08-07-2012 08:30 AM - edited 03-04-2019 05:12 PM
Good afternoon everyone,
I'am a bit newbie at using Cisco products and here is my problem : I have set up a VPN tunnel between 2 Sites (A and B) a few month ago using 2 cisco SR520-ADSL-K9. All was working fine until power failures occured on the sites B (secondary site).
What happened was that none of the ethernet ports were working, excepting during booting, I was then able to ping computers linked to ports Fastethernet0, FastEthernet1, FastEthernet2 and FastEthernet3 but after a few seconds all ports were disabled but my DSL seemed to be working.
So I took back the router home to check it. I managed (I think) to make a factory reset using a serial terminal and following the procedure described here http://www.cisco.com/en/US/docs/routers/access/500/520/software/configuration/guide/520scg.pdf on page 12-10.
Since I did the reset, I thought I would be able to re-use Cisco Configuration Assistant (3.1) to re-configure the router (I am very bad at using the command lines) but I am unable to connect to the router using the supposed default IP : 192.168.75.1 (I set my computer to use 192.168.75.50 IP adress with mask 255.255.255.0). But I can't connect to the router ... even if the Ethernet ports seem to work because green light is on when plugging my cable.
So can someone give me some help to be at least able to connect to my router using CCA ?
For more information, here is what I get when I run "show startup-config" and "show running-config" in terminal console.
I guess the objective is to make the startup-config beeing the running-config, but I have no idea on how to do that ...
Thanks in adavance for your precious help !
show startup-config | show running-config |
---|---|
Router#show startup-config Using 4812 out of 131072 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SR520 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$05di$y2ycn34NGfsSTR1kwa2GO0 ! no aaa new-model ! crypto pki trustpoint TP-self-signed-2778606820 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2778606820 revocation-check none rsakeypair TP-self-signed-2778606820 ! ! crypto pki certificate chain TP-self-signed-2778606820 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer dot11 syslog ip source-route ! ! ip dhcp excluded-address 192.168.75.1 192.168.75.10 ! ip dhcp pool inside import all network 192.168.75.0 255.255.255.0 default-router 192.168.75.1 ! ! ip cef ! no ipv6 cef multilink bundle-name authenticated ! ! username cisco privilege 15 secret 5 $1$BowA$Cv/en/m3ERL4MhaSCO6Ba/ ! ! ! archive log config hidekeys ! ! ! class-map type inspect match-any SDM-Voice-permit match protocol h323 match protocol skinny match protocol sip class-map type inspect match-any sdm-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any sdm-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol h323 match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive match protocol tcp match protocol udp class-map type inspect match-all sdm-invalid-src match access-group 100 class-map type inspect match-all sdm-protocol-http match protocol http ! ! policy-map type inspect sdm-permit-icmpreply class type inspect sdm-cls-icmp-access inspect class class-default pass policy-map type inspect sdm-inspect class type inspect sdm-invalid-src drop log class type inspect sdm-cls-insp-traffic inspect class type inspect sdm-protocol-http inspect class type inspect SDM-Voice-permit pass class class-default pass policy-map type inspect sdm-inspect-voip-in class type inspect SDM-Voice-permit pass class class-default drop policy-map type inspect sdm-permit class class-default drop ! zone security out-zone zone security in-zone zone-pair security sdm-zp-self-out source self destination out-zone service-policy type inspect sdm-permit-icmpreply zone-pair security sdm-zp-out-self source out-zone destination self service-policy type inspect sdm-permit zone-pair security sdm-zp-in-out source in-zone destination out-zone service-policy type inspect sdm-inspect zone-pair security sdm-zp-out-in source out-zone destination in-zone service-policy type inspect sdm-inspect-voip-in ! ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point description WAN via ADSL pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface FastEthernet0 switchport access vlan 75 ! interface FastEthernet1 switchport access vlan 75 ! interface FastEthernet2 switchport access vlan 75 ! interface FastEthernet3 switchport access vlan 75 ! interface Vlan1 no ip address shutdown ! interface Vlan75 description $FW_INSIDE$ ip address 192.168.75.1 255.255.255.0 ip nat inside ip virtual-reassembly zone-member security in-zone ! interface Dialer0 description $FW_OUTSIDE$ ip address negotiated ip nat outside ip virtual-reassembly zone-member security out-zone encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname cisco ppp chap password 0 cisco ppp pap sent-username cisco password 0 cisco ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060 ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060 ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720 ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.75.0 0.0.0.255 access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 100 remark SDM_ACL Category=128 access-list 100 permit ip host 255.255.255.255 any access-list 100 permit ip 127.0.0.0 0.255.255.255 any ! ! ! ! ! control-plane ! banner login ^CSR520 Base Config - MFG 1.0 ^C ! line con 0 login local no modem enable line aux 0 line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 end | Router#show running-config Building configuration... Current configuration : 814 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging message-counter syslog ! no aaa new-model ! ! dot11 syslog ip source-route ! ! ! ! ip cef ! no ipv6 cef multilink bundle-name authenticated ! ! ! ! ! archive log config hidekeys ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 no ip address ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ! ! ! ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 login ! scheduler max-task-time 5000 end |
08-07-2012 08:41 AM
I think it would be helpful to add the result of the "show configuration" command :
Router#show configuration
Using 4812 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SR520
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$05di$y2ycn34NGfsSTR1kwa2GO0
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2778606820
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2778606820
revocation-check none
rsakeypair TP-self-signed-2778606820
!
!
crypto pki certificate chain TP-self-signed-2778606820
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.10
!
ip dhcp pool inside
import all
network 192.168.75.0 255.255.255.0
default-router 192.168.75.1
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username cisco privilege 15 secret 5 $1$BowA$Cv/en/m3ERL4MhaSCO6Ba/
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-cls-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-cls-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
pass
class class-default
pass
policy-map type inspect sdm-inspect-voip-in
class type inspect SDM-Voice-permit
pass
class class-default
drop
policy-map type inspect sdm-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-out-in source out-zone destination in-zone
service-policy type inspect sdm-inspect-voip-in
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description WAN via ADSL
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
switchport access vlan 75
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface Vlan1
no ip address
shutdown
!
interface Vlan75
description $FW_INSIDE$
ip address 192.168.75.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname cisco
ppp chap password 0 cisco
ppp pap sent-username cisco password 0 cisco
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static udp 192.168.75.2 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.75.2 1720 interface Dialer0 1720
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.75.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
!
!
!
!
!
control-plane
!
banner login ^CSR520 Base Config - MFG 1.0 ^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
08-07-2012 09:33 AM
I just did the following command : copy startup-config running-config
Doing this made the router beeing accessible via network and CCA. But once I reboot the router, I lost this connection and configuration.
Any way to make the router keep the new running-config in memory ?
Thanks in advance !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide