Solved

C801 dialin user can't ping

Posted on 2001-06-15
6
292 Views
Last Modified: 2010-04-17
I wanted to configure Cisco 801 for access to internet (with bandwidh on demand) and for dial in users. Acess to internet works just fine, but when a user tries to dial-in, the password is accepted and the user is conected, but he can not ping anything on central site. On remote site is PC with ISDN card.
Here is the configuration:

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxx
!
enable secret 5 $$$$$$$$$$$
!
username "username" password 0 "password"
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
interface Ethernet0
 ip address 10.0.0.250 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface BRI0
 no ip address
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 dialer pool-member 1
 dialer pool-member 2
 isdn switch-type basic-net3
 no cdp enable
 ppp authentication chap callin
!
interface Dialer1
 ip address negotiated
 ip access-group 101 out
 no ip directed-broadcast
 ip nat outside
 encapsulation ppp
 ip tcp header-compression passive
 no ip split-horizon
 dialer remote-name xxxxxxx
 dialer idle-timeout 60
 dialer string 111111111
 dialer hold-queue 10
 dialer load-threshold 150 either
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname xxxxxxx
 ppp chap password 7 0832585C5C4C51
 ppp multilink
!
interface Dialer2
 ip unnumbered Ethernet0
 no ip directed-broadcast
 ip nat inside
 encapsulation ppp
 no ip split-horizon
 dialer remote-name remote
 dialer pool 2
 dialer-group 1
 peer default ip address pool naslovi
 no cdp enable
 ppp authentication chap callin
 ppp multilink
!
router rip
 version 2
 passive-interface Dialer1
 passive-interface Dialer2
 network 10.0.0.0
 no auto-summary
!
ip local pool naslovi 10.0.0.251 10.0.0.252
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 101 deny   tcp any range 137 139 any
access-list 101 deny   tcp any any range 137 139
access-list 101 deny   udp any range netbios-ns netbios-ss any
access-list 101 deny   udp any any range netbios-ns netbios-ss
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 password xxxxx
 login
 transport input none
 stopbits 1
line vty 0 4
 password xxxxx
 login
!
end


Another think I don't understand is why if I don't use ppp multilink command in both Dialer1 and Dialer2 profile access to internet does not work.

Router is at the moment a little bit distant to me, so I will be very happy if someone could give me precise instructions.

Thank you very much!

Davorin
0
Comment
Question by:davorin
  • 4
  • 2
6 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 6194846
Since you have dialer-pool commands on the dialers, but not on the physical interface, you could see this behavior.
Question: what is the IP address of the user's ETHERNET port at remote site, or do they have one? You might want to assign them to a different network for that interface.

I would use a separate access-list for your NAT also..

Try this:

Interface BRI0
 dialer pool-member 1 priority 50
 dialer pool-member 2 min-link 1
!
interface Dialer2
 ip address 10.0.1.250 255.255.255.0
 dialer in-band
!
ip local pool naslovi 10.0.1.251 10.0.1.252
!
ip route <Ethernet of remote> <mask> dialer 2
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
0
 
LVL 27

Author Comment

by:davorin
ID: 6195611
Ethernet port IP address on remote side (testing) PC is 192.168.0.222/24.

There will be different PCs that will connect to router so I will have dificulties to configure "ip route" and I see no need to configure ip route for IP pool addresses ;-)

Identical configuration except isdn caller screening and bandwidth on demand configured for Dialer1 works perfectly on another router.
Few hours later I have been notified, that internet access does not work anymore. I'm really concerned about router's health.



0
 
LVL 27

Author Comment

by:davorin
ID: 6205336
Finally I got router here and when I tried to dial in I got the message :

Memory Protection Violation:
    epc  =0x0045FCC0, location of fault
    eva  =0x0270E???, read fault address
    error=0x00000082, illegal address
    pti  =0x0000170E
    pte  =0x002CD104


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x0045FEB0, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0xFFFFF100


WARNING!  Illegal read access

Memory Protection Violation:
    epc  =0x00248624, location of fault
    eva  =0x00000???, read fault address
    error=0x00000082, illegal address
    pti  =0x00000000
    pte  =0x02102100

It seems like there something wrong with memory.
Any ideas?
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 79

Expert Comment

by:lrmoore
ID: 6206194
Looks like your flash SIMM is bad.
Check:
http://www.add-tech.com 
for best prices.

Or open TAC case with serial number of the router. Do you have SmartNet maint?
0
 
LVL 27

Author Comment

by:davorin
ID: 6297102
Untill now I had no time to "play" with router.
Now I had upgraded IOS and Memory Protection Violation error disapeared.
Also I have copied working config from another router and anything seems to work right.

Just another thing is a little bit confusing me: If the router is connected to normal ISDN line (BRI) dial in works fine, if it is connected to centrex, dial in password is rejected?! At the moment I dont have another router to try the same thing, but I think that this is telephony problem.

Irmoore, thanx again for your help.
0
 
LVL 27

Author Comment

by:davorin
ID: 6297108
This comment has not directly solved my problem, but it has some usefull info.

Thanx
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question