Cisco VPN problems

I have a dymanic VPN setup that works but there is one problem. The setup connects and I can use it fine but if my laptop gets disconnected ( such as my kids pulling the power plug to my ethernet switch... ) the router crashes and reboots. I am using Cisco's VPN client version 4.6.00.0049 and the router hardware is as follows:

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version

12.3(11)T 3, RELEASE SOFTWARE (fc4)

Cisco 2811 (revision 53.51) with 774144K/12288K bytes of memory. Processor board ID FTX0911C0PC

2 FastEthernet interfaces 2 Serial interfaces 16 terminal lines 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity enabled. 239K bytes of non-volatile configuration memory. 62592K bytes of ATA CompactFlash (Read/Write)

I think that these are the relevant portions of the config:

crypto isakmp client configuration group GroupName key xxxxxxxxxxxx dns a.b.c.13 wins a.b.c.82 pool lsipool acl 163 netmask 255.255.255.0

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac crypto ipsec transform-set vpnset esp-des esp-md5-hmac

crypto dynamic-map dynmap 1 set transform-set ESP-3DES-SHA reverse-route

crypto map SDM_CMAP_1 client authentication list userauthen crypto map SDM_CMAP_1 isakmp authorization list groupauthen crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel Thru L3 to Nauvoo set peer w.x.y.z set transform-set ESP-3DES-SHA match address 100 crypto map SDM_CMAP_1 3 ipsec-isakmp description Tunnel Thru L3 to Palmyra set peer q.r.s.t set transform-set ESP-3DES-SHA1 match address 101 crypto map SDM_CMAP_1 10 ipsec-isakmp dynamic dynmap

ip local pool lsipool 10.0.63.1 10.0.63.254

access-list 100 permit ip a.b.c.0 0.0.0.255 10.0.1.0 0.0.0.255 access-list 100 permit ip 10.0.63.0 0.0.0.255 10.0.1.0 0.0.0.255 access-list 100 permit ip 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255 access-list 101 permit ip a.b.c.0 0.0.0.255 10.0.2.0 0.0.0.255 access-list 101 permit ip 10.0.63.0 0.0.0.255 10.0.2.0 0.0.0.255 access-list 101 permit ip 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255 access-list 163 permit ip 10.0.1.0 0.0.0.255 any access-list 163 permit ip 10.0.2.0 0.0.0.255 any access-list 163 permit ip a.b.c.0 0.0.0.255 any

There may be extraneous entries left over here from when I was trying to get everything to work, but it now works except for this one problem. My two static VPNs don't seem to be affected by this problem. They can lose IP connectivity ( for example their ISP suffers a storm, they are very rural areas ) and it does not affect the 2811 at all. But if I am connected with a laptop ( it has happened from more than one laptop so I think it is not specific to the laptop or the laptop's OS ) and the laptop loses IP connectivity, the 2811 dies and reboots. The only clue I see is in the sh ver after it reboots, but I searched on that message and found nothing.

System returned to ROM by unknown reload cause - reason ptr 0xBFC45F00, PC

0x406 93B10, address 0x0 at 22:28:11 MST Sun Mar 1 2009 System restarted at 22:29:22 MST Sun Mar 1 2009 System image file is "flash:c2800nm-advipservicesk9-mz.123-11.T3.bin"

Any insight you might be able to give would be greatly appreciated.

Thanks,

Gordon Montgomery Living Scriptures, Inc snipped-for-privacy@lsi.com (anti spam - replace lsi with livingscriptures) (801) 627-2000

Reply to
Gordon Montgomery
Loading thread data ...

formatting link
Unknown Reload Cause Here, the defect that caused the crash does not allow the router to record the reload reason. This issue can be related to hardware or software. Unless circumstances clearly indicate a hardware problem (see the Troubleshoot section), contact your Cisco technical support representative.

Check whether you can resolve the defect through an upgrade to the latest Cisco IOS Software version in your release train. Otherwise, collect additional information from the crashinfo file or from the console logs (refer to Troubleshooting Router Crashes), and contact your Cisco technical support representative.

Reply to
Artie Lange

formatting link

You should almost never run "T" code!!!! "T" code is the version where new software features and hardware support are introduced and is always buggy and should be considered "beta" code. You should upgrade to 12.4, which is the "production" version of the 12.3T train. "T" code should only be run if you MUST have a new software feature or is required for your hardware platform.

Reply to
Thrill5

Interesting, because that is the code that came on it when I bought it from a dealer several years ago. I thought at the time it was a Cisco dealer, but honestly, I did not completely check into it. It came with Smartnet when I bought it and Cisco had no problems talking to me when I called the couple of times I had a problem. Of course I let that lapse after that first year, so I have no way of updating now. Perhaps I'll have to check into renewing Smartnet.

Thanks

Gordon Montgomery Living Scriptures, Inc snipped-for-privacy@lsi.com (anti spam - replace lsi with livingscriptures) (801) 627-2000

Reply to
Gordon Montgomery

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.