06-21-2018 07:59 AM - edited 03-08-2019 03:26 PM
Hello,
I think I found a bug although I am not sure, so please help.
I have 2 cisco with the image c1841-adventerprisek9-mz.123-14.t5.bin
those 2 have VPN in between them...for some reason, they are restarting at the same time. I am thinking it is a bug on the VPN on the specific image/router?
Please help! :) Routers are restarting
Solved! Go to Solution.
06-22-2018 01:35 AM
Hello,
are these new devices ?
Either way, upgrade to a newer release, the one you are running is more than 10 years old...
06-21-2018 09:00 AM
Hello,
do you mean the VPN is 'restarting' or the routers are rebooting ? Post the configs of both sides...
06-21-2018 11:57 PM
06-22-2018 12:00 AM
peristeri#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.3(14)T5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Mon 24-Oct-05 20:00 by kellythw
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
peristeri uptime is 9 hours, 38 minutes
System returned to ROM by bus error at PC 0x601FE954, address 0xB0D0AFD at 10:18:44 PCTime Fri Jan 2 1970
System image file is "flash:c1841-adventerprisek9-mz.123-14.t5.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 118784K/12288K bytes of memory.
Processor board ID FCZ094821QE
2 FastEthernet interfaces
2 Low-speed serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
-----------------------------sh run------------------------------------
peristeri#sh run
Building configuration...
Current configuration : 5675 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname peristeri
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 $1$jdDx$iDVm3TK5XLA/qjIzVPl5X0
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.32.61.254
ip dhcp excluded-address 10.32.61.1 10.32.61.219
ip dhcp excluded-address 10.32.61.231 10.32.61.255
!
ip dhcp pool users_pool
network 10.32.61.0 255.255.255.0
dns-server 208.67.222.222
default-router 10.32.61.254
!
!
no ip bootp server
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1166710635
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1166710635
revocation-check none
rsakeypair TP-self-signed-1166710635
!
!
crypto pki certificate chain TP-self-signed-1166710635
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313636 37313036 3335301E 170D3730 30313035 32303439
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31363637
31303633 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D2D1 84B0426C B6179BC0 92818543 CF4E1B1B 710F4AEE 3CEC3773 070FEC96
EEB48BE6 947B7ED5 6C1ED588 AC186022 456DBDB4 181C3CE0 722B551E 8DB0166B
AD20F5DF 56D1C66E 5A88CACB DFA04C6E FFBDB62F 0C8603EB B9301835 956153A2
B968AAE4 02E0D01F EEF3B015 A01411DC 4487F145 C9D106D9 2096E65A CEEB5548
DC450203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A706572 69737465 72692E30 1F060355 1D230418 30168014
209D0EF8 B7C252AE AF73A9C7 977542AF 9C490579 301D0603 551D0E04 16041420
9D0EF8B7 C252AEAF 73A9C797 7542AF9C 49057930 0D06092A 864886F7 0D010104
05000381 81003E10 51FC7F1F 24ACC2FA 86A70A2E B34983A8 78331B63 71A24BE4
73C4E8D7 202C9B71 35009355 F25F1642 16C503DB 478A3C5C 30076C98 A193D03E
54FF2007 8F5921C7 DB0C9052 41F7BFBF C036B367 8C435EA3 DF29F36D AE981747
6DB4D839 5AC6490C 2CEA5040 457C5707 E2CF7EDC FA774E0B 43F4D3E0 CB173E20
9167E397 E055
quit
username mnemonic password 7 045605550271421F0A582554
archive
log config
hidekeys
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 1ekd3lt@ address 195.46.25.212
no crypto isakmp ccm
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description ipokratous
set peer 195.46.25.212
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
interface FastEthernet0/0
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 10.32.61.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 125000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 125000
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname o7ds53@otenet.gr
ppp chap password 7 09484C1D26520644
ppp pap sent-username o7ds53@otenet.gr password 7 121D07032D5C1D52
crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.32.61.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.32.61.0 0.0.0.255 10.32.63.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.32.61.0 0.0.0.255 10.32.63.0 0.0.0.255
access-list 101 permit ip 10.32.61.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
transport output telnet
line aux 0
modem InOut
transport output telnet
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
end
------------------------------Other Side-------------------------------------------
ipokratous#sh ver
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.3(14)T5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Mon 24-Oct-05 20:00 by kellythw
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
ipokratous uptime is 9 hours, 37 minutes
System returned to ROM by bus error at PC 0x601FE954, address 0xB0D0AFD at 10:56:50 PCTime Wed Jan 7 1970
System image file is "flash:c1841-adventerprisek9-mz.123-14.t5.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 118784K/12288K bytes of memory.
Processor board ID FCZ094821QJ
2 FastEthernet interfaces
2 Low-speed serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
---------------------sh run--------------------------
ipokratous#sh run
Building configuration...
Current configuration : 4305 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ipokratous
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$xGlX$cLPrYuKuymlAScLLX0nda1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3179121447
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3179121447
revocation-check none
rsakeypair TP-self-signed-3179121447
!
!
crypto pki certificate chain TP-self-signed-3179121447
certificate self-signed 01
30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313739 31323134 3437301E 170D3730 30313035 32303232
35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31373931
32313434 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CBC4 0E010C94 448E48B8 492C05C8 78DE7979 84D482F4 D39C6F2A 126B58C5
23386696 1362EA82 F75E3EDD 3FB9C1B0 78BDD824 A7908962 C7F36297 81AE8215
DD54FCCD AA5942A6 0C4D09C8 648A20CF B742B601 48FD6BA0 5D89BCA1 6F8CAF5C
5505DA15 0630C078 B560623C 34ECDBE1 FC791C73 9ADCBC6A 60852E7F 4A0AF814
327B0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
551D1104 0F300D82 0B69706F 6B726174 6F75732E 301F0603 551D2304 18301680
1421EAB7 F0A7E09A 791C6CA2 E0A0CC53 4A74C9E1 BB301D06 03551D0E 04160414
21EAB7F0 A7E09A79 1C6CA2E0 A0CC534A 74C9E1BB 300D0609 2A864886 F70D0101
04050003 8181006B 14F1F1E8 997D366F 4BB9A9EE 3899A3B2 E0003E8F B6A3F190
A783D936 B82C3A7F 5D856891 C1A7EA25 DBE08861 DEC1E9C4 1AD4B664 9AE5D0A2
2C5B16C6 FF25BEDA A9016AC7 6FDBEAAB 528EFA86 73AD7B13 AEB6FB1B 84F17981
E6E0013F AC6BC451 8B5F7062 5C189BA6 90FD5CAC 1919A1F7 223813EF 87BA5D8E
F4E539D7 F9274B
quit
username mnemonic secret 5 $1$fAp.$fCB.vEEkJAfi0laYshOW7/
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 1ekd3lt@ address 94.69.7.88
no crypto isakmp ccm
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to94.69.7.88
set peer 94.69.7.88
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
interface FastEthernet0/0
ip address 195.46.25.212 255.255.255.248
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 10.32.63.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 125000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 125000
!
ip classless
ip route 0.0.0.0 0.0.0.0 195.46.25.209
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
logging trap debugging
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.32.63.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.32.63.0 0.0.0.255 10.32.61.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
end
---------------------------Logs---------------------------------
*Jan 7 08:58:17.359: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Jan 7 08:58:17.359: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Jan 7 08:58:18.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
000015: *Jan 7 10:58:20.599 PCTime: %SYS-6-CLOCKUPDATE: System clock has been updated from 08:58:20 UTC Wed Jan 7 1970 to 10:58:20 PCTime Wed Jan 7 1970, configured from console by console.
000016: *Jan 7 10:58:20.599 PCTime: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:58:20 PCTime Wed Jan 7 1970 to 10:58:20 PCTime Wed Jan 7 1970, configured from console by console.
000017: *Jan 7 10:58:21.315 PCTime: %SYS-5-CONFIG_I: Configured from memory by console
000018: *Jan 7 10:58:21.471 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
000019: *Jan 7 10:58:21.983 PCTime: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.3(14)T5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Mon 24-Oct-05 20:00 by kellythw
000020: *Jan 7 10:58:21.987 PCTime: %SNMP-5-COLDSTART: SNMP agent on host ipokratous is undergoing a cold start
000021: *Jan 7 10:58:22.007 PCTime: %SSH-5-ENABLED: SSH 1.99 has been enabled
000022: *Jan 7 10:58:22.163 PCTime: %SYS-6-BOOTTIME: Time taken to reboot after reload = 85 seconds
000023: *Jan 7 10:58:22.323 PCTime: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000024: *Jan 7 10:58:22.323 PCTime: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
000025: *Jan 7 10:58:24.471 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
000026: *Jan 7 10:58:27.471 PCTime: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively down
000027: *Jan 7 10:58:27.471 PCTime: %LINK-5-CHANGED: Interface Serial0/0/1, changed state to administratively down
000028: *Jan 7 10:58:27.471 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
000029: *Jan 7 10:58:27.471 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
000030: *Jan 7 10:58:27.471 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
000031: *Jan 7 10:58:28.471 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to down
000032: *Jan 7 10:58:28.471 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down
06-22-2018 12:40 AM
Hello,
you are running very outdated (2007) software, try and upgrade to a 15 release. How long have these routers been in production ?
06-22-2018 01:18 AM
06-22-2018 01:35 AM
Hello,
are these new devices ?
Either way, upgrade to a newer release, the one you are running is more than 10 years old...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide