Sameer,The config looks okany

sameer-parvaiz · ‎09-06-2015

Hi There,

We are using Cisco 2901 router for DMVPN and for internet services following are the current services running on router

We are using 3 ADSL connection from same provider two for VPN's and one for Internet.

Issue :-

After some time our two adsl connections which are we using for vpn connectivity lost their live ip's while 3rd ADSL link work fine which is serving internet facility. And at the same time dialer interface status is up up

How we are fixing

To fix this we restart the router and it got live IP's from service provider and establish VPN's

This is happening after couple of days and i am not getting the root cause

Can you please let me know what could be reason

all ATM interfaces and Dialer interfaces have same configurations

Thanks for Reply and help

Regards

Sameer

Richard Bradfield · ‎09-06-2015

Hi Sameer,

have you had the ISP check out the ADSL lines I had a similar problem which was the service provider.

also check the errors on the ADSL lines by doing a "sh dsl int atm" for each ATM interface.

HTH

Richard.

sameer-parvaiz · ‎09-06-2015

Thanks for reply,

Against which entry or line I have to check errors in the output

Thanks

sameer-parvaiz · ‎09-06-2015

This is the Show output with reference to atm's interfaces

sh dsl interface atM 0/0/0 | inc rrors
FEC ES Errors: 2108 1806281
ES Errors: 64 212680
SES Errors: 1 1006
LOSES Errors: 1 78
UES Errors: 0 16632187
CRC Errors: 0 190 0 427902
Header Errors: 0 176 0 660269

sh dsl interface atM ~~0/1/0~~ | inc rrors
FEC ES Errors: 683 228
ES Errors: 66 25
SES Errors: 8 1
LOSES Errors: 0 1
UES Errors: 678 0
CRC Errors: 0 72 0 72
Header Errors: 0 61 0 964

sh dsl interface atM 0/2/0 | inc rrors
FEC ES Errors: 181 615
ES Errors: 5 273
SES Errors: 1 8
LOSES Errors: 1 1
UES Errors: 0 672
CRC Errors: 0 5 0 472
Header Errors: 0 6 0 1049

Richard Bradfield · ‎09-06-2015

atm int 0/0/0 seems to have a lot of errors, if you do the commands a number of times can you see the errors increase?

you still should get the ISP to check out the ADSL lines from their side.

Also might need to load a later IOS on the router so the ADSL code is upgraded.

HTH

Richard.

sameer-parvaiz · ‎09-07-2015

Yesterday I configured automatic restart router at 3 AM in morning to avoid this kind of dis-connectivity, and it happened again with one link then I ring ISP and they are saying that they are not getting authentication request from modem/ router, then I restart the router and get connectivity on lost connection.

Regards

Sameer

Richard Bradfield · ‎09-07-2015

Sameer,

Can you share the relevant part of the configuration, ATM and Dialer interfaces at the minimum

sameer-parvaiz · ‎09-07-2015

interface ATM0/0/0
description EHWIC0 - VPN1
no ip address
no ip redirects
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0/1/0
description EHWIC1 - PVPN2
no ip address
no ip redirects
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface ATM0/2/0
description EHWIC2 - Web browsing and email
no ip address
no ip redirects
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive

interface Dialer0
description ATM0/0/0 VPN1
ip address negotiated
no ip redirects
no ip proxy-arp
ip accounting access-violations
ip mtu 1460
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxxxx
ppp chap password 7 xxxxxxxxx
no cdp enable
!
!
interface Dialer1
description ATM0/1/0 - VPN2
ip address negotiated
no ip redirects
no ip proxy-arp
ip accounting access-violations
ip mtu 1462
ip flow ingress
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 2
ppp authentication chap callin
ppp chap hostname xxxxxxxx
ppp chap password 7 xxxxxxxxx
no cdp enable
!
!
interface Dialer2
description ATM0/2/0 - Internet
ip address negotiated
no ip redirects
no ip proxy-arp
ip accounting access-violations
ip mtu 1462
ip flow ingress
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 3
ppp authentication chap callin
ppp chap hostname xxxxxxxx
ppp chap password 7 xxxxxxxxx
no cdp enable

sameer-parvaiz · ‎09-07-2015

also observe these errors

CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

and after this connection lost

Richard Bradfield · ‎09-08-2015

Sameer,

The config looks ok

any chance of swapping the physical interfaces, so that the Internet connection is on 0/0/0 and one of the VPNs on 0/2/0, and see if the problem stays with the same Physical interface. then if it does you know you have an ISP problem.

Cisco 2901 ADSL link lost Live IP's