Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
2
Replies

SR520-ADSL-K9 - Can't even connect to router after power failures

arebisinformatique
Level 1
Level 1

‎08-07-2012 08:30 AM - edited ‎03-04-2019 05:12 PM

Good afternoon everyone,

I'am a bit newbie at using Cisco products and here is my problem : I have set up a VPN tunnel between 2 Sites (A and B) a few month ago using 2 cisco SR520-ADSL-K9. All was working fine until power failures occured on the sites B (secondary site).

What happened was that none of the ethernet ports were working, excepting during booting, I was then able to ping computers linked to ports Fastethernet0, FastEthernet1, FastEthernet2 and FastEthernet3 but after a few seconds all ports were disabled but my DSL seemed to be working.

So I took back the router home to check it. I managed (I think) to make a factory reset using a serial terminal and following the procedure described here http://www.cisco.com/en/US/docs/routers/access/500/520/software/configuration/guide/520scg.pdf on page 12-10.

Since I did the reset, I thought I would be able to re-use Cisco Configuration Assistant (3.1) to re-configure the router (I am very bad at using the command lines) but I am unable to connect to the router using the supposed default IP : 192.168.75.1 (I set my computer to use 192.168.75.50 IP adress with mask 255.255.255.0). But I can't connect to the router ... even if the Ethernet ports seem to work because green light is on when plugging my cable.

So can someone give me some help to be at least able to connect to my router using CCA ?

For more information, here is what I get when I run "show startup-config" and "show running-config" in terminal console.

I guess the objective is to make the startup-config beeing the running-config, but I have no idea on how to do that ...

Thanks in adavance for your precious help !

show startup-config

show running-config

Router#show startup-config

Using 4812 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SR520

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$05di$y2ycn34NGfsSTR1kwa2GO0

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-2778606820

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2778606820

revocation-check none

rsakeypair TP-self-signed-2778606820

!

!

crypto pki certificate chain TP-self-signed-2778606820

certificate self-signed 01 nvram:IOS-Self-Sig#1.cer

dot11 syslog

ip source-route

!

!

ip dhcp excluded-address 192.168.75.1 192.168.75.10

!

ip dhcp pool inside

   import all

   network 192.168.75.0 255.255.255.0

   default-router 192.168.75.1

!

!

ip cef

!

no ipv6 cef

multilink bundle-name authenticated

!

!

username cisco privilege 15 secret 5 $1$BowA$Cv/en/m3ERL4MhaSCO6Ba/

!

!

!

archive

log config

  hidekeys

!

!

!

class-map type inspect match-any SDM-Voice-permit

match protocol h323

match protocol skinny

match protocol sip

class-map type inspect match-any sdm-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any sdm-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all sdm-invalid-src

match access-group 100

class-map type inspect match-all sdm-protocol-http

match protocol http

!

!

policy-map type inspect sdm-permit-icmpreply

class type inspect sdm-cls-icmp-access

  inspect

class class-default

  pass

policy-map type inspect sdm-inspect

class type inspect sdm-invalid-src

  drop log

class type inspect sdm-cls-insp-traffic

  inspect

class type inspect sdm-protocol-http

  inspect

class type inspect SDM-Voice-permit

  pass

class class-default

  pass

policy-map type inspect sdm-inspect-voip-in

class type inspect SDM-Voice-permit

  pass

class class-default

  drop

policy-map type inspect sdm-permit

class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security sdm-zp-self-out source self destination out-zone

service-policy type inspect sdm-permit-icmpreply

zone-pair security sdm-zp-out-self source out-zone destination self

service-policy type inspect sdm-permit

zone-pair security sdm-zp-in-out source in-zone destination out-zone

service-policy type inspect sdm-inspect

zone-pair security sdm-zp-out-in source out-zone destination in-zone

service-policy type inspect sdm-inspect-voip-in

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description WAN via ADSL

pvc 0/35

  pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

switchport access vlan 75

!

interface FastEthernet1

switchport access vlan 75

!

interface FastEthernet2

switchport access vlan 75

!

interface FastEthernet3

switchport access vlan 75

!

interface Vlan1

no ip address

shutdown

!

interface Vlan75

description $FW_INSIDE$

ip address 192.168.75.1 255.255.255.0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip nat outside

ip virtual-reassembly

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname cisco

ppp chap password 0 cisco

ppp pap sent-username cisco password 0 cisco

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060

ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060

ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 100 remark SDM_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

!

!

!

!

!

control-plane

!

banner login ^CSR520 Base Config - MFG 1.0 ^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

Router#show running-config

Building configuration...

Current configuration : 814 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

!

!

!

ip cef

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

no ip address

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!

scheduler max-task-time 5000

end

Labels:
0 Helpful
2 Replies 2

arebisinformatique
Level 1
Level 1

‎08-07-2012 08:41 AM

I think it would be helpful to add the result of the "show configuration" command :

Router#show configuration

Using 4812 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SR520

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$05di$y2ycn34NGfsSTR1kwa2GO0

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-2778606820

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2778606820

revocation-check none

rsakeypair TP-self-signed-2778606820

!

!

crypto pki certificate chain TP-self-signed-2778606820

certificate self-signed 01 nvram:IOS-Self-Sig#1.cer

dot11 syslog

ip source-route

!

!

ip dhcp excluded-address 192.168.75.1 192.168.75.10

!

ip dhcp pool inside

   import all

   network 192.168.75.0 255.255.255.0

   default-router 192.168.75.1

!

!

ip cef

!

no ipv6 cef

multilink bundle-name authenticated

!

!

username cisco privilege 15 secret 5 $1$BowA$Cv/en/m3ERL4MhaSCO6Ba/

!

!

!

archive

log config

  hidekeys

!

!

!

class-map type inspect match-any SDM-Voice-permit

match protocol h323

match protocol skinny

match protocol sip

class-map type inspect match-any sdm-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any sdm-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all sdm-invalid-src

match access-group 100

class-map type inspect match-all sdm-protocol-http

match protocol http

!

!

policy-map type inspect sdm-permit-icmpreply

class type inspect sdm-cls-icmp-access

  inspect

class class-default

  pass

policy-map type inspect sdm-inspect

class type inspect sdm-invalid-src

  drop log

class type inspect sdm-cls-insp-traffic

  inspect

class type inspect sdm-protocol-http

  inspect

class type inspect SDM-Voice-permit

  pass

class class-default

  pass

policy-map type inspect sdm-inspect-voip-in

class type inspect SDM-Voice-permit

  pass

class class-default

  drop

policy-map type inspect sdm-permit

class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security sdm-zp-self-out source self destination out-zone

service-policy type inspect sdm-permit-icmpreply

zone-pair security sdm-zp-out-self source out-zone destination self

service-policy type inspect sdm-permit

zone-pair security sdm-zp-in-out source in-zone destination out-zone

service-policy type inspect sdm-inspect

zone-pair security sdm-zp-out-in source out-zone destination in-zone

service-policy type inspect sdm-inspect-voip-in

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

description WAN via ADSL

pvc 0/35

  pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

switchport access vlan 75

!

interface FastEthernet1

switchport access vlan 75

!

interface FastEthernet2

switchport access vlan 75

!

interface FastEthernet3

switchport access vlan 75

!

interface Vlan1

no ip address

shutdown

!

interface Vlan75

description $FW_INSIDE$

ip address 192.168.75.1 255.255.255.0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip nat outside

ip virtual-reassembly

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname cisco

ppp chap password 0 cisco

ppp pap sent-username cisco password 0 cisco

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060

ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060

ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 100 remark SDM_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

!

!

!

!

!

control-plane

!

banner login ^CSR520 Base Config - MFG 1.0 ^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

0 Helpful

arebisinformatique
Level 1
Level 1
In response to arebisinformatique

‎08-07-2012 09:33 AM

I just did the following command : copy startup-config running-config

Doing this made the router beeing accessible via network and CCA. But once I reboot the router, I lost this connection and configuration.

Any way to make the router keep the new running-config in memory ?

Thanks in advance !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card