Hello,

I have setup a Cisco SR520W and everything appears to be working. After a few hours, it looks like the WAN port stops forwarding traffic to the Internet gateway IP of the device.

If I unplug and then plug in the network cable connecting the WAN port of the SR520W to my the modem, traffic startings flowing again. Also, if I restart the SR520W, the traffic will flow again.

Any ideas?

Here is my config file:

Building configuration...

Current configuration : 17830 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
no service dhcp
!
hostname VDV1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 4096
enable secret 5 $1$BP/e$u5Ve/orevNelPWL9doEE2.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local
aaa authorization exec local_author local
aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local
!
!
aaa session-id common
clock timezone CET 1
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-502853951
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-502853951
revocation-check none
rsakeypair TP-self-signed-502853951
!
!
crypto pki certificate chain TP-self-signed-502853951
certificate self-signed 01
  3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35303238 35333935 31301E17 0D313230 35303930 36303932
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3530 32383533
  39353130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  BD697DD2 D017C622 059854FB F9875D62 6A2CA649 21DB92CB 7E0D19ED 85321559
  8B28A9D5 51D2D5E7 DEAAD836 6A7F0777 BA225696 15FABBF6 70A93C6E B9AE52C3
  A738B386 B23A2618 F0B9C93A D161D843 739074EC DBA931B4 2DF00526 696B9DC1
  6906A0AB 9C9E5D95 801D53FF 1E35DBDF E3B32A90 7E257A4A C347B6B7 EFACBA39
  02030100 01A36430 62300F06 03551D13 0101FF04 05300301 01FF300F 0603551D
  11040830 06820456 44563130 1F060355 1D230418 30168014 DB3EED09 287DB9DF
  B6E6A546 5FC2F2EA 587B11C2 301D0603 551D0E04 160414DB 3EED0928 7DB9DFB6
  E6A5465F C2F2EA58 7B11C230 0D06092A 864886F7 0D010104 05000381 81005599
  A8C6CEBA 92ECC207 3D562D35 5A34266F 7C71F70E 437C63FE E3CB2E0F 3DB77D81
  B88C1ED0 557E43A6 3C1EE5C9 74D9843D EF397A4B 26950127 4B444626 3B92C91E
  4B23EB25 E4505E5C 7A59577C A07F3D12 9B75CC16 F1E5F365 A0CBA5FF 890BA55B
  35EB15DF C9FD3F86 9EA6AF2C C8A88B02 4E8EB709 1E81A926 9013A207 2A3F
   quit
dot11 syslog
!
dot11 ssid VDV
   vlan 75
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 08324F41061B1C444353
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.10
!
ip dhcp pool inside
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 192.168.2.2
!
!
ip cef
no ip bootp server
ip name-server 195.130.131.11
ip name-server 195.130.130.11
ip port-map user-protocol--1 port tcp 3443
ip inspect log drop-pkt
!
no ipv6 cef
multilink bundle-name authenticated

parameter-map type inspect z1-z2-pmap
audit-trail on
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com

!
!
username cisco privilege 15 secret 5 $1$WzBG$c1x/7obrwrKTGgtuXB6xw0
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group EZVPN_GROUP_1
key akamamvg
dns 195.130.131.11 195.130.130.11
pool SDM_POOL_1
save-password
max-users 10
crypto isakmp profile sdm-ike-profile-1
   match identity group EZVPN_GROUP_1
   client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
   isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
archive
log config
  logging enable
  logging size 600
  hidekeys
!
!
ip tcp synwait-time 10
!
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
match access-group 103
match protocol smtp
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
match  invalid-command
class-map type inspect match-any sdm-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect gnutella match-any sdm-app-gnutella
match  file-transfer
class-map type inspect match-any SDM-Voice-permit
match protocol sip
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
match  service any
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
match  service any
class-map type inspect match-all sdm-protocol-pop3
match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any sdm-app-aol-otherservices
match  service any
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect pop3 match-any sdm-app-pop3
match  invalid-command
class-map type inspect kazaa2 match-any sdm-app-kazaa2
match  file-transfer
class-map type inspect match-all sdm-protocol-p2p
match class-map sdm-cls-protocol-p2p
class-map type inspect http match-any sdm-http-blockparam
match  request port-misuse im
match  request port-misuse p2p
match  req-resp protocol-violation
class-map type inspect match-all SDM-inspect-staticnat-in
match access-group name staticnat
class-map type inspect match-all sdm-protocol-im
match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect ymsgr match-any sdm-app-yahoo
match  service text-chat
class-map type inspect msnmsgr match-any sdm-app-msn
match  service text-chat
class-map type inspect edonkey match-any sdm-app-edonkey
match  file-transfer
match  text-chat
match  search-file-name
class-map type inspect match-all dhcp_out_self
match access-group name dhcp-resp-permit
class-map type inspect match-all dhcp_self_out
match access-group name dhcp-req-permit
class-map type inspect http match-any sdm-app-httpmethods
match  request method bcopy
match  request method bdelete
match  request method bmove
match  request method bpropfind
match  request method bproppatch
match  request method connect
match  request method copy
match  request method delete
match  request method edit
match  request method getattribute
match  request method getattributenames
match  request method getproperties
match  request method index
match  request method lock
match  request method mkcol
match  request method mkdir
match  request method move
match  request method notify
match  request method options
match  request method poll
match  request method propfind
match  request method proppatch
match  request method put
match  request method revadd
match  request method revlabel
match  request method revlog
match  request method revnum
match  request method save
match  request method search
match  request method setattribute
match  request method startrev
match  request method stoprev
match  request method subscribe
match  request method trace
match  request method unedit
match  request method unlock
match  request method unsubscribe
class-map type inspect edonkey match-any sdm-app-edonkeychat
match  search-file-name
match  text-chat
class-map type inspect fasttrack match-any sdm-app-fasttrack
match  file-transfer
class-map type inspect http match-any sdm-http-allowparam
match  request port-misuse tunneling
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect match-all sdm-nat-https-1
match access-group 101
match protocol https
class-map type inspect edonkey match-any sdm-app-edonkeydownload
match  file-transfer
class-map type inspect match-all sdm-protocol-imap
match protocol imap
class-map type inspect aol match-any sdm-app-aol
match  service text-chat
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect dhcp_self_out
  pass
class type inspect sdm-cls-icmp-access
  inspect
class class-default
  pass
policy-map type inspect p2p sdm-action-app-p2p
class type inspect edonkey sdm-app-edonkeychat
  log
  allow
class type inspect edonkey sdm-app-edonkeydownload
  log
  allow
class type inspect fasttrack sdm-app-fasttrack
  log
  allow
class type inspect gnutella sdm-app-gnutella
  log
  allow
class type inspect kazaa2 sdm-app-kazaa2
  log
  allow
policy-map type inspect http sdm-action-app-http
class type inspect http sdm-http-blockparam
  log
  reset
class type inspect http sdm-app-httpmethods
  log
  reset
class type inspect http sdm-http-allowparam
  log
  allow
policy-map type inspect imap sdm-action-imap
class type inspect imap sdm-app-imap
  log
policy-map type inspect pop3 sdm-action-pop3
class type inspect pop3 sdm-app-pop3
  log
policy-map type inspect im sdm-action-app-im
class type inspect aol sdm-app-aol
  log
  allow
class type inspect msnmsgr sdm-app-msn
  log
  allow
class type inspect ymsgr sdm-app-yahoo
  log
  allow
class type inspect aol sdm-app-aol-otherservices
  log
  reset
class type inspect msnmsgr sdm-app-msn-otherservices
  log
  reset
class type inspect ymsgr sdm-app-yahoo-otherservices
  log
  reset
policy-map type inspect sdm-inspect
class type inspect SDM-Voice-permit
  pass
class type inspect sdm-cls-insp-traffic
  inspect
class type inspect sdm-invalid-src
  drop log
class type inspect sdm-protocol-http
  inspect z1-z2-pmap
  service-policy http sdm-action-app-http
class type inspect sdm-protocol-imap
  inspect
  service-policy imap sdm-action-imap
class type inspect sdm-protocol-pop3
  inspect
  service-policy pop3 sdm-action-pop3
class type inspect sdm-protocol-p2p
  inspect
  service-policy p2p sdm-action-app-p2p
class type inspect sdm-protocol-im
  inspect
  service-policy im sdm-action-app-im
class class-default
  pass
policy-map type inspect sdm-inspect-voip-in
class type inspect SDM-inspect-staticnat-in
  pass
class type inspect SDM-Voice-permit
  pass
class type inspect sdm-nat-https-1
  inspect
class type inspect sdm-nat-user-protocol--1-1
  inspect
class type inspect sdm-nat-smtp-1
  inspect
class class-default
  drop
policy-map type inspect sdm-permit
class type inspect SDM_EASY_VPN_SERVER_PT
  pass
class type inspect dhcp_out_self
  pass
class class-default
  drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
  pass
class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-in source out-zone destination in-zone
service-policy type inspect sdm-inspect-voip-in
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
switchport trunk native vlan 75
switchport mode trunk
macro description cisco-switch
!
interface FastEthernet1
switchport access vlan 75
!
interface FastEthernet2
switchport access vlan 75
!
interface FastEthernet3
switchport access vlan 75
!
interface FastEthernet4
description $FW_OUTSIDE$
mac-address d4d7.48b2.ebfc
ip address 81.82.237.254 255.255.192.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered BVI75
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
encryption vlan 75 mode ciphers aes-ccm
!
ssid VDV
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.75
encapsulation dot1Q 75 native
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 75
bridge-group 75 subscriber-loop-control
bridge-group 75 spanning-disabled
bridge-group 75 block-unknown-source
no bridge-group 75 source-learning
no bridge-group 75 unicast-flooding
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface Vlan75
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
bridge-group 75
bridge-group 75 spanning-disabled
!
interface BVI75
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
ip local pool SDM_POOL_1 192.168.2.220 192.168.2.230
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 81.82.192.1
ip route 192.168.10.0 255.255.255.0 BVI75
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.2.2 25 81.82.237.254 25 extendable
ip nat inside source static tcp 192.168.2.2 443 81.82.237.254 443 extendable
ip nat inside source static tcp 192.168.2.106 3443 81.82.237.254 3443 extendable
!
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark SDM_ACL Category=1
permit ip any any
ip access-list extended dhcp-req-permit
remark SDM_ACL Category=1
permit udp any eq bootpc any eq bootps
ip access-list extended dhcp-resp-permit
remark SDM_ACL Category=1
permit udp any eq bootps any eq bootpc
ip access-list extended staticnat
remark SDM_ACL Category=1
permit tcp any host 81.82.237.254 eq 443
permit tcp any host 81.82.237.254 eq 3443
permit tcp any host 81.82.237.254 eq smtp
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 81.82.192.0 0.0.63.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.2.2
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.2.106
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.2.2
!
!
!
!
!
control-plane
!
bridge 75 route ip
banner login ^CSR520 Base Config - MFG 1.0 ^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end