This is weird - I hope it rings some bells with someone as I have no Idea what is going on.
I have a Cisco 2621XM. We have 5 tunnels from it. One to a cosine router which is quite heavily used and the other to home networks, Dratek 2600. All are using IPSEC and 3Des.
Saturday, our internal nameserver, windows 2003 server stopped being able to resolve external websites. I had a sniffer on the server itself and I can see the requests going out of it, but not coming back. If I rebooted the server and reloaded the router, it would work again for about 10-15 minutes and then lock up again. I tried just about everything I can think of, finally out of desperation I shutdown the lightly used tunnels to users home LANs. This fixed the problem.
The router is running Version 12.3(16) IOS.
I am a rookie when it comes to Cisco routers, I haven't done any real packet debugging on them. Is there some way I can figure out where these packets are going? If they are actually getting through the router? As the router is connected directly to our E1 circuit, I can't sniff on the other side of it.
If I set a DNS server on my internal name server, it does then resolve names, but the nameserver itself still can't...
Does anyone have any ideas on what this is, how I can diagnose it, anything? I'm really lost on this and users are giving me hell cos their tunnels are down. The home use tunnels are really lightly used is the thing, so I can't imagine the volume of data is the problem.
Thanks for your help.