12-13-2001 07:11 AM - edited 03-01-2019 07:44 PM
This relates to two prior posts of mine below. I was asked to provide my configuration and I just got around to cleaning it up. I have included the configuration of my access server at the bottom of this post. Passwords are blanked out and IP addresses have been changed for security reasons.
Once again any assistance is greatly appreciated.
Loosing Route to Remote Client
Dec 3, 2001, 8:22am Pacific
I have more details in relation to a prior problem I posted that nobody responded to (below). Hopefully these new details will help to diagnose my problem.
The 2509-RJ Access Server is dropping the route to the Remote Client exactly 2 minutes after the Windows Dial-Up Networking client connects and the route to it is added. Once again if someone could help me discover what is causing this I would appreciate it.
Thanks,
Kevin
---Original Message---
Can't maintain TCP/IP communications with Windows Dial-Up Networking client
Nov 30, 2001, 2:03pm Pacific
I am setting up a Cisco 2509-RJ to provide Dial-In access for Remote Windows Dial-Up Networking Clients. So far the client can connect, authenticate retrieve a DHCP IP address, DNS, and WINS settings, and even utilize TCP/IP network resources for almost exactly 2 minutes. However once those two minutes are up all TCP/IP communications fail. The modem remains connected and the client still registers sending and recieving bytes with the Access Server until I force it to disconnect.
I haven't discovered any timeout settings on my client or server that are set at 2 minutes. If anyone has an idea as to what might be causing this I would appreciate some guidance.
---Access Server Configuration---
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ACCESSRV1
!
aaa new-model
aaa authentication login default local
aaa authentication ppp default if-needed local
aaa authorization exec default local
aaa authorization network default local
enable password 7 ###############
!
username RemoteDDR1 password 7 ###############
username DIALUSER password 7 ###############
ip subnet-zero
ip dhcp-server 172.16.145.3
async-bootp subnet-mask 255.255.255.0
async-bootp dns-server 172.16.146.1 172.16.147.4
async-bootp nbns-server 172.16.145.3
chat-script dialnum ABORT ERROR ABORT BUSY ABORT "NO ANSWER" "" "ATDT\T" TIMEOUT
60 CONNECT \c
!
!
process-max-time 200
!
interface Ethernet0
description connected to office LAN
ip address 172.16.164.80 255.255.255.0
no ip directed-broadcast
no keepalive
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface group-async1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
ip tcp header-compression passive
dialer in-band
dialer rotary-group 1
async default routing
async mode interactive
peer default ip address dhcp
group-range 1 2
!
interface group-async2
no ip address
no ip directed-broadcast
shutdown
group-range 3 8
!
interface Dialer1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
ip tcp header-compression passive
dialer in-band
dialer wait-for-carrier-time 60
dialer map ip 10.1.1.1 name RemoteDDR1 modem-script dialnum 915558675309
dialer hold-queue 10
dialer-group 1
peer default ip address dhcp
pulse-time 10
no cdp enable
ppp authentication chap
!
ip default-gateway 172.16.145.1
ip http server
ip classless
ip route 172.16.0.0 255.255.0.0 172.16.145.0
ip route 10.1.1.0 255.255.255.0 10.1.1.1
ip route 10.1.1.1 255.255.255.255 Dialer1
!
access-list 100 permit tcp any any eq telnet
access-list 100 deny ip any any
dialer-list 1 protocol ip list 100
!
line con 0
exec-timeout 0 0
transport input none
line 1 2
exec-timeout 0 0
autoselect during-login
autoselect ppp
modem InOut
modem autoconfigure discovery
rotary 1
transport input all
stopbits 1
speed 57600
flowcontrol hardware
line 3 8
line aux 0
line vty 0 4
exec-timeout 0 0
!
end
12-20-2001 02:31 PM
Often times complex troubleshooting issues are best addressed in an interactive trouble-shooting session with one of our trained technical assistance engineers. While other forum users may be able to help, its often difficult to do so for this type of issue.
To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
Thank you for posting.
12-27-2001 02:23 PM
Try simplifing your config. Also you have dialer rotary-group 1 in your interface group-async1 config. If you are letting people dial in, I don't believe you want the router to dial out on that same line. You might try setting the modem and not using autoconfig, adjusting the speed to 36400 and not using async mode interactive. Set it to dedicated. Also why do you need to all routing updates out this interface, async default routing?
12-30-2001 11:53 PM
The problem is the dialer-list is pointing to an acl that only permits telnet traffic as interesting. Do your users have constant telnet sessions going?
access-list 100 permit tcp any any eq telnet
access-list 100 deny ip any any
dialer-list 1 protocol ip list 100
Just for grins configure "dialer-list 1 protocol ip permit" and see if they can stay connected for longer times while passing other interesting traffic(debug dialer packet).
Josh
12-31-2001 09:19 AM
Hi Thanks all for replying.
The reasons for the complications and access-list is that I am looking to have remote users be able to dial-in and use the same modems to perform dial-on-demand routing to customer extranets.
I have actually resolved the issue. It had an overlapping static route set that was causing the problem. Dial-in in using local autentication is working just fine. Now if only I could get the IAS Radius server on NT 4.0 Option Pack 4 to work I'd be a happy man. But that's another issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide