Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
0
Helpful
6
Replies

Cisco 1941 Intermittent Internet Connection

ChrisH138
Level 1
Level 1

‎12-05-2017 07:32 AM - edited ‎03-08-2019 01:00 PM

Hello All,

I am new to the Cisco Support Community and would like to thank anyone willing to lend a helping hand. We recently purchased a new Cisco 1941 Router and we seem to be having some issues keeping an internet connection active. It stays up for about 5 minutes after a reload and then becomes intermittent, although I can still ping the public IP address and also remote to a PC from the outside to the inside. We use static IP addresses for inside our network and we have a static IP address that is supplied from our ISP. We have exhausted our searches and seem to be just going around in circles. I have changed our public address to 126.0.0.50 and our gateway to 126.0.0.49 for this discussion. Below I have posted our current running-config. Any help with this is greatly appreciated!

 

 

 

Building configuration...

Current configuration : 11360 bytes
!
! Last configuration change at 14:32:57 GMT Mon Nov 20 2017 by tw1941
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
no aaa new-model
clock timezone GMT -5 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name yourdomain.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-838388455
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-838388455
revocation-check none
rsakeypair TP-self-signed-838388455
!
!
crypto pki certificate chain TP-self-signed-838388455
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38333833 38383435 35301E17 0D313731 31313231 37343930
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3833 38333838
34353530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
AC178A0E 8E978959 0EB9EA1A D8122606 C8B84B84 830417CE 01976974 0B3FDEA9
877D7CAC C045ED33 59752862 98A3BBBB 35A8B46E 578007AF 8AFBB5A2 1CECFB51
B009A713 1B759942 B5E21C35 26CD1D57 2DB03EE8 5D32D9DF 50DAACD7 10D32F89
F8F73B10 3D713BB1 56D5BC96 A3D8AE83 105A6CD7 BA6AC4F7 CAA63CE6 69224253
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014A9 D46B4190 43B4EB7E 5D588383 F579A262 E6AEFF30 1D060355
1D0E0416 0414A9D4 6B419043 B4EB7E5D 588383F5 79A262E6 AEFF300D 06092A86
4886F70D 01010505 00038181 0001D7E7 B3B8E346 C4D81ABB E894BDD4 27BFBB9F
E85BBB84 5D29BAFF 0EA4BA3C 3BB8C0CB 1174CCF1 12B1464C 3B988383 5B70727A
50EBECD4 E3CA5136 D3A80CB2 2AAC7E04 0C7117B4 19D37DC6 194274C7 C9470275
B0A5AF2A 465559E4 F8E2F3A4 448867FA 559E0D2D C8D01DB0 CD0D7210 3ACAD72A
78151607 B665F640 F3AC8BB7 17
quit
license udi pid CISCO1941/K9 sn FJC2136L1A1
!
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
!
username router privilege 15 secret 5 $1$WvrH$oF4BWl7J1cz3WAAx4A5Jo.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-LAN$
ip address 10.0.0.1 255.255.252.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
duplex full
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description PrimaryWANDesc_$ETH-WAN$
ip address 126.0.0.50 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex full
speed auto
no cdp enable
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list nat-list interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.0.0.52 1145 interface GigabitEthernet0/1 1145
ip nat inside source static tcp 10.0.0.52 1433 interface GigabitEthernet0/1 1433
ip nat inside source static tcp 10.0.2.108 3498 interface GigabitEthernet0/1 3498
ip nat inside source static tcp 10.0.2.59 3459 interface GigabitEthernet0/1 3459
ip nat inside source static tcp 10.0.1.119 3428 interface GigabitEthernet0/1 3428
ip nat inside source static tcp 10.0.2.102 3499 interface GigabitEthernet0/1 3499
ip nat inside source static tcp 10.0.1.53 3453 interface GigabitEthernet0/1 3453
ip nat inside source static tcp 10.0.1.208 3449 interface GigabitEthernet0/1 3449
ip nat inside source static tcp 10.0.2.51 3478 interface GigabitEthernet0/1 3478
ip nat inside source static tcp 10.0.0.201 3468 interface GigabitEthernet0/1 3468
ip nat inside source static tcp 10.0.2.103 3443 interface GigabitEthernet0/1 3443
ip nat inside source static tcp 10.0.2.101 3404 interface GigabitEthernet0/1 3404
ip nat inside source static tcp 10.0.0.203 3414 interface GigabitEthernet0/1 3414
ip nat inside source static tcp 10.0.0.205 3456 interface GigabitEthernet0/1 3456
ip nat inside source static tcp 10.0.0.204 3408 interface GigabitEthernet0/1 3408
ip nat inside source static tcp 10.0.1.18 3470 interface GigabitEthernet0/1 3470
ip nat inside source static tcp 10.0.1.101 3427 interface GigabitEthernet0/1 3427
ip nat inside source static tcp 10.0.1.1 3483 interface GigabitEthernet0/1 3483
ip nat inside source static tcp 10.0.2.106 3450 interface GigabitEthernet0/1 3450
ip nat inside source static tcp 10.0.0.208 3417 interface GigabitEthernet0/1 3417
ip nat inside source static tcp 10.0.0.218 3421 interface GigabitEthernet0/1 3421
ip nat inside source static tcp 10.0.0.206 3406 interface GigabitEthernet0/1 3406
ip nat inside source static tcp 10.0.2.110 3410 interface GigabitEthernet0/1 3410
ip nat inside source static tcp 10.0.2.109 3409 interface GigabitEthernet0/1 3409
ip nat inside source static tcp 10.0.2.55 3457 interface GigabitEthernet0/1 3457
ip nat inside source static udp 10.0.0.52 1434 interface GigabitEthernet0/1 1434
ip nat inside source static tcp 10.0.0.151 3451 interface GigabitEthernet0/1 3451
ip nat inside source static tcp 10.0.0.230 3430 interface GigabitEthernet0/1 3430
ip nat inside source static tcp 10.0.0.231 3431 interface GigabitEthernet0/1 3431
ip nat inside source static tcp 10.0.2.53 3432 interface GigabitEthernet0/1 3432
ip nat inside source static tcp 10.0.2.62 3462 interface GigabitEthernet0/1 3462
ip nat inside source static tcp 10.0.1.117 3425 interface GigabitEthernet0/1 3425
ip nat inside source static tcp 10.0.1.129 3429 interface GigabitEthernet0/1 3429
ip nat inside source static tcp 10.0.0.242 3442 interface GigabitEthernet0/1 3442
ip nat inside source static tcp 10.0.2.67 3467 interface GigabitEthernet0/1 3467
ip nat inside source static tcp 10.0.2.112 3415 interface GigabitEthernet0/1 3415
ip nat inside source static tcp 10.0.2.113 3423 interface GigabitEthernet0/1 3423
ip nat inside source static tcp 10.0.2.104 3477 interface GigabitEthernet0/1 3477
ip nat inside source static tcp 10.0.0.70 3490 interface GigabitEthernet0/1 3490
ip nat inside source static tcp 10.0.2.64 3463 interface GigabitEthernet0/1 3463
ip nat inside source static tcp 10.0.0.58 3419 interface GigabitEthernet0/1 3419
ip nat inside source static tcp 10.0.1.59 3460 interface GigabitEthernet0/1 3460
ip nat inside source static tcp 10.0.0.209 3426 interface GigabitEthernet0/1 3426
ip nat inside source static tcp 10.0.0.34 280 interface GigabitEthernet0/1 280
ip nat inside source static tcp 10.0.0.63 8080 interface GigabitEthernet0/1 8080
ip nat inside source static tcp 10.0.0.63 443 interface GigabitEthernet0/1 443
ip nat inside source static tcp 10.0.0.63 631 interface GigabitEthernet0/1 631
ip nat inside source static tcp 10.0.0.223 3422 interface GigabitEthernet0/1 3422
ip nat inside source static tcp 10.0.1.3 3479 interface GigabitEthernet0/1 3479
ip nat inside source static tcp 10.0.0.39 3439 interface GigabitEthernet0/1 3439
ip nat inside source static tcp 10.0.0.243 3424 interface GigabitEthernet0/1 3424
ip nat inside source static tcp 10.0.1.33 3484 interface GigabitEthernet0/1 3484
ip nat inside source static tcp 10.0.2.111 3411 interface GigabitEthernet0/1 3411
ip nat inside source static tcp 10.0.0.202 3469 interface GigabitEthernet0/1 3469
ip nat inside source static tcp 10.0.0.244 3444 interface GigabitEthernet0/1 3444
ip nat inside source static tcp 10.0.1.55 3455 interface GigabitEthernet0/1 3455
ip nat inside source static tcp 10.0.2.159 3458 interface GigabitEthernet0/1 3458
ip nat inside source static tcp 10.0.0.218 3412 interface GigabitEthernet0/1 3412
ip nat inside source static tcp 10.0.0.227 3433 interface GigabitEthernet0/1 3433
ip nat inside source static tcp 10.0.2.225 3452 interface GigabitEthernet0/1 3452
ip nat inside source static tcp 10.0.0.207 3418 interface GigabitEthernet0/1 3418
ip nat inside source static tcp 10.0.2.29 3448 interface GigabitEthernet0/1 3448
ip route 0.0.0.0 0.0.0.0 126.0.0.49
!
ip access-list standard internal
permit 10.0.0.0 0.0.3.255
!
ip access-list extended CON
remark CCP_ACL Category=128
deny ip any host 38.102.150.27
ip access-list extended CONF
remark CCP_ACL Category=128
deny ip any host 38.102.150.27
ip access-list extended Con2
remark CCP_ACL Category=128
deny ip any host 104.244.14.252
ip access-list extended nat-list
remark CCP_ACL Category=18
permit ip 10.0.0.0 0.0.3.255 any
permit ip any any
!
!
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.3.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 126.0.0.48 0.0.0.7 any
access-list 100 permit ip any host 38.102.150.27
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server north-america.pool.ntp.org
!
end

 

Labels:
0 Helpful
6 Replies 6

Yachay
Level 1
Level 1

‎12-05-2017 07:50 AM

What about the speed and duplex configuration on the LAN and WAN devices connected to your router? If you are using duplex full, be sure those devices are duplex full as well (not auto.) If your are using speed auto, be sure they are using the same conf (not fixed.)

 

0 Helpful

ChrisH138
Level 1
Level 1
In response to Yachay

‎12-05-2017 09:08 AM

Thank you for your reply. We have checked our PC on the inside of our network as well as the modem connected to the router. We have verified that all devices are set to auto negotiation and not set at a fixed speed. All ports we are connected to are full duplex as well. After another reload, our connection was active for about 11 minutes but failed again after that. We are using a program called 'Net Uptime Monitor' which continually pings 8.8.8.8 (google's DNS), 4.2.2.2 (level 3's DNS), and 208.67.222.222 (OpenDNS) to check our connection as well as loading webpages. This program has been very helpful in determining if we are connected or not. This seems to be a odd issue but the fact that I can remotely connect to my PC while my connection is not functioning makes me wonder if there is an issue with the unit.

0 Helpful

Yachay
Level 1
Level 1
In response to ChrisH138

‎12-05-2017 10:25 AM

Once I had a similar issue, every 20-30 min I restarted the router, and the problem was that the firewall between the router and the modem had a rule allowing all traffic from source ports between 1 - 10000 (I think someone was practicing how to build rules on the production.)

 

 

0 Helpful

ChrisH138
Level 1
Level 1
In response to Yachay

‎12-06-2017 05:00 AM

Unfortunately we do not have a firewall in place at this time. We are in a test environment where our router is connected directly to our cable modem and a PC is connected directly to the router. Since I have been experiencing this issue I decided to eliminate any other equipment contributing to our problem. Thank you for the suggestion.

0 Helpful

Georg Pauwen
VIP
VIP

‎12-05-2017 01:20 PM

Hello,

 

on a side not and in addition to the other posts, remove the following line from your configuration:

 

ip nat inside source list nat-list interface GigabitEthernet0/1 overload

 

Since you already have access list 1 as the source list, this line is redundant.

 

0 Helpful

ChrisH138
Level 1
Level 1
In response to Georg Pauwen

‎12-06-2017 06:48 AM

Thanks for response. I removed the line from the configuration, saved and reloaded the router. Internet was active after the reload then I lost connection after about 7 minutes. Do you think there is anything else in my config that I may be overlooking? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card