Why does my gateway router crash? 2621 NAT/DHCP

[westmanm]

I've got a 2621 doing NAT and DHCP that for months ran without a problem. Now, it's crashing every few hours and I'm at a loss as to why. Any ideas?

version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Gateway
!
enable secret 5 
!
ip subnet-zero
no ip source-route
!
!
ip ftp username router
ip ftp password 7 
no ip domain-lookup
ip name-server 68.15.
ip name-server 4.2.2.2
ip dhcp excluded-address 10.200.1.1 10.200.1.99
ip dhcp excluded-address 10.200.1.200 10.200.1.253
!
ip dhcp pool 1
   network 10.200.1.0 255.255.255.0
   default-router 10.200.1.254 
   dns-server 68.15.231.238 4.2.2.2 
!
ip dhcp pool adminhouse
   host 10.200.1.156 255.255.255.0
   hardware-address 0100.50ba.bff2.79 ieee802
   client-name adminhouse
!
!
!
!
interface FastEthernet0/0
 description WAN connection to Cox
 ip address 68.15. 255.255.255.224
 ip access-group 115 in
 ip access-group 115 out
 no ip redirects
 no ip unreachables
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Internal connection
 ip address 10.1.1.254 255.255.255.0 secondary
 ip address 10.200.1.254 255.255.255.0
 ip access-group 115 in
 ip access-group 115 out
 ip nat inside
 duplex auto
 speed auto
!
ip nat translation timeout 2
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 10.200.1.112 68.15.
ip classless
ip route 0.0.0.0 0.0.0.0 68.15.231.225
ip route 10.2.1.0 255.255.255.0 209.102.213.1
no ip http server
ip pim bidir-enable
!
access-list 1 permit 10.200.1.0 0.0.0.255
access-list 10 permit 68.15.231.238
access-list 10 permit 10.200.1.0 0.0.0.255
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 115 deny   icmp any any echo
access-list 115 deny   icmp any any echo-reply
access-list 115 deny   tcp any any eq 135
access-list 115 deny   udp any any eq 135
access-list 115 deny   udp any any eq netbios-ns
access-list 115 deny   udp any any eq netbios-dgm
access-list 115 deny   tcp any any eq 139
access-list 115 deny   udp any any eq netbios-ss
access-list 115 deny   tcp any any eq 445
access-list 115 deny   tcp any any eq 593
access-list 115 deny   tcp any any eq 4444
access-list 115 permit ip any any
snmp-server community Bridges RO
snmp-server contact Michael 
!
line con 0
 exec-timeout 0 0
 password 7 1405131D090A
 login
line aux 0
line vty 0 4
 access-class 10 in
 password 7 1405131D090A
 login
!
end

 

[sobak]

I have a Cisco 2621 that was doing the same thing. Found out that there were two issues causing this.

W32/Lovsan.worm.a
W32/Nachi.worm

I removed all traces from inside my network and my router thanked me by staying up.

If you do a show ver does it say

System returned to ROM by error - a SegV exception, PC 0x80325828? This is what I saw when my router would reboot on me. I detected this by setting up an access list to block port 135 on the router and logged all attempts on that port. That would give me the IP Addresses of the infected systems so I could track them down and remove it off them.

Of course this may not be your problem, but it was what was causing my reboot problems.



david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[westmanm]

Turned out that the boss had turned two infected computers back on. And here he was blaming it on me.

Bosses can be worse then users some time.

-Mike

 

[BuckWeet]

can be worse sometimes ? lol

more like all the time

 

[gilg]

try to upgarde your IOS