Re: VPN client able to connect but unable to ping router - Page 2

michaelchandra · ‎02-27-2013

Hi, I'm new to cisco and I'm trying to make my own vpn. I've created the VPN using SDM because I'm not familiar with the Cisco IOS so I thought it'll be easier. When I'm trying to connect to my VPN, i was able to connect but I can't ping the router. I've done googling all day but I can't find the answer.

Below is my configuration :

Building configuration...

Current configuration : 5784 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname michael

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

no logging console

enable secret 5

!

aaa new-model

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

!

aaa session-id common

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool michael

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 202.134.0.155

!

ip dhcp pool excluded-address

host 192.168.1.4 255.255.255.0

hardware-address 01c8.d719.957a.b9

!

ip cef

ip name-server 202.134.0.155

ip name-server 203.130.193.74

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

vpdn enable

!

username michael privilege 15 secret 5

username danny privilege 10 secret 5

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 15

!

crypto isakmp client configuration group michaelvpn

key vpnpassword

pool SDM_POOL_1

netmask 255.255.255.0

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA

reverse-route

!

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

interface Ethernet0

description $FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/35

pppoe-client dial-pool-number 1

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

interface Virtual-PPP1

no ip address

!

interface Dialer1

description $FW_OUTSIDE$

mtu 1492

ip address negotiated

ip access-group 101 in

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp chap hostname ispusername

ppp chap password 0 xxxxxxxxxx

ppp pap sent-username ispusername password 0 xxxxxxx

crypto map SDM_CMAP_1

!

ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

ip nat inside source static tcp 192.168.1.4 21 interface Dialer1 21

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

!

access-list 1 remark SDM_ACL Category=16

access-list 1 permit 192.0.0.0 0.255.255.255

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit ip host 192.168.2.1 any

access-list 101 permit ip host 192.168.2.2 any

access-list 101 permit ip host 192.168.2.3 any

access-list 101 permit ip host 192.168.2.4 any

access-list 101 permit ip host 192.168.2.5 any

access-list 101 permit udp any any eq non500-isakmp

access-list 101 permit udp any any eq isakmp

access-list 101 permit esp any any

access-list 101 permit ahp any any

access-list 101 permit tcp any any eq ftp

access-list 101 permit udp host 203.130.193.74 eq domain any

access-list 101 permit udp host 202.134.0.155 eq domain any

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any log

access-list 102 remark SDM_ACL Category=2

access-list 102 deny ip any host 192.168.2.1

access-list 102 deny ip any host 192.168.2.2

access-list 102 deny ip any host 192.168.2.3

access-list 102 deny ip any host 192.168.2.4

access-list 102 deny ip any host 192.168.2.5

access-list 102 permit ip 192.0.0.0 0.255.255.255 any

route-map SDM_RMAP_1 permit 1

match ip address 102

!

control-plane

!

banner motd ^C

Authorized Access Only

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED

You must have explicit permission to access this device.

All activities performed on this device are logged.

Any violations of access policy will result in disciplinary action.

^C

!

line con 0

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

Here is the client log :

1 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 172.20.10.0

Netmask 255.255.255.240

Gateway 192.168.2.2

Interface 192.168.2.1

2 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: ac140a00, Netmask: fffffff0, Interface: c0a80201, Gateway: c0a80202.

3 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 172.20.10.6

Netmask 255.255.255.255

Gateway 192.168.2.2

Interface 192.168.2.1

4 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: ac140a06, Netmask: ffffffff, Interface: c0a80201, Gateway: c0a80202.

5 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 192.168.81.0

Netmask 255.255.255.0

Gateway 192.168.2.2

Interface 192.168.2.1

6 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a85100, Netmask: ffffff00, Interface: c0a80201, Gateway: c0a80202.

7 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 192.168.255.0

Netmask 255.255.255.0

Gateway 192.168.2.2

Interface 192.168.2.1

8 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a8ff00, Netmask: ffffff00, Interface: c0a80201, Gateway: c0a80202.

9 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 192.168.255.1

Netmask 255.255.255.255

Gateway 192.168.2.2

Interface 192.168.2.1

10 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a8ff01, Netmask: ffffffff, Interface: c0a80201, Gateway: c0a80202.

11 18:17:44.729 02/27/13 Sev=Warning/2 CVPND/0xE3400013

AddRoute failed to add a route with metric of 0: code 160

Destination 192.168.255.255

Netmask 255.255.255.255

Gateway 192.168.2.2

Interface 192.168.2.1

12 18:17:44.729 02/27/13 Sev=Warning/2 CM/0xA3100024

Unable to add route. Network: c0a8ffff, Netmask: ffffffff, Interface: c0a80201, Gateway: c0a80202.

Thank you

Shirshendu Nandi · ‎02-28-2013

Is your router interface where the ip 192.168.1.1 is UP ?

Per sistance router not showing is OK .No issue here .

For the ACl 199 you are getting the below Route

192.168.1.0 255.255.255.0 192.168.2.1 192.168.2.4 100

1> Remove this ip inspect SDM_LOW out from your router dialer interface

2> no access-list102

access-list 102 remark SDM_ACL Category=2

access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

Ping and trace the router Ip and see whats happening

michaelchandra · ‎02-28-2013

Thank you for the response. I'm sure that my interface is up because I can ping the router interface inside the network. I've try to remove ip inspect and access list but it still showing request time out. But at some point I can ping my router. This made me confuse because some time I can ping the router and some time I can't. My 837 router is connected to linksys router which act as wifi router. I really appreciate your help. Thank you.

michaelchandra · ‎03-01-2013

I try to trace route the router but what I get is only * * *. Is there something to do with the DNS server ? Because my VPN adapter seems to have strange DNS. Here is my adapter configuration :

Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-Desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 4:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #

3

Physical Address. . . . . . . . . : D8-5D-4C-8F-54-EF

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::dd76:cfba:967:3822%43(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DHCPv6 IAID . . . . . . . . . . . : 1006634394

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B5-99-1B-1C-6F-65-89-41-28

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 802.11 USB Wireless LAN Card

Physical Address. . . . . . . . . : D8-5D-4C-8F-54-EE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::2038:b3eb:414d:b2cf%34(Preferred)

IPv4 Address. . . . . . . . . . . : 172.20.10.3(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.240

Lease Obtained. . . . . . . . . . : 01 Maret 2013 17:00:17

Lease Expires . . . . . . . . . . : 02 Maret 2013 16:45:52

Default Gateway . . . . . . . . . : 172.20.10.1

DHCP Server . . . . . . . . . . . : 172.20.10.1

DHCPv6 IAID . . . . . . . . . . . : 366501196

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B5-99-1B-1C-6F-65-89-41-28

DNS Servers . . . . . . . . . . . : 202.152.165.39

202.155.0.10

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)

Physical Address. . . . . . . . . : 00-FF-C7-D9-93-69

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

#3

Physical Address. . . . . . . . . : 00-11-B1-07-A3-D3

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 1C-6F-65-89-41-28

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{680E748D-EEC7-40FE-A882-09F0240F8824}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:38ef:3278:8757:fe6d(Pref

erred)

Link-local IPv6 Address . . . . . : fe80::38ef:3278:8757:fe6d%33(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{FB13218B-34DF-459E-8BCE-A992E4D479EA}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Thank you.

jawad-mukhtar · ‎03-01-2013

Please Temp Remove Inspection from your Router and then check.

Jawad

michaelchandra · ‎03-01-2013

Thank you for the response. I have a question, usually when I connected to my VPN network, I can't access the internet, but right now I can browse the internet while connecting to my VPN. Still I can't ping the router. Is that okay ?

Here is my configuration :

Current configuration : 3632 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname michael

!

boot-start-marker

boot-end-marker

!

memory-size iomem 5

no logging console

enable secret 5 $1$pZLW$9RZ8afI8QdGRq0ssaEJVu0

!

aaa new-model

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

!

aaa session-id common

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool michael

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 202.134.0.155

!

ip dhcp pool excluded-address

host 192.168.1.4 255.255.255.0

hardware-address 01c8.d719.957a.b9

!

ip cef

ip name-server 202.134.0.155

ip name-server 203.130.193.74

vpdn enable

!

username michael privilege 15 secret 5 $1$ZJQu$KDigCvYWKkzuzdYHBEY7f.

username danny privilege 10 secret 5 $1$BDs.$Ez0u9wY7ywiBzVd1ECX0N/

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 15

!

crypto isakmp client configuration group michaelvpn

key vpnpassword

pool SDM_POOL_1

acl 199

netmask 255.255.255.0

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA

!

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

interface Ethernet0

description $FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/35

pppoe-client dial-pool-number 1

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

interface Virtual-PPP1

no ip address

!

interface Dialer1

description $FW_OUTSIDE$

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp chap hostname ispusername

ppp chap password 0 isppassword

ppp pap sent-username ispusername password 0 isppasswords

crypto map SDM_CMAP_1

!

ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

ip nat inside source static tcp 192.168.1.4 21 interface Dialer1 21

!

access-list 1 remark SDM_ACL Category=16

access-list 1 permit 192.0.0.0 0.255.255.255

access-list 102 remark SDM_ACL Category=2

access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

access-list 199 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

route-map SDM_RMAP_1 permit 1

match ip address 102

!

control-plane

!

banner motd ^C

Authorized Access Only

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED

You must have explicit permission to access this device.

All activities performed on this device are logged.

Any violations of access policy will result in disciplinary action.

^C

!

line con 0

no modem enable

line aux 0

line vty 0 4

!

scheduler max-task-time 5000

end

Thank you

Shirshendu Nandi · ‎03-01-2013

You will be able to access internet as i have applied split tunneling using Acl 199 .only trqffic for 192.168.1.0 will follow VPN other traffic will go directly to the internet

I beleieve whenever you are testing you are tracing 192.168.1.1 and its returning you a * and pinging gives you request timed Out

I beleive it right btime to enable dubug in your router and see that exactly happening . I am exhausted of ideas Now :-)

michaelchandra · ‎03-01-2013

You are right. How to enable debug on my 837 ? Can i use debug crypto isakmp ?

Shirshendu Nandi · ‎03-02-2013

debug Ip traffic because ipsec is not the issye we need to see the ping request is coming in or not and whats the response?

michaelchandra · ‎03-05-2013

Sorry for the late response, I've tried the debug IP traffic but I get

 debug ip traffic
           ^
% Invalid input detected at '^' marker.

Do you mean debug ip packet ? If so, can I use the debug ip packet 199 or debug IP UDP to limit the output ?

Thank you for your answer

Shirshendu Nandi · ‎03-05-2013

yes keep the same conditional with 199 ack

ter mon

debug ip packet 199

To Finish Debug

un all

ter no mon

michaelchandra · ‎03-06-2013

Here is the diagnostic log :

Syslog logging: enabled (1 messages dropped, 1 messages rate-limited,

0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level notifications, 1 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 73 messages logged, xml disabled,

filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled

No active filter modules.

Trap logging: level informational, 53 message lines logged

Log Buffer (4096 bytes):

l-Access1, changed state to up

*Feb 17 12:37:44.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to up

*Feb 17 12:37:48.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up

*Feb 17 12:39:07.935: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at 192.168.1.4

--------------------Here is the part when I get request time out---------------------

*Feb 17 12:44:35.783: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:44:35.783: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:44:35.787: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B55490, count=0

-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:35.787: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B55490, count=0

-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:40.867: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:44:40.867: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:44:40.871: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B5580C, count=0

-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:40.875: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B5580C, count=0

-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:45.431: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:44:45.431: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:44:45.435: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81F8BBD4, count=0

-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:45.439: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81F8BBD4, count=0

-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:50.911: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:44:50.911: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:44:50.919: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B573EC, count=0

-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:44:50.919: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B573EC, count=0

-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0

0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0

*Feb 17 12:49:50.347: %SYS-5-CONFIG_I: Configured from console by michael on console

*Feb 17 12:51:24.855: %SYS-5-CONFIG_I: Configured from console by michael on console

--------------------Here is the part when I get the reply from the router---------------------

*Feb 17 12:57:22.339: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:57:22.339: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:57:23.395: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:57:23.395: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:57:25.415: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:57:25.419: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

*Feb 17 12:57:27.219: IP: tableid=0, s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), routed via RIB

*Feb 17 12:57:27.219: IP: s=192.168.1.1 (local), d=192.168.2.1 (Dialer1), len 60, sending

Is there any problem with my IOS version ? I'm using

C837 Software (C837-K9O3Y6-M), Version 12.4(3), RELEASE SOFTWARE (fc2)

and my system is

ROM: System Bootstrap, Version 12.2(11r)YV1, RELEASE SOFTWARE (fc1)

Thank you for your advice

Shirshendu Nandi · ‎03-06-2013

1. %SYS-2-BADSHARE: Bad refcount in [chars], ptr=[hex], count=[hex]

An internal software error has occurred.

Recommended Action: If this message recurs, copy the error message exactly as it appears on the console or in the system log, contact your Cisco technical support representative, and provide the representative with the gathered information.

Related documents- No specific documents apply to this error message.

2.

%SYS-2-BADSHARE: Bad refcount in [chars], ptr=[hex], count=[hex]

A reference count is used to track the usage of many data structures. A function increments the count when it begins to use a structure and decrements it when it finishes. When the count becomes zero, the data structure is freed. This message indicates that when the count was accessed, it was found to be negative which means that the data structure will not be freed until the system is reloaded.

Recommended Action: If this message recurs, copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the issue using the tools and utilities provided at
http://www.cisco.com/tac. With some messages, these tools and utilities will supply clarifying information. Also perform a search of the Bug Toolkit
http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl. If you still require assistance, open a case with the Technical Assistance Center via the Internet
http://tools.cisco.com/ServiceRequestTool/create, or contact your Cisco technical support representative and provide the representative with the gathered information. Include the stack trace.

Related documents- No specific documents apply to this error message.

3.

%SYS-2-BADSHARE: Bad refcount in [chars], ptr=[hex], count=[hex]

A reference count is used to track the usage of many data structures. A function increments the count when it begins to use a structure and decrements it when it finishes. When the count becomes zero, the data structure is freed. This message indicates that when the count was accessed, it was found to be negative which means that the data structure will not be freed until the system is reloaded.

Recommended Action: If this messages recurs, include the stack trace and copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the issue using the tools and utilities provided at
http://www.cisco.com/tac. With some messages, these tools and utilities will supply clarifying information. Search for resolved software issues using the Bug Toolkit athttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. If you still require assistance, open a case with the Technical Assistance Center via the Internet at
http://tools.cisco.com/ServiceRequestTool/create/http://tools.cisco.com/ServiceRequestTool/create/, or contact your Cisco technical support representative and provide the representative with the gathered information.

Related documents- No specific documents apply to this error message.

michaelchandra · ‎03-07-2013

Ok, what should I do now ? Because I don't have account to access the bug toolkit. Should I upgrade the IOS version ? Thank you.