Solved

C801 dialin user can't ping

Posted on 2001-06-15
6
281 Views
Last Modified: 2010-04-17
I wanted to configure Cisco 801 for access to internet (with bandwidh on demand) and for dial in users. Acess to internet works just fine, but when a user tries to dial-in, the password is accepted and the user is conected, but he can not ping anything on central site. On remote site is PC with ISDN card.
Here is the configuration:

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxx
!
enable secret 5 $$$$$$$$$$$
!
username "username" password 0 "password"
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
interface Ethernet0
 ip address 10.0.0.250 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer pool-member 1
 dialer pool-member 2
 isdn switch-type basic-net3
 no cdp enable
 ppp authentication chap callin
!
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 ip tcp header-compression passive
 no ip split-horizon
 dialer remote-name xxxxxxx
 dialer idle-timeout 60
 dialer string 111111111
 dialer hold-queue 10
 dialer load-threshold 150 either
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname xxxxxxx
 ppp chap password 7 0832585C5C4C51
 ppp multilink
!
interface Dialer2
 ip unnumbered Ethernet0
 no ip directed-broadcast
 ip nat inside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name remote
 dialer pool 2
 dialer-group 1
 peer default ip address pool naslovi
 no cdp enable
 ppp authentication chap callin
 ppp multilink
!
router rip
 version 2
 passive-interface Dialer1
 passive-interface Dialer2
 network 10.0.0.0
 no auto-summary
!
ip local pool naslovi 10.0.0.251 10.0.0.252
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 101 deny   tcp any range 137 139 any
access-list 101 deny   tcp any any range 137 139
access-list 101 deny   udp any range netbios-ns netbios-ss any
access-list 101 deny   udp any any range netbios-ns netbios-ss
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 password xxxxx
 login
 transport input none
 stopbits 1
line vty 0 4
 password xxxxx
 login
!
end


Another think I don't understand is why if I don't use ppp multilink command in both Dialer1 and Dialer2 profile access to internet does not work.

Router is at the moment a little bit distant to me, so I will be very happy if someone could give me precise instructions.

Thank you very much!

Davorin
0
Comment
Question by:davorin
  • 4
  • 2
6 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 6194846
Since you have dialer-pool commands on the dialers, but not on the physical interface, you could see this behavior.
Question: what is the IP address of the user's ETHERNET port at remote site, or do they have one? You might want to assign them to a different network for that interface.

I would use a separate access-list for your NAT also..

Try this:

Interface BRI0
 dialer pool-member 1 priority 50
 dialer pool-member 2 min-link 1
!
interface Dialer2
 ip address 10.0.1.250 255.255.255.0
 dialer in-band
!
ip local pool naslovi 10.0.1.251 10.0.1.252
!
ip route <Ethernet of remote> <mask> dialer 2
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
0
 
LVL 27

Author Comment

by:davorin
ID: 6195611
Ethernet port IP address on remote side (testing) PC is 192.168.0.222/24.

There will be different PCs that will connect to router so I will have dificulties to configure "ip route" and I see no need to configure ip route for IP pool addresses ;-)

Identical configuration except isdn caller screening and bandwidth on demand configured for Dialer1 works perfectly on another router.
Few hours later I have been notified, that internet access does not work anymore. I'm really concerned about router's health.



0
 
LVL 27

Author Comment

by:davorin
ID: 6205336
Finally I got router here and when I tried to dial in I got the message :

Memory Protection Violation:
    epc  =0x0045FCC0, location of fault
    eva  =0x0270E???, read fault address
    error=0x00000082, illegal address
    pti  =0x0000170E
    pte  =0x002CD104


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x0045FEB0, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0xFFFFF100


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x00248624, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0x02102100

It seems like there something wrong with memory.
Any ideas?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 79

Expert Comment

by:lrmoore
ID: 6206194
Looks like your flash SIMM is bad.
Check:
http://www.add-tech.com
for best prices.

Or open TAC case with serial number of the router. Do you have SmartNet maint?
0
 
LVL 27

Author Comment

by:davorin
ID: 6297102
Untill now I had no time to "play" with router.
Now I had upgraded IOS and Memory Protection Violation error disapeared.
Also I have copied working config from another router and anything seems to work right.

Just another thing is a little bit confusing me: If the router is connected to normal ISDN line (BRI) dial in works fine, if it is connected to centrex, dial in password is rejected?! At the moment I dont have another router to try the same thing, but I think that this is telephony problem.

Irmoore, thanx again for your help.
0
 
LVL 27

Author Comment

by:davorin
ID: 6297108
This comment has not directly solved my problem, but it has some usefull info.

Thanx
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now