Solved

C801 dialin user can't ping

Posted on 2001-06-15
6
303 Views
Last Modified: 2010-04-17
I wanted to configure Cisco 801 for access to internet (with bandwidh on demand) and for dial in users. Acess to internet works just fine, but when a user tries to dial-in, the password is accepted and the user is conected, but he can not ping anything on central site. On remote site is PC with ISDN card.
Here is the configuration:

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxx
!
enable secret 5 $$$$$$$$$$$
!
username "username" password 0 "password"
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
interface Ethernet0
 ip address 10.0.0.250 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer pool-member 1
 dialer pool-member 2
 isdn switch-type basic-net3
 no cdp enable
 ppp authentication chap callin
!
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 ip tcp header-compression passive
 no ip split-horizon
 dialer remote-name xxxxxxx
 dialer idle-timeout 60
 dialer string 111111111
 dialer hold-queue 10
 dialer load-threshold 150 either
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname xxxxxxx
 ppp chap password 7 0832585C5C4C51
 ppp multilink
!
interface Dialer2
 ip unnumbered Ethernet0
 no ip directed-broadcast
 ip nat inside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name remote
 dialer pool 2
 dialer-group 1
 peer default ip address pool naslovi
 no cdp enable
 ppp authentication chap callin
 ppp multilink
!
router rip
 version 2
 passive-interface Dialer1
 passive-interface Dialer2
 network 10.0.0.0
 no auto-summary
!
ip local pool naslovi 10.0.0.251 10.0.0.252
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 101 deny   tcp any range 137 139 any
access-list 101 deny   tcp any any range 137 139
access-list 101 deny   udp any range netbios-ns netbios-ss any
access-list 101 deny   udp any any range netbios-ns netbios-ss
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 password xxxxx
 login
 transport input none
 stopbits 1
line vty 0 4
 password xxxxx
 login
!
end


Another think I don't understand is why if I don't use ppp multilink command in both Dialer1 and Dialer2 profile access to internet does not work.

Router is at the moment a little bit distant to me, so I will be very happy if someone could give me precise instructions.

Thank you very much!

Davorin
0
Comment
Question by:davorin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 6194846
Since you have dialer-pool commands on the dialers, but not on the physical interface, you could see this behavior.
Question: what is the IP address of the user's ETHERNET port at remote site, or do they have one? You might want to assign them to a different network for that interface.

I would use a separate access-list for your NAT also..

Try this:

Interface BRI0
 dialer pool-member 1 priority 50
 dialer pool-member 2 min-link 1
!
interface Dialer2
 ip address 10.0.1.250 255.255.255.0
 dialer in-band
!
ip local pool naslovi 10.0.1.251 10.0.1.252
!
ip route <Ethernet of remote> <mask> dialer 2
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
0
 
LVL 27

Author Comment

by:davorin
ID: 6195611
Ethernet port IP address on remote side (testing) PC is 192.168.0.222/24.

There will be different PCs that will connect to router so I will have dificulties to configure "ip route" and I see no need to configure ip route for IP pool addresses ;-)

Identical configuration except isdn caller screening and bandwidth on demand configured for Dialer1 works perfectly on another router.
Few hours later I have been notified, that internet access does not work anymore. I'm really concerned about router's health.



0
 
LVL 27

Author Comment

by:davorin
ID: 6205336
Finally I got router here and when I tried to dial in I got the message :

Memory Protection Violation:
    epc  =0x0045FCC0, location of fault
    eva  =0x0270E???, read fault address
    error=0x00000082, illegal address
    pti  =0x0000170E
    pte  =0x002CD104


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x0045FEB0, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0xFFFFF100


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x00248624, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0x02102100

It seems like there something wrong with memory.
Any ideas?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 79

Expert Comment

by:lrmoore
ID: 6206194
Looks like your flash SIMM is bad.
Check:
http://www.add-tech.com 
for best prices.

Or open TAC case with serial number of the router. Do you have SmartNet maint?
0
 
LVL 27

Author Comment

by:davorin
ID: 6297102
Untill now I had no time to "play" with router.
Now I had upgraded IOS and Memory Protection Violation error disapeared.
Also I have copied working config from another router and anything seems to work right.

Just another thing is a little bit confusing me: If the router is connected to normal ISDN line (BRI) dial in works fine, if it is connected to centrex, dial in password is rejected?! At the moment I dont have another router to try the same thing, but I think that this is telephony problem.

Irmoore, thanx again for your help.
0
 
LVL 27

Author Comment

by:davorin
ID: 6297108
This comment has not directly solved my problem, but it has some usefull info.

Thanx
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month4 days, 22 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question