837 ADSL problem

Hi,

I am having a strange problem with a batch of 837 routers. I have currently deployed 5 of these to some of our remote offices dotted around the UK. They are all running IOS Version 12.3(11)T3.

The ADSL ISP is Nildram.

The problem I am having is that the router drops the ADSL connection for no reason. This seems quite random, although it does happen with more frequancy when no traffic on the line.

We use these routers to create IPSec tunnels to 3 hub offices in Denmark, the US, and Australia. Dynamic tunnels can also be opened between any other of our IPSec enabled sites. Such as one UK site to another.

Here is my config... Building configuration...

Current configuration : 29027 bytes ! version 12.3 service nagle no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Mai-test ! boot-start-marker boot-end-marker ! memory-size iomem 5 ! username privilege 15 secret 5 username privilege 7 secret 5 username privilege 15 secret 5 username privilege 15 secret 5 clock timezone UK 0 clock summer-time UK recurring last Sun Mar 2:00 last Sun Oct 3:00 aaa new-model ! ! aaa authentication banner ^C

Welcome to this router.

UNAUTHORIZED ACCESS PROHIBITED

^C aaa authentication fail-message ^C

Failed login. Try again.

^C aaa authentication login default local-case aaa authorization console aaa authorization exec default local aaa session-id common ip subnet-zero no ip source-route no ip gratuitous-arps ! ! no ip dhcp conflict logging ip dhcp excluded-address 10.73.1.0 10.73.1.29 ! ip dhcp pool Mai-test import all network 10.73.1.0 255.255.255.0 dns-server 10.100.3.1 10.98.3.1 netbios-name-server 10.100.3.1 10.98.3.1 netbios-node-type h-node default-router 10.73.1.1 lease 0 8 ! ! ip telnet source-interface Ethernet0 ip cef ip tftp source-interface Ethernet0 ip domain name oticon.dk ip host ipseccert 10.100.128.12 ip host ipsec_AU 10.28.128.11 ip host ipsec_US 10.64.128.11 ip host ipsec_DK 10.100.128.12 ip name-server 213.129.10.4 no ip bootp server ip multicast-routing ip inspect max-incomplete low 500 ip inspect max-incomplete high 1100 ip inspect one-minute low 500 ip inspect one-minute high 1100 ip inspect name fw cuseeme ip inspect name fw fragment maximum 256 timeout 1 ip inspect name fw ftp ip inspect name fw h323 ip inspect name fw http ip inspect name fw icmp ip inspect name fw netshow ip inspect name fw rcmd ip inspect name fw realaudio ip inspect name fw rtsp ip inspect name fw sip ip inspect name fw skinny ip inspect name fw smtp ip inspect name fw sqlnet ip inspect name fw streamworks ip inspect name fw tcp ip inspect name fw tftp ip inspect name fw udp ip inspect name fw vdolive ip ips po max-events 100 ip ssh time-out 60 ip ssh authentication-retries 2 no ftp-server write-enable ! crypto pki trustpoint ipsec_AU enrollment retry count 5 enrollment retry period 2 enrollment mode ra enrollment url http://ipsec_AU:80/certsrv/mscep/mscep.dll usage ike serial-number ip-address 10.73.1.1 subject-name OU=DK O=DK crl query ldap://ipsec_AU revocation-check none auto-enroll ! crypto pki trustpoint ipsec_DK enrollment retry count 5 enrollment retry period 2 enrollment mode ra enrollment url http://ipsec_DK:80/certsrv/mscep/mscep.dll usage ike serial-number ip-address 10.73.1.1 subject-name OU=DK O=DK crl query ldap://ipsec_DK revocation-check none auto-enroll ! crypto pki trustpoint ipsec_US enrollment retry count 5 enrollment retry period 2 enrollment mode ra enrollment url http://ipsec_US:80/certsrv/mscep/mscep.dll usage ike serial-number ip-address 10.73.1.1 subject-name OU=DK O=DK crl query ldap://ipsec_US revocation-check none auto-enroll ! ! crypto pki certificate chain ipsec_AU certificate 14C4E3CA0000000000DB

quit certificate ca 1E6063DC000000000034 quit crypto pki certificate chain ipsec_DK certificate 453D063300000000016C quit certificate ca 15920DE2000000000016 quit crypto pki certificate chain ipsec_US certificate 79FCF1BD00000000003A

quit certificate ca 15A57BCF000000000033

quit no crypto engine onboard 0 ! ! ! crypto isakmp policy 10 encr 3des group 2 crypto isakmp invalid-spi-recovery crypto isakmp keepalive 30 10 ! ! crypto ipsec transform-set 3DES esp-3des esp-sha-hmac mode transport no crypto ipsec nat-transparency udp-encaps ! crypto ipsec profile DMVPN1 set transform-set 3DES ! ! ! ! interface Tunnel0 ip address 172.16.73.1 255.255.0.0 no ip redirects ip mtu 1408 ip nhrp authentication KildeDal ip nhrp map 172.16.100. ip nhrp map multicast ip nhrp map 172.16.64.15 ip nhrp map multicast ip nhrp map 172.16.28.15 ip nhrp map multicast ip nhrp network-id 100 ip nhrp holdtime 300 ip nhrp nhs 172.16.100.15 ip nhrp nhs 172.16.64.15 ip nhrp nhs 172.16.28.15 ip nhrp registration delay 5 keepalive 10 3 tunnel source tunnel mode gre multipoint tunnel key tunnel protection ipsec profile DMVPN1 ! interface Loopback0 ip address 255.255.255.255 ip nat outside ip virtual-reassembly ! interface Ethernet0 description Inside ip address 10.73.1.2 255.255.255.0 no ip redirects no ip proxy-arp ip nat inside ip virtual-reassembly no cdp enable standby 73 ip 10.73.1.1 standby 73 preempt hold-queue 100 out ! interface ATM0 no ip address atm ilmi-keepalive dsl operating-mode auto pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 description Outside bandwidth 2048 ip unnumbered Loopback0 ip access-group inbound in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect fw out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp chap hostname @gotadsl.co.uk ppp chap password ! router eigrp 1 network 10.0.0.0 network 172.16.0.0 0.15.255.255 distribute-list eigrp-filter out Ethernet0 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server no ip http secure-server ! ip nat inside source list NATlist interface Loopback0 overload ! ! ip access-list standard eigrp-filter deny 10.0.254.100 deny 10.0.254.64 deny 10.0.254.28 permit any ! ip access-list extended NATlist deny ip 10.0.0.0 0.255.255.255 192.168.0.0 0.0.255.255 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255 permit ip 10.0.0.0 0.255.255.255 any ip access-list extended inbound deny ip host 213.208.101.25 any deny ip 10.0.0.0 0.255.255.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 224.0.0.0 15.255.255.255 any deny ip host 0.0.0.0 any deny icmp any any redirect permit icmp any host echo-reply permit icmp any host unreachable permit icmp any host time-exceeded permit tcp 213.129.10.0 0.0.0.255 host eq 22 permit tcp 213.129.10.0 0.0.0.255 host eq telnet permit icmp 213.129.10.0 0.0.0.255 host permit gre any host permit esp any host permit udp any host eq isakmp permit udp host 192.38.7.240 eq ntp host logging trap debugging logging source-interface Ethernet0 logging 10.100.3.11 logging 10.73.1.30 access-list 58 permit 10.0.0.0 0.255.255.255 access-list 58 deny any dialer-list 1 protocol ip permit snmp-server community RO 58 snmp-server community RW 58 no cdp run ! ! control-plane ! banner login ^C !================================================================ ! !Authorized access only ! !This system is the property of Oticon Denmark + 45 3917 7100 ! !Disconnect IMMEDIATELY if you are not an authorised user ! ! !================================================================

^C ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 scheduler process-watchdog reload scheduler interval 500 ntp clock-period 17180010 ntp server 10.100.1.15 prefer ntp server 192.38.7.240 end

Hope someone can help. I have bought 45 more of these which need to be deployed.

Regards,

Colin J Fakley.