however… NOW my DNS servers (the ones that face the internet for our websites) won’t work. WTH?!

here is a diagram of how our VPN is layed out.

Version:

Cisco Internetwork Operating System Software
IOS ™ C2600 Software (C2600-IK9O3S3-M), Version 12.3(19), RELEASE SOFTWARE (f
c2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 04:14 by evmiller
Image text-base: 0×80008098, data-base: 0x81A0C1A4

ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(19), RELEASE SOFTWARE (fc2)

sky2650 uptime is 18 hours, 15 minutes
System returned to ROM by power-on
System image file is “flash:c2600-ik9o3s3-mz.123-19.bin”

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco 2650 (MPC860P) processor (revision 0×200) with 111616K/19456K bytes of mem
ory.
Processor board ID JAB05380878 (4003562465)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
1 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0×2102

Diag:

Slot 0:
C2650 1FE Mainboard Port adapter, 3 ports
Port adapter is analyzed
Port adapter insertion time unknown
EEPROM contents at hardware discovery:
Hardware Revision : 2.0
PCB Serial Number : JAB05380878 (4003562465)
Part Number : 73-5024-04
RMA History : 00
RMA Number : 0-0-0-0
Board Revision : B0
Deviation Number : 0-0
Product (FRU) Number : C2600M-1FE
EEPROM format version 4
EEPROM contents (hex):
0×00: 04 FF 40 01 C1 41 02 00 C1 18 4A 41 42 30 35 33
0×10: 38 30 38 37 38 20 28 34 30 30 33 35 36 32 34 36
0×20: 35 29 82 49 13 A0 04 04 00 81 00 00 00 00 42 42
0×30: 30 80 00 00 00 00 FF FF FF FF FF FF FF FF FF FF
0×40: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0×50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0×60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0×70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

WIC Slot 0:
FT1 BT8360
Hardware revision 1.3 Board revision B0
Serial number 25333331 Part number 800-03279-04
FRU Part Number WIC-1DSU-T1=

Test history 0×0 RMA number 00-00-00
Connector type Wan Module
EEPROM format version 2
EEPROM contents (hex):
0×20: 02 11 01 03 01 82 8E 53 50 0C CF 04 00 00 00 00
0×30: 58 00 00 00 01 07 01 01 FF FF FF FF FF FF FF FF

WIC Slot 1:
FT1 BT8360
Hardware revision 1.3 Board revision C0
Serial number 14664217 Part number 800-03279-03
FRU Part Number WIC-1DSU-T1=

Test history 0×0 RMA number 00-00-00
Connector type Wan Module
EEPROM format version 2
EEPROM contents (hex):
0×20: 02 11 01 03 00 DF C2 19 50 0C CF 03 00 00 00 00
0×30: 60 00 00 00 99 07 02 01 FF FF FF FF FF FF FF FF

Version:

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M5, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:41 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

router uptime is 19 hours, 19 minutes
System returned to ROM by power-on
System image file is “flash0:c2900-universalk9-mz.SPA.150-1.M5.bin”
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2901/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FTX151703TR
2 Gigabit Ethernet interfaces
2 Serial interfaces
2 Channelized T1/PRI ports
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

————————————————-
Device# PID SN
————————————————-
*0 CISCO2901/K9 FTX151703TR

Technology Package License Information for Module:’c2900′

—————————————————————-
Technology Technology-package Technology-package
Current Type Next reboot
—————————————————————–
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Evaluation securityk9
uc None None None
data None None None

Configuration register is 0×2102

Diag:
Slot 0:
C2901 Mother board 2GE, integrated VPN and 4W Port adapter, 4 ports
Port adapter is analyzed
Port adapter insertion time 19:19:46 ago
EEPROM contents at hardware discovery:
PCB Serial Number : FOC15115W40
Hardware Revision : 1.0
Part Number : 73-11834-06
Top Assy. Part Number : 800-30795-02
Board Revision : E0
Deviation Number : 113332
Fab Version : 03
Product (FRU) Number : CISCO2901/K9
Version Identifier : V02
CLEI Code : CMMBN00ARA
Processor type : C1
Chassis Serial Number : FTX151703TR
Chassis MAC Address : 6400.f1a5.aa48
MAC Address block size : 72
Manufacturing Test Data : 00 00 00 00 00 00 00 00
EEPROM format version 4
EEPROM contents (hex):
0×00: 04 FF C1 8B 46 4F 43 31 35 31 31 35 57 34 30 40
0×10: 06 17 41 01 00 82 49 2E 3A 06 C0 46 03 20 00 78
0×20: 4B 02 42 45 30 88 00 01 BA B4 02 03 CB 8C 43 49
0×30: 53 43 4F 32 39 30 31 2F 4B 39 89 56 30 32 20 D9
0×40: 04 40 C1 CB C2 C6 8A 43 4D 4D 42 4E 30 30 41 52
0×50: 41 09 C1 C2 8B 46 54 58 31 35 31 37 30 33 54 52
0×60: C3 06 64 00 F1 A5 AA 48 43 00 48 C4 08 00 00 00
0×70: 00 00 00 00 00 F3 00 65 40 01 25 41 00 87 42 00
0×80: 00 F8 00 28 03 E8 1C 89 07 D0 20 21 0B B8 20 93
0×90: 0F A0 21 2F 13 88 21 83 17 70 21 A8 1B 58 21 B0
0xA0: 1F 40 21 AB 23 28 21 79 27 10 21 78 41 01 1D 42
0xB0: 00 00 F8 00 28 03 E8 1C 20 07 D0 1F 40 0B B8 20
0xC0: 6C 0F A0 21 34 13 88 21 34 17 70 21 98 1B 58 21
0xD0: 98 1F 40 21 98 23 28 21 34 27 10 21 34 FF FF FF
0xE0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0xF0: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

WIC Slot 0:
VWIC2-2MFT-T1/E1 – 2-Port RJ-48 Multiflex Trunk – T1/E1
Hardware Revision : 0.0
Top Assy. Part Number : 800-22629-05
Board Revision : C0
Deviation Number : 0
Fab Version : 04
PCB Serial Number : FOC15142CF2
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : VWIC2-2MFT-T1/E1
Version Identifier : V01
EEPROM format version 4
EEPROM contents (hex):
0×00: 04 FF 40 03 FC 41 00 00 C0 46 03 20 00 58 65 05
0×10: 42 43 30 88 00 00 00 00 02 04 C1 8B 46 4F 43 31
0×20: 35 31 34 32 43 46 32 03 00 81 00 00 00 00 04 00
0×30: CB 90 56 57 49 43 32 2D 32 4D 46 54 2D 54 31 2F
0×40: 45 31 89 56 30 31 20 D9 02 40 C1 FF FF FF FF FF
0×50: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0×60: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
0×70: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

It sounds like you do not have a vpn module in the 2650. Can you post the output of ‘show version’ and ‘show diag’?

Josh

We had a working VPN on a 2650 that allowed our 2 branches to connect to us. It was slow over the single T1, but it worked ok. We upgraded to a second T1 (bonded with multilink PPP encap) and a new router (Cisco 2901) and all hell has broken loose.

The internet works fine, nice and fast. However the VPN is a nightmare. Even copying (for the most part, obviously the IPs are different) what you have here I get nowhere. When i run a ping from the router, sourced to the ethernet port, everything is fine. Response times are around 80-85ms. However if I ping them from my desktop the times are all over the place; some going through at 80ms like from the router, and some timing out entirely even with the timeout set to 20,000. I’ve had my ISP’s techs working on it, and been working at it myself, for the past 3 days to no avail and am about to pull my hair out… any suggestions (other than a nice wig company)?