![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Hello,
I am in Iraq and have setup a network for some of the guys in my unit to get on the Internet. I bought a Cisco 851w to control access to the Internet (47 on the Internet, 80 or so on the network), run DHCP, and to learn IOS.
I have DHCP, NAT, and the ACL's setup and working as needed.
However, there is a problem where the router refuses connections intermittently. It is not protocol specific. Sometimes it's SSH to the internal router interface. Sometimes it's when pinging an Internet host like yahoo.com. Sometimes it's http to some website. It's not user specific either. It happens to everyone from time to time. It seems as though there is a max number of connections that the router can handle. If we keep trying, eventually whatever you are trying to do will working. The processor is averaging 2-4 percent, and the memory is below 50%. I don't have a max NAT translations set, so I believe it should not have a limit. I don't know of any other possible cause to this problem, except maybe this router has some core setting you cannot modify that only allow so many connections, being that it is an 851w and probably not designed for this big of a network. It seems like an appropriate choice though considering our average download rate of maybe 60KBps (peak is 2Mbps), plus throtting all the time. Sometimes it will even accept my SSH connection, and then kill it after entering my username but before entering my password. Other times, it will work until I am done, or sometimes it will stop in the middle of using SSH.
Below is my config file for those interested. I took out 46 of the 47 manual bindings for the sake of this post as they aren't necessary.
Any help is really appreciated by the Marines of Task Force MP.
I am in Iraq and have setup a network for some of the guys in my unit to get on the Internet. I bought a Cisco 851w to control access to the Internet (47 on the Internet, 80 or so on the network), run DHCP, and to learn IOS.
I have DHCP, NAT, and the ACL's setup and working as needed.
However, there is a problem where the router refuses connections intermittently. It is not protocol specific. Sometimes it's SSH to the internal router interface. Sometimes it's when pinging an Internet host like yahoo.com. Sometimes it's http to some website. It's not user specific either. It happens to everyone from time to time. It seems as though there is a max number of connections that the router can handle. If we keep trying, eventually whatever you are trying to do will working. The processor is averaging 2-4 percent, and the memory is below 50%. I don't have a max NAT translations set, so I believe it should not have a limit. I don't know of any other possible cause to this problem, except maybe this router has some core setting you cannot modify that only allow so many connections, being that it is an 851w and probably not designed for this big of a network. It seems like an appropriate choice though considering our average download rate of maybe 60KBps (peak is 2Mbps), plus throtting all the time. Sometimes it will even accept my SSH connection, and then kill it after entering my username but before entering my password. Other times, it will work until I am done, or sometimes it will stop in the middle of using SSH.
Below is my config file for those interested. I took out 46 of the 47 manual bindings for the sake of this post as they aren't necessary.
Any help is really appreciated by the Marines of Task Force MP.
Code:
login as: xxxx
[email protected]'s password:
Cisco851W#show running-config
Building configuration...
Current configuration : 8780 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco851W
!
boot-start-marker
boot-end-marker
!
logging count
no logging buffered
enable secret 5 xxxx
enable password xxxx
!
no aaa new-model
!
resource policy
!
clock timezone GMT 3
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.2.255 10.10.255.254
ip dhcp excluded-address 10.10.1.1
ip dhcp excluded-address 10.10.0.1 10.10.1.9
!
ip dhcp pool sdm-pool1
import all
network 10.10.0.0 255.255.0.0
default-router 10.10.1.1
dns-server 192.168.1.1
lease 7
!
ip dhcp pool Ryerse
host 10.10.3.1 255.255.0.0
client-identifier 0100.1bfc.2c2d.52
!
!
ip cef
ip name-server 192.168.1.1
!
!
crypto pki trustpoint TP-self-signed-1098615675
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1098615675
revocation-check none
rsakeypair TP-self-signed-1098615675
!
!
crypto pki certificate chain TP-self-signed-1098615675
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303938 36313536 3735301E 170D3038 30323037 32333538
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30393836
31353637 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009CA2 1197B323 F23BDE9B 0B926B12 96579F05 7F754832 A6441CB1 83A2D249
D91063ED 5857FE14 ED56F7AB 302B4DF3 4650247B 2F5C13AB 7899E7AD 03FD787C
051C8F4B 59A688E0 7E244575 387F3A60 E091B2E8 9AA4AA56 5B758605 1BE249F6
8A88CE34 03AB209C E8F1D1CC 8477BAF7 D3EBF09A 78D15DE6 0BD5AD52 2BBEE850
5E6D0203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A436973 636F3835 31572E30 1F060355 1D230418 30168014
2CE7E5BD 9F3BEF0D E512BB59 B5E7A965 959414DC 301D0603 551D0E04 1604142C
E7E5BD9F 3BEF0DE5 12BB59B5 E7A96595 9414DC30 0D06092A 864886F7 0D010104
05000381 81005A6D D6FE4E3B 5D74A678 0F325A9F 4AAB9619 DE8A0F73 371EBCB8
1F3C7B52 23EA8E86 10EB5F01 09170025 66E1531E 16370B9F 054F61AD 96F17950
3B233DFD 1DB4C37C 2F64C107 2BA8A465 B9751745 3FA62924 7591795E 46E80865
C63DA263 688FA4C2 C9FA935E CA9F901C 4B85B1AB 25075387 CB89E3A9 74ABA727
60DBA518 B294
quit
username xxxx privilege 15 password 0 xxxx
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 10.10.1.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 100 interface FastEthernet4 overload
!
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq www
access-list 100 permit udp 10.10.3.0 0.0.0.31 any eq domain
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq 443
access-list 100 permit icmp 10.10.3.0 0.0.0.31 any
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq 995
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq 587
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq pop3
access-list 100 permit tcp 10.10.3.0 0.0.0.31 any eq smtp
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq www
access-list 100 permit udp 10.10.3.32 0.0.0.15 any eq domain
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq 443
access-list 100 permit icmp 10.10.3.32 0.0.0.15 any
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq 995
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq 587
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq pop3
access-list 100 permit tcp 10.10.3.32 0.0.0.15 any eq smtp
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password xxxx
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Cisco851W#