Cisco VPN :: 881 Fails After 24 Hours / IKE Key Lifetime
May 28, 2013
We've got a central office (actually quite small) where several IPSec connections connect to. Two of these connections are Cisco 881 routers. One of them works fine, the other craps out after 24 hours (coincidentally also the IKE key lifetime). When I mean "craps out", it means the VPN worked fine from the get go, until 24 hours later. Only a reload will bring back the VPN tunnel. I've verified my PFS and DPD configurations are solid, because these kind of symptoms would most likely occur when these configurations aren't in order.
The two 881 configurations are quite similar. The only differences between the two are some details in the PPPoE configurations and (quite obviously) the IP address space for the two sites. Both operate on the premise of a point to point connection (no multipoint stuff going on here).
I am using DIR-655 A4 router and I have a server that needs DMZ and a PC that needs a port.So, I have set the dmz to 192.168.0.100 (SERVER) and set the port 2000(or any) to forward to 192.168.0.2 (PC).What I found out was, the port forwarding works well for several hours and suddenly it fails and won't forward until I reboot my 655 router. I am really tired doing this every day. I tried firmware 1.21 to 1.35 and non of them were good.I know that 655 has good performance compare to its price but I think it has world's worst firmware.
We currently have ACS 5.4 and Cisco WLC 5508's deployed. We have wireless lobby admin accounts that can login and successfully create and modify guest wireless accounts. What we are trying to do, however, is give the lobby admins the ability to create wireless accounts with lifetimes longer than 30 days. Currently our setup will only allow the creation of permanent accounts (by entering all 0's in the lifetime fields) or accounts that last up to thirty days.
There are two kinds of time for assinging IPv6 address from DHCP server.Actaully Catalyst 3750X can do this role. however I am not sure about the difference between Valid lifetime and preferred lifetime.In my understanding the valide lifetime is total lifetime for using the assigned IPv6 address but the prefered lifetime when the assinged IPv6 address is expired at the prefered lifetime then the device may generate extended request or something right?
6504 Sup720 ----Dot1q Trunk ----6504 Sup270VPN SPA VLAN 20,30 VPN SPA VLAN 20,30Normal VLAN 10,40 Normal VLAN 10,40,Every 18-24 hours the 6500's- the 6500 go to 100 % CPU - the work around is to reboot one of the switches. Then they will run 18-24 hours.The fix was to only trunk VLAN 10,40 (Networks that needed to see each other) between the switches. If the vlans that the VPN SPA was trunked you would Every 18-24 hours the 6500's- the 6500 go to 100 % CPU.Simple design GRE IPSEC tunnels that work fine and the latest SXI code. It appears that if you trunk the VPN SPA trunks and they are the same VLAN that it going into some kind bridging loop. No errors. Just unresponsive.
The Cisco VPN client is disconnected after 4 hours of inactivity. Is there a setting on the ASA that would timeout after 4 hours? I want to disable this setting. I am running IOS 8.2(4).
i have 5 computers connected 3 are connected via Wifi and 2 are wired plus whatever device i have is on wifi veryday for the last 2 weeks my internet goes out every few hours. Yesterday i had internet all day until this morning when it disconnected again, in order to have my internet up again i have to reboot my router by disconnecting the adaptor.Heres the weird thing all of my computers internet goes down but the vonage service still works and iif i connect my PC directly to the Ubee modem my internet stays on without issue problem is i need vonage for my phone plus all my other computer in the house ive tried to renew and release my ip in my main rig which i guess worked a bit since when this problem started the internet would go off every 10-20 min after i did the renew release the internet stays on for atleast 3 - 6 hours?
Windows IP Configuration Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . :
I have a Motorola SB5101 Cable modem, it connects to a Linksys BEFSR81 8-port router. A WRT54G and a vonage voip device also plug into the BEFSR81 lan ports. I am running Win 7 (32bit). When it works, everything works great, but eventually my pc goes link dead, there will be a little yellow apostrophe over the network icon down in the toolbar (next to the clock). I dont have to reboot anything except the BEFSR81 and then everything comes back up and runs fine for a few more hours.
a few weeks ago I started hosting a server for a game from my computer. It's been working fine and I've been having no problems except for one.After a few hours of hosting my server, my internet connection will immediately drop down to 1.0mbps, and I lose all connection to everything until I reboot my computer.I'm using a wireless internet adapter right now and having this problem, but when I used a wired connection a similar thing would happen where my entire connection would "lock up" in a way. I couldn't connect to anything until I rebooted my computer
I have a problem with the RV042G V01 router manufactured 12/2012.
After router settings the router works fine without any problems. After 10 or 12 hours I got the message that the side could not be opened, while no DNS. I checked inside the router and all settings looks ok DNS adresses from ISP are present on both WAN settings . When I use inside the router the funktion for DNS it will work but from any client is does not work. When I restart the router alls works fine. After few hours ( it's differnt 1,2 or 6 ) I have the same problem. No entry in the log's !
Few months back I had purchased this Router. But I did not use it till last week. Since the time I have installed it, it does freeze often (between 5 to 30 hours).
I can connect to devices within the subnet, but not elswhere. I have to remove the power and plug it back for it to respond. I have updated the firmware to the latest one that was on the Cisco site.
I've got a PIX 515e firewall on a branch site running version 7.2.4.7(LD) connecting via a VPN to an ASA at the HQ with 7.2.5 code running. After several hours it is no longer possible to ping either the PIX or hosts behind it on the branch LAN though the tunnel still shows as being up. In order to bring the link back up the local PIX has to be rebooted.The connection used to work with no problems when I was running PIX version 7.2.1 software but this had to be upgraded to 7.2.4 to support the new TCP normalization commands. VPN connections to other branch sites running PIX 7.2.1 remain active with no problems. The reason for the upgrade is to implement WAN acceleration between the sites however I still encounter this problem even when the WAN acceleration hosts are not installed.In addition to the software upgrade I added the following configuration to both the ASA and the PIX:
The ASA originally had this code but the PIX did not and the VPN was stable, after upgrading the PIX and adding the code the link was no longer stable.
We recently changed ISPs from Verizon T1 to Comcast fiber.
The only change made in the firewall was the outside IP address, gateway and mask. No changes on the internal network or the interface.
After a power cycle everything is good from anywhere from 24-48 hours, then all traffic locks up. The interrface shows as being up but no traffic can get through until another power cycle.
I've mounted a IPSec G2G tunnel with Cisco ASA one end & Cisco router 1802 another end. The 1802 is connected to a BT 2wire Gateway Router to join the BT network. But from time to time, the tunnel goes down for several hours (or several minutes) then goes up again without reason.I've checked the IPSec configuration, it seems correct. Anyone has experience on the BT 2wire Gateway Router ?
I have a new SFE300 with 24ports. The switch works fine, but after 4 or 5 hours it reboots it self. After reebots it works fine for another 4 or 5 hours. [code]
I have two WAP4410N wireless access points powered using Power-Over-Ethernet. Both are running the latest available firmware version (2.0.5.3)They are both connected to the same LAN and broadcasting the same SSID with a WPA2 password.
One is using channel 1, while the other is using channel 11.There is coverage overlap where the signal from both access points hover around -75db to -85db while standing in the same physical location.DHCP is disabled, and is being provided by another network device.
Every day or so, devices can connect and authenticate to the access points, but are not granted an IP address (and subsequently are unable access to the LAN or Internet). For devices that had already retrieved an IP address prior to the issue exhibiting itself, the devices simply stop communicating with LAN and Internet.
However, I can still access each access point's web admin interface from the LAN.
If I reboot both devices, the problem vanishes and devices are once again able to get an IP address and connect to the LAN and Internet.Are these symptoms of signal interference between the two WAPs or is this a completely different issue?
For some reason my wireless drops to local only every 1-2 hours roughly, I can fix it by disconnect and reconnect but this is really annoying, especially if I am playing any games.
I'm having is that every few hours my TCP/IP protocol stops working. The modem lights remain normal but I can't connect to anything. The only thing that works on the internet is traceroutes at the command prompt which function normally. The solution is that I have to reboot and then everything returns to normal until a few hours later when it happens again. There are no error messages on any of my browsers. The page just goes white immediately. When I try to retrieve my email, I get a message about the TCP/IP isn't working.
I am having problems with my Netgear wireless moderm/router DGNG3700. since getting home tonight my internet connection has dropped out 3 times. The moderm /router is only 2weeks old and I have rang the Netgear technical support 4 times. The man I spoke to tonight said they are having trouble with this model and he told me to get the DGNG3700 version 2. I have changed the configerations and am very frustrated with the whole thing. Should I get a different Model altogether.
I have recently moved into a new house that has a DIR-615 router. I have noticed with the router that it will drop the wireless connections after roughly 24-48 hours. The SSID will no longer be broadcast, however, the computers that are wired are still connected.I currently have the E3 hardware version, plus 5.10 firmware on the router
So I've bought a D-Link 815 on 21st June(day before yesterday) and my connection drops every 10-12 hours and i have to close and open the router(the 192.168.0.1 site won't even work)...i'm using PPPOE connection..
I've bought a D-Link because i heard it's the best on the market and i play online poker so i need a stable connection all day long and more important i need my IP to remain at one value for a long time and not change every 12 hours(i have dynamic IP)
Every few hours, the WAN just shuts off. If you were connected to it when this happens, you cannot reconnect until you have reset the router; you can't even find the SSID. If you were not connected when this happens, you can connect just fine. This happens with all devices in the house, my laptop, my DAP-1522, my cell phone, and my brother's Mac (SMH, sometimes I think we aren't related...). I am running version 2.00NA on B1 firmware.
I have the Cisco series “Cisco 1700” routers operational at my client site, These router suddenly get reboot with 1 or 2 hrs gap. See the below errors which has been captured in router logs:
============================================================ 00:00:09: %SYS-5-CONFIG_I: Configured from memory by console 00:00:11: %SYS-5-RESTART: System restarted -- Cisco Internetwork Operating System Software IOS (tm) C1700 Software (C1700-Y-M), Version 12.2(16.1)T, MAINTENANCE INTERIM S OFTWARE TAC Support: [URL]
I have a Cisco 5500 series WLC and though we don't have a guest network up yet... we want to. One of the ideas was to make this guest wifi only active during normal buisness hours, so we don't get people in parking lots late at night trying to do funny stuff.
I can EASILY do this with my home wireless (DD-WRT loaded Linksys router) but I can't find this on the 5500 WLC. Is there a particular place I can look?
We have a secured WPA2 Enterprise network now, but looking to turn up a "guest" with web-auth. We would provide a positive message password to guests that we would change every 3 months or so. We already made a cool landing page and tested it briefly
My internet (wired and wireless) usually works fine, but occasionally (read: every few days to weeks) the connection will suddenly black out for a period of time, anywhere from an hour to a day. I have tried resetting both my router and modem, and going through all the settings on my laptop, but I'm pretty sure it's not my computer, as no other devices can connect either. During the blackouts, when I look at the modem, the internet light will turn on for a second, then go off and then the red "alarm" light (aka "something is wrong" light) starts blinking like crazy, and this keeps repeating. This resolves itself after anywhere from a few hours to a whole day and everything is normal again. The light show, and the fact that I can't find any other problems, leads me to believe that it could be a problem with my provider (or the network itself) and not a hardware or software problem, but I can't be sure of this.Also, during the blackouts, I can connect to the network, but it shows that limited connectivity symbol (exclamation mark thing) and says no internet.
I bought this Tenda wifi router and connected it.It's a chinese one and the user interface is not much friendly. It works fine but sometimes if u play around with it u will lose the settings you inserted in to it and you will need to reconfigure it.
My problem is my ISP seems to renew the IP's issued to their customers automatically every 10 hrs from the last login. But every other router keeps the connection alive but my router doesn't. It needs to be restarted in order to get the internet back online.simply said,u need to restart the router every 10 hrs.
For about 7/24th of the day it'll be fine. But the rest of the day it will be riddled with burst packet loss. For example when I'm pinging.It'll go "Done
Done Done Done Done Request timed out Timed out Timed out
[code]....
Due to how it's only certain times it happens and other times it's perfect leads me to believe it's my ISP.
I have a WiFi Linksys. I am using a Macbook Silver. This has begun recently, every few hours, the internet connection will drop. The only way I can get it back up is to unplug the wifi and plug it back.
I have been using DIR 615 at home for around one year. Now I notice that after some time of continuous usage (say around 3 4 hours) the Wireless network is lost. Thereafter only reboot brings it back. I checked for any latest firmware upgrade from admin page, but it says device already has the latest.
