any any unreachable
    access-list 101 permit icmp any any packet-too-big
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any traceroute
    access-list 101 permit tcp any any eq ftp-data
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq smtp
    access-list 101 permit tcp any any eq telnet
    access-list 101 permit tcp any any eq www
    access-list 101 permit tcp any any eq 443
    access-list 101 permit tcp any any eq 1723
    access-list 101 permit tcp any any eq 3389
    access-list 101 permit tcp any any eq 5910
    access-list 101 permit tcp any any eq 8081
    access-list 101 permit gre any any
    access-list 101 permit udp any any eq ntp
    access-list 101 deny tcp any any eq 135
    access-list 101 deny tcp any any eq 137
    access-list 101 deny tcp any any eq 138
    access-list 101 deny tcp any any eq 139
    access-list 101 deny tcp any any eq 445
    access-list 101 deny tcp any any eq 464
    access-list 101 deny tcp any any eq 1434
    access-list 101 deny tcp any any eq 1512
    access-list 101 deny udp any any eq 135
    access-list 101 deny udp any any eq netbios-ns
    access-list 101 deny udp any any eq netbios-dgm
    access-list 101 deny udp any any eq 1434
    access-list 101 deny udp any any eq 1512
    access-list 101 deny ip any any log
    no cdp run
    !
    !
    banner motd ^C
    ********************************************
    * AUTHORIZED ACCESS ONLY *
    * DO NOT attempt to login. *
    ********************************************

    ^C
    !
    line con 0
    exec-timeout 0 0
    password <removed>
    login
    line vty 0 4
    password <removed>
    login
    !
    sntp server 10.0.0.6
    end
     
    John Nordien, Dec 16, 2004
    #1
    1. Advertising

  2. What was the last change made to the 1605? even if you don't think it's
    related. :)

    Other strategies, you could sniff inside and outside of the 1600 to see if
    certain traffic is causing the lock up or you can minimize the config to
    it's most basic to see if a command/technology is causing the issue.

    Regards,
    Steve
    http://www.cisco-forum.com

    "John Nordien" <> wrote in message
    news:v9pwd.2835$...
    >I have a Cisco 1605R router as my gateway to the internet. Recently the
    > router has become unreliable and prone to hanging in the middle of the
    > night. It has also done this during the day. When the router hangs there
    > is no response from any port. Even the console port is unresponsive. The
    > only recourse is to power cycle the router. My config is below. I don't
    > see what could be causing the failures. The only thing I can point my
    > finger at is the NAT entries for TCP 80 & 8081 fwd to an internal
    > webserver. I have a syslog server & am trying to capture debug
    > information
    > but there is nothing.
    > Any ideas out there?
    >
    > *********************************************************
    > Router#sh ver
    > Cisco Internetwork Operating System Software
    > IOS (tm) 1600 Software (C1600-NOSY-M), Version 12.2(2)T, RELEASE SOFTWARE
    > (fc1)
    >
    > TAC Support: http://www.cisco.com/cgi-bin/ibld/view.pl?i=support
    > Copyright (c) 1986-2001 by cisco Systems, Inc.
    > Compiled Sat 02-Jun-01 17:08 by ccai
    > Compiled Sat 02-Jun-01 17:08 by ccai
    >
    > ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)
    > ROM: 1600 Software (C1600-RBOOT-R), Version 12.0(3)T, RELEASE SOFTWARE
    > (fc1)
    >
    > Router uptime is 11 hours, 20 minutes
    > System returned to ROM by power-on
    > System restarted at 06:03:57 CST Thu Dec 16 2004
    > System image file is "flash:c1600-nosy-mz.122-2.T.bin"
    >
    > cisco 1605 (68360) processor (revision C) with 18432K/6144K bytes of
    > memory.
    > Processor board ID 21576827, with hardware revision 00000003
    > Bridging software.
    > X.25 software, Version 3.0.0.
    > 2 Ethernet/IEEE 802.3 interface(s)
    > 1 Serial(sync/async) network interface(s)
    > System/IO memory with parity disabled
    > 8192K bytes of DRAM onboard 16384K bytes of DRAM on SIMM
    > System running from RAM
    > 7K bytes of non-volatile configuration memory.
    > 16384K bytes of processor board PCMCIA flash (Read/Write)
    >
    > Configuration register is 0x2102
    >
    > *********************************************************
    > Router#sh run
    > Building configuration...
    >
    > Current configuration : 4803 bytes
    > !
    > version 12.2
    > no parser cache
    > no service single-slot-reload-enable
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > service password-encryption
    > !
    > hostname <Router>
    > !
    > boot system flash:
    > logging buffered 4096 notifications
    > logging rate-limit console 10 except errors
    > enable password <removed>
    > !
    > username <removed> password <removed>
    > clock timezone CST -6
    > ip subnet-zero
    > no ip domain-lookup
    > !
    > ip inspect max-incomplete high 1100
    > ip inspect one-minute high 1100
    > ip inspect name Ethernet_0 tcp
    > ip inspect name Ethernet_0 udp
    > ip inspect name Ethernet_0 cuseeme
    > ip inspect name Ethernet_0 ftp
    > ip inspect name Ethernet_0 h323
    > ip inspect name Ethernet_0 rcmd
    > ip inspect name Ethernet_0 realaudio
    > ip inspect name Ethernet_0 smtp
    > ip inspect name Ethernet_0 streamworks
    > ip inspect name Ethernet_0 vdolive
    > ip inspect name Ethernet_0 sqlnet
    > ip inspect name Ethernet_0 tftp
    > no ip dhcp-client network-discovery
    > async-bootp dns-server 10.0.0.6
    > async-bootp nbns-server 10.0.0.6
    > vpdn enable
    > !
    > vpdn-group 1
    > request-dialin
    > protocol pppoe
    > !
    > vpdn-group VPN-PPTP
    > ! Default PPTP VPDN group
    > accept-dialin
    > protocol pptp
    > virtual-template 2
    > !
    > !
    > !
    > !
    > interface Ethernet0
    > description Internal LAN
    > ip address 10.0.0.1 255.0.0.0
    > ip nat inside
    > no ip route-cache
    > no ip mroute-cache
    > no cdp enable
    > !
    > interface Ethernet1
    > description connected to Internet
    > no ip address
    > no ip route-cache
    > no ip mroute-cache
    > pppoe enable
    > pppoe-client dial-pool-number 1
    > no cdp enable
    > !
    > interface Virtual-Template2
    > description VPN client interface. NOT USED
    > ip unnumbered Ethernet0
    > peer default ip address pool VPNclients
    > ppp authentication ms-chap
    > !
    > interface Serial0
    > no ip address
    > shutdown
    > no cdp enable
    > !
    > interface Dialer1
    > description Connected to Internet
    > ip address negotiated
    > ip access-group 101 in
    > ip nat outside
    > ip inspect Ethernet_0 out
    > encapsulation ppp
    > no ip mroute-cache
    > dialer pool 1
    > dialer-group 1
    > no cdp enable
    > ppp pap sent-username <removed> password <removed>
    > ip local pool VPNclients 10.250.0.1 10.250.0.99
    > ip nat inside source list 1 interface Dialer1 overload
    > ip nat inside source static tcp 10.0.0.9 8081 <removed> 80 extendable
    > ip nat inside source static tcp 10.0.0.14 20 <removed> 20 extendable
    > ip nat inside source static tcp 10.0.0.14 21 <removed> 21 extendable
    > ip nat inside source static tcp 10.0.0.10 443 <removed> 443 extendable
    > ip nat inside source static tcp 10.0.0.10 25 <removed> 25 extendable
    > ip nat inside source static tcp 10.0.0.12 3389 <removed> 3389 extendable
    > ip nat inside source static tcp 10.0.0.9 8081 <removed> 8081 extendable
    > ip nat inside source static tcp 10.0.0.1 23 <removed> 23 extendable
    > ip nat inside source static tcp 10.0.0.32 5910 <removed> 5910 extendable
    > ip nat inside source static tcp 10.0.0.7 1723 <removed> 1723 extendable
    > ip classless
    > ip route 0.0.0.0 0.0.0.0 Dialer1
    > ip route 192.168.0.0 255.255.0.0 10.0.0.6
    > no ip http server
    > !
    > logging trap debugging
    > logging 10.0.0.5
    > access-list 1 permit 10.0.0.0 0.255.255.255
    > access-list 101 remark ACL inbound from Internet
    > access-list 101 permit icmp any any unreachable
    > access-list 101 permit icmp any any packet-too-big
    > access-list 101 permit icmp any any time-exceeded
    > access-list 101 permit icmp any any echo-reply
    > access-list 101 permit icmp any any traceroute
    > access-list 101 permit tcp any any eq ftp-data
    > access-list 101 permit tcp any any eq ftp
    > access-list 101 permit tcp any any eq smtp
    > access-list 101 permit tcp any any eq telnet
    > access-list 101 permit tcp any any eq www
    > access-list 101 permit tcp any any eq 443
    > access-list 101 permit tcp any any eq 1723
    > access-list 101 permit tcp any any eq 3389
    > access-list 101 permit tcp any any eq 5910
    > access-list 101 permit tcp any any eq 8081
    > access-list 101 permit gre any any
    > access-list 101 permit udp any any eq ntp
    > access-list 101 deny tcp any any eq 135
    > access-list 101 deny tcp any any eq 137
    > access-list 101 deny tcp any any eq 138
    > access-list 101 deny tcp any any eq 139
    > access-list 101 deny tcp any any eq 445
    > access-list 101 deny tcp any any eq 464
    > access-list 101 deny tcp any any eq 1434
    > access-list 101 deny tcp any any eq 1512
    > access-list 101 deny udp any any eq 135
    > access-list 101 deny udp any any eq netbios-ns
    > access-list 101 deny udp any any eq netbios-dgm
    > access-list 101 deny udp any any eq 1434
    > access-list 101 deny udp any any eq 1512
    > access-list 101 deny ip any any log
    > no cdp run
    > !
    > !
    > banner motd ^C
    > ********************************************
    > * AUTHORIZED ACCESS ONLY *
    > * DO NOT attempt to login. *
    > ********************************************
    >
    > ^C
    > !
    > line con 0
    > exec-timeout 0 0
    > password <removed>
    > login
    > line vty 0 4
    > password <removed>
    > login
    > !
    > sntp server 10.0.0.6
    > end
    >
    >
     
    cisco-forum.com, Dec 18, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rachid23
    Replies:
    0
    Views:
    1,088
    rachid23
    Jul 8, 2003
  2. Dave Thomas
    Replies:
    2
    Views:
    6,694
    Ted Mittelstaedt
    Jul 20, 2003
  3. Babe meneses

    configurar enlace de backup cisco 1605 R

    Babe meneses, Mar 2, 2004, in forum: Cisco
    Replies:
    1
    Views:
    2,137
    zebop
    Jun 22, 2012
  4. mikey
    Replies:
    16
    Views:
    707
    mikey
    Nov 10, 2004
  5. Isis
    Replies:
    0
    Views:
    626
Loading...

Share This Page