Cisco Router loses VPN connection

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jpapke-p40
New Member
Posts: 15
Joined: Mon Aug 13, 2007 2:20 pm
Location: Boise, Idaho, USA

Cisco Router loses VPN connection

Postby jpapke-p40 » Mon Mar 23, 2009 7:46 pm

We have recently brought our stake's buildings "online" and while we all enjoy the speed as the stake clerk I am getting frustrated with calls saying the internet is "down". Each time I go and check it out the VPN LED on the Cisco ASA 5505 is orange. I power cycle the router and everything is green again for a week or so and then I do it all over again!
We have a fixed point wireless connection from the ISP (Digis.net) which connects directly into the ASA 5505. We have buildings with static IP from the ISP as well as dynamic (don't ask me why) so it would seem that having DHCP running is not the issue.
Does anyone have any experience with DIgis.net and have already solved this problem?
Also, is there any way to reset the Cisco without having to open up the A/V cabinets and manually unplug the power supply?

Thanks for any help!

lajackson
Community Moderators
Posts: 6131
Joined: Mon Mar 17, 2008 9:27 pm
Location: US

Postby lajackson » Tue Mar 24, 2009 8:31 am

jpapke wrote:I am getting frustrated with calls saying the internet is "down". Each time I go and check it out the VPN LED on the Cisco ASA 5505 is orange. I power cycle the router and everything is green again for a week or so and then I do it all over again!


Jump over to this thread for some excellent hints with this problem.

jpapke-p40
New Member
Posts: 15
Joined: Mon Aug 13, 2007 2:20 pm
Location: Boise, Idaho, USA

Cisco Router loses VPN connection

Postby jpapke-p40 » Tue Mar 24, 2009 10:43 am

Thanks for the link to the other thread. I do not think that there is an issue with the ASA in my case. I have two buildings (and currently installing in a 3rd) up and running and the VPN LED will stay green for 1 week or more at a time. It then for some yet undetermined reason will change to amber.

Because my installations are using a wireless connection to the ISP and the connection is known to become poor or even non-existant during heavy weather I wonder if the ASA router will dump the VPN if the connection is lost to the ISP? I will go and try this theory out by simply removing the LAN cable from port 0 (ISP router port) and see if the VPN will come back to green once I reconnect the cable.

I also found a reload command for the ASA that states that it will reboot the router using the current configuration stored in its flash memory. I may play around with that too since accessing the router is rather a pain (keys, cabinets, scredrivers etc!)

If anyone has experience with digis.net and similar problems please chime in!
I have not called digis yet since we have had stable connectivity for months prior to installing the ASA.

-Jeff

russellhltn
Community Administrator
Posts: 20745
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Tue Mar 24, 2009 10:57 am

jpapke wrote:I will go and try this theory out by simply removing the LAN cable from port 0 (ISP router port) and see if the VPN will come back to green once I reconnect the cable.


That may not be a good test since I'd expect that removing the LAN cable would be sensed differently then poor connectivity due to bad weather. Specifically, it would see the "link" signal drop when you remove the cable, but it may not do that in bad weather. It might be an interesting experiment to see if disconnecting/reconnecting the cable fixes things when it's down. My theory being that the ASA "gives up" when the connection goes south - and it's waiting for some sign that connectivity has been restored before it tries again (a sign like the link signal changing status).


jpapke wrote:I also found a reload command for the ASA that states that it will reboot the router using the current configuration stored in its flash memory.


Can you do that without the password?
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jpapke-p40
New Member
Posts: 15
Joined: Mon Aug 13, 2007 2:20 pm
Location: Boise, Idaho, USA

Postby jpapke-p40 » Tue Mar 24, 2009 3:28 pm

Well I did the test this afternoon and found that if I removed the cable for about 10-15 sec and reconnected it the VPN light would go amber and then green. If I disconnected the cable for a longer time the VPN never would return to green.

We have a storm comming through this evening so I will go back over tomorrow and see what has happened. If it really is the storminess that causes the problem I will either have to find a new ISP ($$) or devise a way to soft reboot the router or place the router in a more accessible location so my clerks can cycle the power. I have thought of bringing just a switch outside the A/V cabinet so the power can be turned off/on without needing a key nor exposing the actual router (and ports) to possible abuse.

I will try the reload command from the console and let you know what happens.

-Jeff

User avatar
mkmurray
Senior Member
Posts: 3241
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

Postby mkmurray » Tue Mar 24, 2009 3:46 pm

jpapke wrote:If it really is the storminess that causes the problem I will either have to find a new ISP ($$) or devise a way to soft reboot the router or place the router in a more accessible location so my clerks can cycle the power.

Does an Uninterruptible Power Supply (or battery backup) solve this issue?
Many questions are already answered on the LDSTech wiki. Check it out!

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Tue Mar 24, 2009 5:54 pm

Hey Jeff, just another thought. When you open the cabinet to check on the Cisco firewall, how hot does it feel? Is it possible the confined space it's in doesn't give it adequate ventilation?
So we can better help you, please edit your Profile to include your general location.

jpapke-p40
New Member
Posts: 15
Joined: Mon Aug 13, 2007 2:20 pm
Location: Boise, Idaho, USA

Postby jpapke-p40 » Tue Mar 24, 2009 6:40 pm

It feels warm to the touch but not hot. There are no obstructions on the top or sides of the router and it is sitting on top of a non-heat generating location.

Also, for the comment about using an UPS or battery... there is no power supply issue, just that the fixed point wireless ISP connection demands line-of-sight and if we have heavy rain or snow the signal degrades and we lose connectivity.

-Jeff

jpapke-p40
New Member
Posts: 15
Joined: Mon Aug 13, 2007 2:20 pm
Location: Boise, Idaho, USA

Postby jpapke-p40 » Wed Mar 25, 2009 6:41 pm

I had a nice chat with GSD today and they confirmed with me that if the ISP connection is lost the VPN may not re-connect properly. The definition of an amber LED is that the VPN is up but not connected.
The only recourse is to power cycle the router or use a soft-reboot by logging in to the router. I did not have time to delve into the proper steps to log in to the route nor the commands to use but I think the command is "reload" but I do not know how to login to the router except by using the console (COM) connector.

Thanks for the help out there!

-Jeff

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Thu Mar 26, 2009 10:03 am

jpapke wrote:I had a nich chat with GSD today and they confirmed with me that if the ISP connection is lost the VPN may not re-connect properly. The definition of an amber LED is that the VPN is up but not connected.
The only recourse is to power cycle the router or use a soft-reboot by logging in to the router. I did not have time to delve into the proper steps to log in to the route nor the commands to use but I think the command is "reload" but I do not know how to login to the router except by using the console (COM) connector.

Thanks for the help out there!

-Jeff


Jeff,

We experienced similar problems a couple of months ago with the DSL in one of the buildings in our stake. After spending several weeks using various "tricks" to find the problem, we were blessed to have a real good technician from the phone company that provides our DSL mention a possibility.

The problem was related to a "Bridge Tap". This is another connection to the same phone line that is used for the DSL. However, the connection isn't being used. It's a common practice for a phone company to make a bridge tap to existing lines in the hopes that at some future point a subscriber would drop their service and then that same line could be used elsewhere.

Have your ISP check for the presence of this "Tap" and if found have it removed. We have had stable service ever since this was found and repaired. The tap doesn't effect voice service only DSL.
Have you read the Code of Conduct?


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest