|
Home > Archive > alt.certification.cisco > September 2003 > HELP: Our 2600 router drops Internet access every hour!!!!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
HELP: Our 2600 router drops Internet access every hour!!!!
|
|
| WhyAks 2003-09-21, 4:24 pm |
| Everything was OK, until 2 weeks ago:
We use a Cisco 2600 router to access the Internet and a database
application hosted at HQ via VPN. In the past 2 weeks, our users
started to lose Internet access frequently (every hour) and the only
way we can restore "Internet" connectivity is to turn the router off,
wait 15 seconds and turn it on again! However, the VPN connection is
never affected and field employees can access the Exchange Server via
Outlook Web Access. It seems the router allows all traffic in and out,
except Internet traffic from the inside to external web sites. The
router appears to become overloaded: What could possibly be
"overloading" the router? We have no new, or even modified, hardware
or software. Could this be one of the recent worms! How can I
find out and how can we prevent the router from being "flooded" so
frequently?
I inherited the following setup:
Cisco 2600 series router with a T1 connection; Windows 2000 Pro
clients get dynamic IP addresses (10.9.90.x with 255.255.252.0 mask )
from a Windows NT DHCP server and connect to a VPN server at our head
office that has an IP address of 10.72.80.244. The router is
configured with 3 IP addresses: 2 on the "local" interface (10.9.90.1
and 65.110.17.1) and the third IP on the external interface
(144.8.14.22). It is not important now, but it'd be nice if anybody
can explain to me how we are able to access both the Internet and VPN
using only private IP addresses on the clients.
Any help appreciated.
| |
|
| login to the box.
do a *show proc cpu* check to see what the cpu is running at.(5sec, 5min)
if you have alot of IP Input, it's possible there is a worm, run some
accounting to investigate who is pushing this traffic or apply an access
list, and try *sho ip access-list to see where the hits are coming from...
do a *sho mem* see how much memory you have as opposed to what you have
left..
common viruses nowadays are with icmp, port 135, 1434,1433, but most likely
icmp.
so you would need to implement an access list to filter these out
temporarely..
Regards,
SD
"WhyAks" <mapjat@hotmail.com> wrote in message
news:6nvrmvketli630tu91vfodkpv
raunf9354@4ax.com...
> Everything was OK, until 2 weeks ago:
>
> We use a Cisco 2600 router to access the Internet and a database
> application hosted at HQ via VPN. In the past 2 weeks, our users
> started to lose Internet access frequently (every hour) and the only
> way we can restore "Internet" connectivity is to turn the router off,
> wait 15 seconds and turn it on again! However, the VPN connection is
> never affected and field employees can access the Exchange Server via
> Outlook Web Access. It seems the router allows all traffic in and out,
> except Internet traffic from the inside to external web sites. The
> router appears to become overloaded: What could possibly be
> "overloading" the router? We have no new, or even modified, hardware
> or software. Could this be one of the recent worms! How can I
> find out and how can we prevent the router from being "flooded" so
> frequently?
>
> I inherited the following setup:
> Cisco 2600 series router with a T1 connection; Windows 2000 Pro
> clients get dynamic IP addresses (10.9.90.x with 255.255.252.0 mask )
> from a Windows NT DHCP server and connect to a VPN server at our head
> office that has an IP address of 10.72.80.244. The router is
> configured with 3 IP addresses: 2 on the "local" interface (10.9.90.1
> and 65.110.17.1) and the third IP on the external interface
> (144.8.14.22). It is not important now, but it'd be nice if anybody
> can explain to me how we are able to access both the Internet and VPN
> using only private IP addresses on the clients.
>
> Any help appreciated.
>
>
| |
| Robert Chen 2003-09-22, 12:25 pm |
| First, don't just turn off the router and then turn it back on. You loose
the log files this way. Connect to the router via console and do an show
log and a show proc cpu history. If you are getting memory allocation
errors the it's most likely to be the work. Also, if you want to you can
apply and ACL to deny ICMP pings on the interfaces. The most recent ones
are using ICMP pings to find new networks and spreading them self to them.
You can also do a log on ICMP pings. This can and might kill the router.
Also, make sure that all the server/workstation (that is running MS client)
is up to date with the new security patches and anti virus definitions.
"WhyAks" <mapjat@hotmail.com> wrote in message
news:6nvrmvketli630tu91vfodkpv
raunf9354@4ax.com...
> Everything was OK, until 2 weeks ago:
>
> We use a Cisco 2600 router to access the Internet and a database
> application hosted at HQ via VPN. In the past 2 weeks, our users
> started to lose Internet access frequently (every hour) and the only
> way we can restore "Internet" connectivity is to turn the router off,
> wait 15 seconds and turn it on again! However, the VPN connection is
> never affected and field employees can access the Exchange Server via
> Outlook Web Access. It seems the router allows all traffic in and out,
> except Internet traffic from the inside to external web sites. The
> router appears to become overloaded: What could possibly be
> "overloading" the router? We have no new, or even modified, hardware
> or software. Could this be one of the recent worms! How can I
> find out and how can we prevent the router from being "flooded" so
> frequently?
>
> I inherited the following setup:
> Cisco 2600 series router with a T1 connection; Windows 2000 Pro
> clients get dynamic IP addresses (10.9.90.x with 255.255.252.0 mask )
> from a Windows NT DHCP server and connect to a VPN server at our head
> office that has an IP address of 10.72.80.244. The router is
> configured with 3 IP addresses: 2 on the "local" interface (10.9.90.1
> and 65.110.17.1) and the third IP on the external interface
> (144.8.14.22). It is not important now, but it'd be nice if anybody
> can explain to me how we are able to access both the Internet and VPN
> using only private IP addresses on the clients.
>
> Any help appreciated.
>
>
|
|
|
|
|