1 edit | reply to svirfnebli
Re: [HELP] Cisco 871w intermittent inbound problem w/ FIOS 35/35 I have 655 nat translations on my 1841 right now........
Did you try the newer IOS version yet? |
|
| still waiting to get my order from cisco |
|
| reply to svirfnebli
You put the order in? |
|
1 edit | reply to svirfnebli
You may want to doublecheck exactly what SMARTNet you're ordering to make sure.
Did you get a part # from CDW before plunking down the cash? There was also an
earlier thread with a link that crossreferenced all the SMARTNet P/Ns with what
it got you... I just don't remember what thread it was.
[EDIT] found it here : »www.cisco-servicefinder.com/
1) How long does a translation stay valid before it expires
2) What is a reasonable number to have this set to
3) Does anyone have an idea of how many translations this router should or could handle? Do other cisco products handle them better?
4) Can you set how fast they expire or timeout? You may want to read Cisco's NAT FAQ to answer question #1 here :
»www.cisco.com/en/US/tech/tk648/t···3b.shtml
For question 3, I have a 2621 (50Mhz CPU vs the 871s 266Mhz CPU) that's been able
to sustain 2000+ simultaneous NAT translations. How much memory do you have
installed on the 871?
For question 2 and definately for question 4, I'd leave them at the defaults,
unless there is very specific reasons to manually configure them.
Regards |
|
| reply to svirfnebli
here's a dumb un-related question..
My problem here has taught me that I really need to learn the commands when using console or telnet.. I brought home an old PIX 501 which will let me have something to fool around with, and allow me to learn how tp sec up IP sec tunnels etc,
One thing I would like to do is allow my computer at home, to have telnet access to my 871 I've posted my running config at the beginning of this thread. Can someone help me with the commands to do that? I dont have a static ip (yet) at home, but do have dydns running so I have a host name.
thanks for any help |
|
| reply to svirfnebli
Ok, well I had a major breakthrough this morning..
I got a hold of my fios installer and he said that there were two other customers in my area with cisco routers having the same problem of dropping connections after 6 hours.
doing a little research it looks like it has somthing to do with ARP and the connection between the ONT and the cisco router. It looks like it is a known issue, but what is unknown is whether or not there is a solution.
here is a related thread
»supportforums.cisco.com/thread/2001045
Lets see if the new IOS I installed today includes a fix for this... (crosses fingers) |
|
| said by svirfnebli:Ok, well I had a major breakthrough this morning.. I got a hold of my fios installer and he said that there were two other customers in my area with cisco routers having the same problem of dropping connections after 6 hours. doing a little research it looks like it has somthing to do with ARP and the connection between the ONT and the cisco router. It looks like it is a known issue, but what is unknown is whether or not there is a solution. here is a related thread » supportforums.cisco.com/thread/2001045Lets see if the new IOS I installed today includes a fix for this... (crosses fingers) What do i win?  |
|
| reply to svirfnebli
One thing I would like to do is allow my computer at home, to have telnet access to my 871 I've posted my running config at the beginning of this thread. Can someone help me with the commands to do that? I dont have a static ip (yet) at home, but do have dydns running so I have a host name. Easiest is to write an inbound ACL that permits telnet traffic inbound, ie. "permit any any eq 23"
and apply it to your outside interface. So long as you can resolve the hostname properly from
outside, that ACL entry will allow telnet access inbound.
Regards |
|
|
|
| reply to svirfnebli
Ok, well here’s an update…
As cool dude mentioned there is a known problem with ARP and FIOS. Basically if you are on an Alcatel ONT, you cannot have more than one static IP address at this time. They will gladly charge you for 5, 13, or more but really only one is useable.
In my network I was given the range 108.0.253.66-78.I’m no network guru, but as I understand it only the primary address you are given updates ARP properly, the rest of the address range return 0.0.0.0 after about 6 hours.
So this totally explains why my VPN still worked as it is established over that primary address of 108.0.253.66, but all mail and web traffic stopped as it was on .67-.78. Then when I issued a reload command or restarted the router everything worked again. On Friday 9/24/10 they told me there was no known solution or workaround, but that it is an acknowledged problem.
Luckily, I was able to partially work around the issue by port forwarding everything on the primary address, but that lets me only run one web server, e-mail server, https, or ftp – Clearly not the ideal and not what I’m paying for. However it did give me work around that worked immediately to keep my business running.
The main tech called me back today and said that they now had a “workaround” for Cisco routers, but no other brand. I asked if it was a real solution or just a workaround and they said that a real solution is not slated until the middle of next year – ouch. So they are supposed to contact me shortly with the cisco solution (fingers crossed).
Svirf. |
|
| reply to svirfnebli
Thanks for keeping us updated. How is the updated IOS image treating you? Any differences? |
|
| reply to svirfnebli
Translation : "it's an interop issue that will (maybe) be fixed with a code update, or the vendor is
having a finger-pointing and name-calling exercise we just don't want to share with you." *sighs*
Do keep us updated svirfnebli and best of luck!
Regards |
|
