Showing results for 
Search instead for 
Did you mean: 

internet connection disconnecting frequently



we have mgre setup which we are connecting to home offices from head office over DSL lines at home office side.

everything working fine, the tunnel is up and running but the internet connection getting droped frequently, but to my surprise the vpn connection is active and working.

gre tunnel is formed over dsl (same as DMVPN) to connect head office and normal internet traffic will go through nat device towards internet.

lan ip is provided to the pc through DHCP server from the router 881.

My topology is like

Head Office(cisco 1941)---->Internet--------->nat device---->cisco 881---->PC.

i can ping to head office continuously but when i am doing the same with internet the packets are getting droped .

attaching the cisco 881 config.

can any one help..

4 Replies 4

Rising star
Rising star


Can you post the results of 'show ip nat translations' when you are initiating traffic from the spoke (home office). I want to make sure a translation is taking place.

Also, can you post the results from a traceroute to from a PC on that spoke.

Hi John,

Thanks for the reply,

attaching the output from router and pc

actual ips are in output as i changed in the first discussion

pc ip :

gateway 881)


Looking at you first file you sent, (I cannot open the second one you posted )

You have a being advertiesd by rip but you pysical interface is /29

and your acl statement for NAT doesnt look correct with denying and and permmiting everything else even though they are not in the same subnetwork of the physical interface - I would specify the actual subnet to be permitted and not leave it to ip any any.

You seem to have only part of the cryptographic vpn configured, are you wanting to use ipsec also ?

For your NHRP sepcifying a tunnel mode, enabling multicast and NOT as far as I am aware  specifying a tunnel destination

is required.

crypto isakmp key xxxx address - ( on HUB and SPOKE - this adds dynamic pre−shared keys for all of the remote VPNs)

crypto ipsec transform-set NHRP esp-3des esp-md5-hmac

crypto ipsec profile TEST

set security-association lifetime seconds xxx

set transform-set NHRP

int tun0

ip nhrp map multicast dynamic

NO  tunnel destination

tunnel mode gre multipoint

tunnel protection ipsec profile TEST

no access-list 2000

access-list 2000 permit ip any



Please don't forget to rate any posts that have been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

Hi ,

thank you for the reply..

we have home offices in different regions and some isps blocking port 4500 so i am not using ipsec for them.

as per the natting, the access list filters the traffic going on wan , and direct the intrested traffic on tunnel and all other will be going to internet so i specified any any.

and the rip, there is nothing wrong with the network connection to my head office and there are no packet drops on the tunnel, but when i am pinging to ips like and the pings started to getting droped after 5 or 10 min.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: