Re: Correct/Incorrect configuration of CISCO Router 877

alshahatit.awad@gmail.com · ‎10-24-2017

Hello all,

I do not have much experience with configuring CISCO Routers, but I had to try configuring it.

Below is the output from Show Run command, please check below and let me know if anything is missing or if I need to adjust things in a correct way.

blue#show run
Building configuration...

Current configuration : 2341 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname blue
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
aaa new-model
!
!
aaa authentication login VPN_XAUTH local
aaa authentication login LOGIN local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec LOGIN local if-authenticated
aaa authorization commands 15 LOGIN local if-authenticated
aaa authorization network VPN_GAUTH local
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
!
username XXX privilege 15 password 0 XXX
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/48
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat outside
ip virtual-reassembly
tunnel mode ipsec ipv4
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
no ip address
!
interface Dialer1
ip address negotiated
ip mtu 1380
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp pap sent-username XXX password 0 XXX
!
ip local pool VPN_IP_POOL 10.0.4.10 10.0.4.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface Dialer1 overload
!
ip access-list extended VPN_ACL
permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
!
access-list 23 permit 10.0.4.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 permit tcp any any range 49152 65535
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
authorization exec LOGIN
login authentication LOGIN
transport input telnet ssh
!
scheduler max-task-time 5000
end

blue#

Julio E. Moisa · ‎10-27-2017

Hi

I see several configurations for different targets, NAT, VPN, PPP.

The NAT configuration looks fine, you could use the standard ACL 23 instead the ACL 101, this line could be removed: access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255.

My recommendation is use a standard VLAN instead extended VLAN.

Now you could remove the following line:

interface Virtual-Template1 type tunnel
ip nat outside

But Im not sure the reason to use this router, could you please provide more details?

Thank you in advance.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

alshahatit.awad@gmail.com · ‎10-27-2017

Hello,

Currently, I have two CISCO Routers series 800. One of them is 887VA, the other one is 878.

The first 887VA router has the below configuration:

ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.255
!
ip dhcp pool DHCPSRV
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server XXX
!

interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
!
interface ATM0.1 point-to-point
snmp trap link-status
pvc 8/48
dialer pool-member 1
protocol ppp dialer
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username X password 0 X
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
!
ip local pool VPN_IP_POOL 192.168.4.70 192.168.4.99
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.253 80 interface Dialer0 80
!
ip access-list extended VPN_ACL
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
!

The 2nd 878.router has the below configuration:

ip source-route
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 10.0.1.201 10.0.1.255
!
ip dhcp pool IMG-DATA
   network 10.0.1.0 255.255.255.0
   default-router 10.0.1.1
   dns-server XXX
!

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/48
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat outside
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile EXT_IPSEC
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp pap sent-username XXX password 0 XXX
ppp ipcp route default
!
ip local pool VPN_POOL 10.0.4.10 10.0.4.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat pool SRV-POOL 10.0.1.249 10.0.1.249 netmask 255.255.255.0 type rotary
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.0.1.249 443 interface Dialer0 443
ip nat inside source static tcp 10.0.1.249 21 interface Dialer0 12021
ip nat inside source static tcp 10.0.1.249 80 interface Dialer0 80
ip nat inside destination list 100 pool SRV-POOL
!
ip access-list extended SRV
permit tcp host 10.0.1.249 any range 49152 65535
ip access-list extended VPN_ACL
permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
!
access-list 23 permit 10.0.4.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 permit tcp any any range 49152 65535
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
!
!
!
route-map SRV-RM permit 10
match ip address SRV

!

I need your help in the below questions?

1. What dns-server should I set in both routers? Should it be for example; 192.168.1.1 , 10.0.1.1, or I should assign the IP address of Dialer0 from the ISP?

2. I have noticed that there is a huge slowness in the internet speed, why?

3. Do you think it's better to move the configuration of CISCO Router 878 to a new 887VA router as I have extra 887 router in the stock?

4. Any comments or entries I should modify on both configuration if I want to stick with 887VA and 878 routers?

Thanks in advance!

Georg Pauwen · ‎10-27-2017

Hello,

changes to your configs are in bold. Is your VPN dialup working correctly ?

The 878 is EoL (End of Life), so if you have a new 887VA, by all means install it.

887VA

ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.255
!
ip dhcp pool DHCPSRV
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!

interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
!
interface ATM0.1 point-to-point
snmp trap link-status
pvc 8/48
dialer pool-member 1
protocol ppp dialer
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1420
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username X password 0 X
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
!
ip local pool VPN_IP_POOL 192.168.4.70 192.168.4.99
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.253 80 interface Dialer0 80
!
ip access-list extended VPN_ACL
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any

878 Router

ip source-route
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 10.0.1.201 10.0.1.255
!
ip dhcp pool IMG-DATA
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 8.8.8.8 8.8.4.4
!

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/48
pppoe-client dial-pool-number 1
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat outside
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile EXT_IPSEC
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip mtu 1460
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ip tcp adjust-mss 1420
ppp pap sent-username XXX password 0 XXX
ppp ipcp route default
!
ip local pool VPN_POOL 10.0.4.10 10.0.4.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat pool SRV-POOL 10.0.1.249 10.0.1.249 netmask 255.255.255.0 type rotary
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.0.1.249 443 interface Dialer0 443
ip nat inside source static tcp 10.0.1.249 21 interface Dialer0 12021
ip nat inside source static tcp 10.0.1.249 80 interface Dialer0 80
ip nat inside destination list 100 pool SRV-POOL
!
ip access-list extended SRV
permit tcp host 10.0.1.249 any range 49152 65535
ip access-list extended VPN_ACL
permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
!
access-list 23 permit 10.0.4.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 permit tcp any any range 49152 65535
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
!
route-map SRV-RM permit 10
match ip address SRV
and priority queuing for egress traffic

alshahatit.awad@gmail.com · ‎10-27-2017

Hello,

The VPN is working fine.

WHat do you mean by "and priority queuing for egress traffic"?

Thanks,

alshahatit.awad@gmail.com · ‎10-30-2017

Hello,

Currently, I have two CISCO routers 887VA from series 800. I have configured both of them as shown below (Blue_Router , Green_Router).

- Green_Router is working fine since a week.

- Blue_Router worked fine yesterday, but I have just noticed that the whole configuration got erased and I can't reach it via Telnet. Note that I have saved the configuration yesterday.

Please check the below configuration for both Blue_Router and Green_Router, note that the issue is only on Blue

Blue_Router#show run
Building configuration...

Current configuration : 3820 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Blue_Router
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login VPN_XAUTH local
aaa authentication login LOGIN local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec LOGIN local if-authenticated
aaa authorization commands 15 LOGIN local if-authenticated
aaa authorization network VPN_GAUTH local
!
!
aaa session-id common
ethernet lmi ce
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 10.0.1.201 10.0.1.255
!
ip dhcp pool IM-DATA
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 10.0.1.1
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
username XXX privilege 15 password 0 XXX
!
!
controller VDSL 0
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 8/48
pppoe-client dial-pool-number 1
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat outside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile DFS-EXT_IPSEC
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp pap sent-username XXX password 0 XXX
ppp ipcp route default
!
ip local pool VPN_IP_POOL 10.0.4.10 10.0.4.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool SRV-POOL 10.0.1.249 10.0.1.249 netmask 255.255.255.0 type rotary
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.0.1.249 443 interface Dialer0 443
ip nat inside source static tcp 10.0.1.249 21 interface Dialer0 12021
ip nat inside source static tcp 10.0.1.249 80 interface Dialer0 80
ip nat inside destination list 100 pool SRV-POOL
!
ip access-list extended SRV
permit tcp host 10.0.1.249 any range 49152 65535
ip access-list extended VPN_ACL
permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
!
!
route-map SRV-RM permit 10
match ip address SRV
!
access-list 23 permit 10.0.4.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 permit tcp any any range 49152 65535
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
authorization exec LOGIN
login authentication LOGIN
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Blue_Router#

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Green_Router#show run
Building configuration...

Current configuration : 5759 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Green_Router
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login VPN_XAUTH local
aaa authorization network VPN_GROUP local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.255
!
ip dhcp pool DHCPSRV
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
username XXX privilege 15 password 0 XXX
!
!
controller VDSL 0
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
!
interface ATM0.1 point-to-point
snmp trap link-status
pvc 8/48
dialer pool-member 1
protocol ppp dialer
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat inside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN_IPSEC_PROFILE
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username XXX password 0 XXX
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
!
ip local pool VPN_IP_POOL 192.168.4.70 192.168.4.99
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip dns server
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.253 80 interface Dialer0 80
!
ip access-list extended VPN_ACL
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

Green_Router#

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks,

Georg Pauwen · ‎10-31-2017

Hello,

both configurations look correct. Are you running into a specific issue ?

alshahatit.awad@gmail.com · ‎10-31-2017

Hello Georg,

Yes, I have an issue with the Blue_Router

The configuration keeps lost after a few hours or a day, and I cann't ping it or reach it via telnet.

The only way to reach it is to connect it via console and do the configuration again, also this won't help as the same issue will happen again randomly.

Could it be that I have to add "ip tcp adjust-mss 1452", "ip mtu 1492", "ip http timeout-policy idle 60 life 86400 requests 10000" entries?

Please advise

Thanks,

Georg Pauwen · ‎10-31-2017

Hello,

there could be a problem with the compact flash. I would do the following:

1. wr erase --> this will erase the content of the NVRAM

2. erase flash: --> this will erase all files on the flash card

3. format flash: --> this will reformat the flash card

Then enter the configuration again and check if it stays on there...

alshahatit.awad@gmail.com · ‎10-31-2017

Hello Georg,

Should I enter the three commands in order, then write the configuration again?

Also, what about the below entries, should I add them to my configuration file or not?
ip http timeout-policy idle 60 life 86400 requests 10000

ip tcp adjust-mss 1452

ip mtu 1492

Thanks,

Awad

Georg Pauwen · ‎10-31-2017

Hello,

yes, enter the commands in order.

The configuration lines you are asking about are ok, you can enter them into your new configuration...

alshahatit.awad@gmail.com · ‎10-31-2017

Hello Georg,

I will do as you asked and will keep my eye on it to see if the issue will occur again or not.

Note that both routers are new and I've just purchased them week ago.

Thanks.,

alshahatit.awad@gmail.com · ‎11-01-2017

Hello,

I have almost used the same configuration as I used before, but the configuration keeps lost and I can't reach it via telnet. The only way to reach it is through console and re-write the configuration again, which will also get lost after a day.

Blue_Router#show run
Building configuration...

Current configuration : 4042 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Blue_Router
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login VPN_XAUTH local
aaa authentication login LOGIN local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec LOGIN local if-authenticated
aaa authorization commands 15 LOGIN local if-authenticated
aaa authorization network VPN_GAUTH local
!
!
aaa session-id common
ethernet lmi ce
!
!
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 10.0.1.201 10.0.1.255
!
ip dhcp pool MG-DATA
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server X.X.X.X 8.8.8.8
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
license udi pid C887VA-K9 sn FCZ2130E16N
!
!
username xxxx privilege 15 password 0 xxxx
!
!
controller VDSL 0
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
!
interface ATM0.1 point-to-point
snmp trap link-status
pvc 8/48
dialer pool-member 1
protocol ppp dialer
!
!
interface Ethernet0
no ip address
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
ip nat outside
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile DFS-EXT_IPSEC
!
interface Vlan1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username xxx password 0 xxx
no cdp enable
!
ip local pool VPN_IP_POOL 10.0.4.10 10.0.4.254
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat pool SRV-POOL 10.0.1.249 10.0.1.249 netmask 255.255.255.0 type rotary
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.0.1.249 443 interface Dialer0 443
ip nat inside source static tcp 10.0.1.249 21 interface Dialer0 12021
ip nat inside source static tcp 10.0.1.249 80 interface Dialer0 80
ip nat inside destination list 100 pool SRV-POOL
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended SRV
permit tcp host 10.0.1.249 any range 49152 65535
ip access-list extended VPN_ACL
permit ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
!
!
route-map SRV-RM permit 10
match ip address SRV
!
access-list 23 permit 10.0.4.0 0.0.0.255
access-list 23 permit 10.0.1.0 0.0.0.255
access-list 100 permit tcp any any range 49152 65535
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.0.4.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.4.0 0.0.0.255 any
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
authorization exec LOGIN
login authentication LOGIN
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

Blue_Router#

Please advise

alshahatit.awad@gmail.com · ‎11-02-2017

Hello,

Same issue still exist on the Blue_Router.

I have also used the same configuration on other router, and the issue keeps happening.

After the issue occured,I have noticed that ATM0 interface went down, and Dialer0 interface disappeared from "Show ip int br".

Please advise

Georg Pauwen · ‎11-02-2017

Hello,

are you losing the entire confguration, or just the dialer interface ?

Your dialer interface is tied to the ATM physical interface, so it makes sense that if the ATM goes down, the dialer interface disappears from the 'sh ip int brief'...