[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Dialer ADSL ppoe connection

Posted on 2007-10-14
9
Medium Priority
?
1,307 Views
Last Modified: 2009-05-15
My expertise in Cisco routers is limited. I have Cisco router 2651XM which use to be connected to a adsl modem until it got reset by power outages. I uploaded the IOS and configured router to its original settings but for six months I have being able to make router connect to internet at all. The connections are the following:
ISP_ADSL_modem to Cisco 2651XM connected to F0/1 using PPPoE using pap to Cisco 2950 to workstations.

I am using SDM to configured router but most of the time I use hyperterminal. I am not sure why router does not dial ISP or how to fix it. Can someone help me this problem? I am including a copy of my current configuration with some excluded information.


!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname DMI-FW_RTR
!
boot-start-marker
boot system flash:c2600-adventerprisek9-mz.124-3.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 informational
logging console critical
enable password 7 (DELETED)
!
!
resource policy
!
aaa new-model
!
!
aaa authentication login default group radius
aaa authentication login if_needed local
aaa authentication login both group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization exec both local
!
aaa session-id common
clock timezone Jordan 2
no network-clock-participate slot 1
no network-clock-participate wic 0
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name dmi.mil.jo
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip auth-proxy inactivity-timer 10
ip auth-proxy name list_a http inactivity-time 10
ip admission inactivity-timer 10
ip ips notify SDEE
ip ssh time-out 60
ip ssh authentication-retries 2
ip reflexive-list timeout 120
vpdn enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3069597685
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3069597685
 revocation-check none
 rsakeypair TP-self-signed-3069597685
!
!
crypto pki certificate chain TP-self-signed-3069597685
 certificate self-signed 01
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
  quit
username admin privilege 2 password 7 (DELETED)
username dmiadmins privilege 15 password 7 (DELETED)
username administrator privilege 15 secret 5 (DELETED)
!
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description Internal DMI Interface
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no ip mroute-cache
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/0.240
 description Link to DMI Core Black Router$FW_INSIDE$
 encapsulation dot1Q 240
 ip address 192.168.255.241 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip inspect myfw in
 ip virtual-reassembly
 no ip mroute-cache
 no snmp trap link-status
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 description External Internet Interface$ETH-WAN$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable
 pppoe-client dial-pool-number 1
 no mop enabled
!
interface Serial0/1
 no ip address
 shutdown
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group InBoundFilters in
 ip access-group OutBoundFilters out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username (DELETED)@wanadoo-adsl password 7 (DELETED)
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.0.0 255.255.0.0 192.168.255.246
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list NATClients interface Dialer1 overload
!
ip access-list standard NATClients
 remark Anything Matching this Access List Will be NATed and allowed to pass to the Internet
 remark SDM_ACL Category=18
 permit 192.168.0.1
 permit 192.168.0.2
 permit 192.168.0.251
 permit 192.168.0.253
 permit 192.168.0.200
 permit 192.168.0.151
!
ip access-list extended InBoundFilters
 remark This is the INBOUND Internet Traffic ACL
 remark .
 remark Blocks all Private IP Ranges
 deny   ip 192.168.0.0 0.0.255.255 any log-input
 deny   ip 172.16.0.0 0.15.255.255 any log-input
 deny   ip 10.0.0.0 0.255.255.255 any log-input
 remark .
 remark Blocks all Microsoft NetBios Traffice
 deny   udp any any eq netbios-ns log-input
 deny   udp any any eq netbios-dgm log-input
 deny   udp any any eq netbios-ss log-input
 remark .
 remark Below statements evaluate all Dynamic ACL entries for outgoing traffic
 evaluate tcptraffic
 evaluate udptraffic
 evaluate icmptraffic
 deny   ip any any log-input
ip access-list extended OutBoundFilters
 remark This is the OUTBOUND Internet Traffic ACL
 remark .
 remark Blocks all Private IP Ranges
 deny   ip 192.168.0.0 0.0.255.255 any log-input
 deny   ip 172.16.0.0 0.15.255.255 any log-input
 deny   ip 10.0.0.0 0.255.255.255 any log-input
 remark .
 remark Blocks all Microsoft NetBios Traffice
 deny   udp any any eq netbios-ns log-input
 deny   udp any any eq netbios-dgm log-input
 deny   udp any any eq netbios-ss log-input
 remark .
 remark Below statements create Dynamic ACL entries for outgoing traffic
 permit tcp any any reflect tcptraffic
 permit udp any any reflect udptraffic
 permit icmp any any reflect icmptraffic
ip access-list extended test
!
logging trap debugging
logging source-interface FastEthernet0/0.240
logging 192.168.0.253
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.255.240 0.0.0.15 any
access-list 100 remark IDN Mangement Workstation
access-list 100 permit ip host 192.168.0.253 any
access-list 100 remark IDN Mangement Workstation
access-list 100 permit ip host 192.168.0.252 any
access-list 100 remark IDN Mangement Workstation
access-list 100 permit ip host 192.168.0.251 any
access-list 100 permit ip host 192.168.0.200 any
access-list 100 deny   ip any any log
access-list 100 remark 45 New Email Server for other network
dialer-list 1 protocol ip permit
snmp-server community idn RO
snmp-server enable traps tty
no cdp run
!
!
tftp-server system
radius-server host 192.168.0.253 auth-port 1645 acct-port 1646
radius-server key 7 (DELETED)
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
 login authentication both
 transport output telnet
 escape-character 3
line aux 0
 transport output telnet
line vty 0 4
 access-class 100 in
 password 7 (DELETED)
 logging synchronous
 login authentication both
 transport input telnet ssh
 escape-character 3
!
scheduler allocate 4000 1000
ntp clock-period 17212596
ntp server 192.168.254.0
!
end
0
Comment
Question by:fernandezalex
  • 5
  • 4
9 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 20074032
Start by removing the outbound filter

interface Dialer1
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group InBoundFilters in
 ip access-group OutBoundFilters out  <== remove this

0
 

Author Comment

by:fernandezalex
ID: 20074078
Ok sounds good could explain why? I will give it a try I will let you know if it works.
0
 

Author Comment

by:fernandezalex
ID: 20074281
Ok I removed OutBoundFilters out but still no luck.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 2000 total points
ID: 20074655
Now try removing the inbound filter. Don't worry, you are still protected by NAT until we get this resolved.
I'm thinking that you are not allowing the dhcp packets out or in, even with the evaluate commands.
If removing all filters gets you an IP address and a connection, then we can work on better filter rules.
0
 

Author Comment

by:fernandezalex
ID: 20074848
ok done but no luck still
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 2000 total points
ID: 20074987
Can you try debug ppp?
From telnet session, don't forget to issue term mon command or you won't see any of it.
You might get a clue from the debug session.
0
 

Author Comment

by:fernandezalex
ID: 20112290
Ok I finally got around to this evil router!!    I read the error bu the funny thing I am not using chap but pap why is it showing like I am using it?

Here is the debug errors:

DMI-FW_RTR#
000150: *Jan 20 09:21:50.817 Jordan: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state
to up
DMI-FW_RTR#
000151: *Jan 20 09:21:59.065 Jordan: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
000152: *Jan 20 09:21:59.065 Jordan: Vi1 PPP: Phase is DOWN, Setup
000153: *Jan 20 09:21:59.065 Jordan: Vi1 PPP: Using dialer call direction
000154: *Jan 20 09:21:59.069 Jordan: Vi1 PPP: Treating connection as a callout
000155: *Jan 20 09:21:59.069 Jordan: Vi1 PPP: Session handle[49000032] Session id[0]
000156: *Jan 20 09:21:59.069 Jordan: Vi1 PPP: Phase is ESTABLISHING, Active Open
000157: *Jan 20 09:21:59.069 Jordan: Vi1 PPP: Authorization NOT required
000158: *Jan 20 09:21:59.069 Jordan: Vi1 PPP: No remote authentication for call-out
000159: *Jan 20 09:21:59.069 Jordan: Vi1 LCP: O CONFREQ [Closed] id 1 len 10
000160: *Jan 20 09:21:59.073 Jordan: Vi1 LCP:    MagicNumber 0x1A89CA1A (0x05061A89CA1A)
000161: *Jan 20 09:21:59.073 Jordan: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
000162: *Jan 20 09:21:59.073 Jordan: Vi1 DDR: Dialer statechange to up
000163: *Jan 20 0
DMI-FW_RTR#9:21:59.205 Jordan: Vi1 LCP: I CONFREQ [REQsent] id 194 len 19
000164: *Jan 20 09:21:59.205 Jordan: Vi1 LCP:    MRU 1492 (0x010405D4)
000165: *Jan 20 09:21:59.205 Jordan: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
000166: *Jan 20 09:21:59.205 Jordan: Vi1 LCP:    MagicNumber 0x7D27B32E (0x05067D27B32E)
000167: *Jan 20 09:21:59.205 Jordan: Vi1 LCP: O CONFNAK [REQsent] id 194 len 8
000168: *Jan 20 09:21:59.209 Jordan: Vi1 LCP:    MRU 1500 (0x010405DC)
000169: *Jan 20 09:21:59.209 Jordan: Vi1 LCP: I CONFACK [REQsent] id 1 len 10
000170: *Jan 20 09:21:59.209 Jordan: Vi1 LCP:    MagicNumber 0x1A89CA1A (0x05061A89CA1A)
000171: *Jan 20 09:21:59.217 Jordan: Vi1 LCP: I CONFREQ [ACKrcvd] id 195 len 19
000172: *Jan 20 09:21:59.217 Jordan: Vi1 LCP:    MRU 1500 (0x010405DC)
000173: *Jan 20 09:21:59.217 Jordan: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
000174: *Jan 20 09:21:59.221 Jordan: Vi1 LCP:    MagicNumber 0x7D27B32E (0x05067D27B32E)
000175: *Jan 20 09:21:59.221 Jordan: Vi1 LCP: O CONFACK [ACKrcvd] id 195 len 19
000176: *Jan 20 09:21:59.221 Jordan: Vi1 LCP:    MRU 1500 (0x010405DC)
000177: *Jan 20 09:21:59.221 Jordan: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
000178: *Jan 20 09:21:59.221 Jordan: Vi1 LCP:    MagicNumber 0x7D27B32E (0x05067D27B32E)
000179: *Jan 20 09:21:59.221 Jordan: Vi1 LCP: State is Open
000180: *Jan 20 09:21:59.221 Jordan: Vi1 PPP: Phase is AUTHENTICATING, by the peer
000181: *Jan 20 09:21:59.233 Jordan: Vi1 CHAP: I CHALLENGE id 1 len 29 from "BAS1-ABN"
000182: *Jan 20 09:21:59.233 Jordan: Vi1 CHAP: Unable to authenticate for peer
000183: *Jan 20 09:21:59.237 Jordan: Vi1 PPP: Sending Acct Event[Down] id[16]
000184: *Jan 20 09:21:59.237 Jordan: Vi1 PPP: Phase is TERMINATING
000185: *Jan 20 09:21:59.237 Jordan: Vi1 LCP: O TERMREQ [Open] id 2 len 4
000186: *Jan 20 09:22:01.249 Jordan: Vi1 LCP: TIMEout: State TERMsent
000187: *Jan 20 09:22:01.249 Jordan: Vi1 LCP: O TERMREQ [TERMsent] id 3 len 4
000188: *Jan 20 09:22:01.261 Jordan: Vi1 LCP: I TERMREQ [TERMsent] id 196 len 4
000189: *Jan 20 09:22:01.261 Jordan: Vi1 LCP: O TERMACK [TERMsent] id 196 len 4
000190: *Jan 20 09:22:01.261 Jordan: Vi1 LCP: I TERMACK [TERMsent] id 3 len 4
000191: *Jan 20 09:22:01.261 Jordan: Vi1 LCP: State is Closed
000192: *Jan 20 09:22:01.261 Jordan: Vi1 PPP: Phase is DOWN
000193: *Jan 20 09:22:01.265 Jordan: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1
000194: *Jan 20 09:22:01.269 Jordan: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down
DMI-FW_RTR#
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 2000 total points
ID: 20112520
Looks like their end is challenging with CHAP and you are only using PAP.
Try changing your end to chap
0
 

Author Comment

by:fernandezalex
ID: 20647097
The router I was working was ruined due to power problems so I can not resolve this issue unitl I get a new one sometime this year (2008)
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question