01-12-2011 10:18 AM
I have an AS5300 with a PRI and two remote 1841 routers with ISDN BRI connections. When I force one remote (router A) to dial the AS5300 it connects and passes data. If I force the second remote (Router B) to dial it will also connect and will pass data, but Router A no longer receives data. The responces for Router A are going to Router B. If I drop the call for Router B, Router A starts working again.
Any ideas what I am doing wrong?
01-12-2011 10:48 PM
Could be an ip address overlap between Router A and B.
regards,
Leo
01-13-2011 09:38 AM
The AS5300 interface Dialer1 is 172.25.255.1/24
Router A interface Dialer1 is 172.25.255.32/24
Router interface Dialer1 is 172.25.255.56/24
Below is the config of the three devices. un needed information has been removed.
AS5300
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname BACKUP
!
boot-start-marker
boot bootstrap bootflash:c5300-boot-mz.122-11.T6.bin
boot system flash c5300-is-mz.123-19.bin
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
spe 1/0 1/7
firmware location flash:mica-modem-pw.2.9.4.0.bin
spe 2/0 2/7
firmware location flash:mica-modem-pw.2.9.4.0.bin
!
!
resource-pool disable
clock timezone CST -6
clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
!
modem call-record terse
modem recovery maintenance window 90
modem recovery maintenance action drop-call
modem recovery maintenance time 2:00
modem recovery maintenance stop-time 4:00
modem recovery maintenance max-download 5
modem recovery threshold 5
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login no_tacacs line
aaa authentication ppp default group tacacs+
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
ip subnet-zero
!
ip address-pool local
!
isdn switch-type primary-4ess
isdn voice-call-failure 0
isdn logging
modemcap entry mica-2510:MSC=&F&D2S32=3S34=12000S40=10S52=1
modemcap entry mica-2720:MSC=&F&D2S34=18000S40=10S54=172
modemcap entry mica-rec:MSC=&F&D2S0=0S62=8S34=18000S40=10S10=50
modemcap entry mica-v90:MSC=&F&D2S0=0S29=6S21=3S34=18000S40=10S10=50
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
username cw2000 privilege 15 password 7xxxxxxxxxxxxxxx
username isdn_test password 7 xxxxxxxxxxxxxxxxx
username 12162009 password 7 xxxxxxxxxxxxxxxx
!
!
controller T1 0
shutdown
framing esf
linecode b8zs
pri-group timeslots 1-24
!
controller T1 1
shutdown
framing esf
clock source line secondary 1
linecode b8zs
pri-group timeslots 1-24
!
controller T1 2
framing esf
clock source line primary
linecode b8zs
pri-group timeslots 1-24
description ATT ISDN
!
controller T1 3
framing esf
clock source line secondary 1
linecode b8zs
pri-group timeslots 1-24
description MCI ISDN
!
!
interface Loopback0
ip address 172.25.254.129 255.255.255.128
!
interface Ethernet0
ip address 192.168.250.11 255.255.255.0
no ip mroute-cache
!
interface Serial0
no ip address
no ip mroute-cache
shutdown
clock rate 2015232
no fair-queue
!
interface Serial1
no ip address
no ip mroute-cache
shutdown
clock rate 2015232
no fair-queue
!
interface Serial2
no ip address
no ip mroute-cache
clock rate 2015232
no fair-queue
!
interface Serial3
no ip address
no ip mroute-cache
clock rate 2015232
no fair-queue
!
interface Serial0:23
no ip address
encapsulation ppp
shutdown
dialer idle-timeout 1800
dialer-group 1
isdn switch-type primary-dms100
isdn incoming-voice modem
no fair-queue
ppp authentication ms-chap chap pap
ppp multilink
!
interface Serial1:23
no ip address
encapsulation ppp
shutdown
dialer idle-timeout 1800
dialer-group 1
isdn switch-type primary-dms100
isdn incoming-voice modem
no fair-queue
ppp authentication ms-chap chap pap
ppp multilink
!
interface Serial2:23
description Verivon
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type primary-4ess
isdn incoming-voice modem
no peer default ip address
no fair-queue
ppp authentication chap
!
interface Serial3:23
description Quest
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type primary-4ess
isdn incoming-voice modem
no peer default ip address
no fair-queue
ppp authentication chap
!
interface FastEthernet0
ip address 192.168.100.100 255.255.255.0
no ip mroute-cache
shutdown
duplex full
speed 100
!
interface Group-Async1
ip unnumbered Loopback0
ip access-group 100 in
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
dialer in-band
dialer idle-timeout 180
dialer-group 1
async mode interactive
peer default ip address pool default
ppp authentication chap pap
group-range 1 96
!
interface Dialer0
bandwidth 15
ip address 172.25.255.1 255.255.255.0
encapsulation ppp
no ip mroute-cache
delay 2510
dialer pool 1
dialer idle-timeout 120 either
dialer-group 5
no peer default ip address
no fair-queue
ppp authentication chap
!
interface Dialer1
no ip address
no cdp enable
!
router odr
!
ip local pool default 172.25.254.130 172.25.254.254
ip classless
ip route 5.3.1.1 255.255.255.255 192.168.250.254
ip route 10.25.129.1 255.255.255.255 192.168.250.230
ip route 10.100.1.3 255.255.255.255 192.168.250.230
ip route 10.101.1.3 255.255.255.255 192.168.250.230
ip route 10.102.1.3 255.255.255.255 192.168.250.230
ip route 10.103.1.3 255.255.255.255 192.168.250.230
ip route 172.19.1.32 255.255.255.240 172.25.255.28
ip route 172.19.1.48 255.255.255.240 172.25.255.31
ip route 172.19.1.64 255.255.255.224 172.25.255.31
ip route 172.19.1.96 255.255.255.240 172.25.255.31
ip route 172.19.1.112 255.255.255.240 172.25.255.32
ip route 172.19.1.144 255.255.255.240 172.25.255.31
ip route 172.19.1.160 255.255.255.224 172.25.255.42
ip route 172.19.2.0 255.255.255.240 172.25.255.42
ip route 172.19.2.16 255.255.255.240 172.25.255.28
ip route 172.19.2.32 255.255.255.224 172.25.255.31
ip route 172.19.2.96 255.255.255.224 172.25.255.31
ip route 172.19.3.0 255.255.255.0 172.25.255.31
ip route 172.19.4.32 255.255.255.224 172.25.254.133
ip route 172.19.27.128 255.255.255.192 172.25.255.18
ip route 172.19.27.128 255.255.255.192 172.25.255.36
ip route 172.19.28.0 255.255.255.224 172.25.255.28
ip route 172.19.28.32 255.255.255.224 172.25.255.56
ip route 172.19.28.64 255.255.255.224 172.25.255.16
ip route 172.19.28.96 255.255.255.224 172.25.255.32
ip route 172.19.28.160 255.255.255.224 172.25.255.60
ip route 172.19.28.192 255.255.255.224 172.25.255.10
ip route 172.19.29.0 255.255.255.192 172.25.255.42
ip route 172.19.30.0 255.255.255.128 172.25.255.17
ip route 172.19.30.160 255.255.255.224 172.25.254.131
ip route 172.19.30.192 255.255.255.192 172.25.255.48
ip route 172.19.31.160 255.255.255.224 172.25.255.131
ip route 172.19.32.32 255.255.255.224 172.25.254.133
ip route 172.19.32.64 255.255.255.224 172.25.255.35
ip route 172.19.32.128 255.255.255.240 172.25.255.52
ip route 172.19.36.0 255.255.255.128 172.25.255.55
ip route 172.20.1.0 255.255.255.0 192.168.250.230
ip route 172.20.2.1 255.255.255.255 192.168.250.230
ip route 172.25.0.14 255.255.255.255 172.25.255.14
ip route 172.25.0.82 255.255.255.255 172.25.255.37
ip route 172.25.0.90 255.255.255.255 172.25.255.38
ip route 172.25.0.98 255.255.255.255 172.25.255.40
ip route 172.25.40.67 255.255.255.255 192.168.250.51
ip route 172.25.106.6 255.255.255.255 172.25.255.24
ip route 172.25.118.26 255.255.255.255 172.25.255.16
ip route 172.25.118.34 255.255.255.255 172.25.255.21
ip route 172.25.118.50 255.255.255.255 172.25.255.52
ip route 172.25.118.54 255.255.255.255 172.25.255.39
ip route 172.25.160.161 255.255.255.255 172.25.255.21
ip route 172.26.128.0 255.255.255.248 172.25.255.11
ip route 172.26.128.48 255.255.255.248 172.25.255.27
ip route 172.26.128.144 255.255.255.248 172.25.255.29
ip route 172.26.129.65 255.255.255.255 172.25.255.34
ip route 172.26.130.1 255.255.255.255 172.25.255.29
ip route 172.26.130.33 255.255.255.255 172.25.255.20
ip route 172.26.152.10 255.255.255.255 172.25.255.41
ip route 172.26.156.144 255.255.255.248 172.25.255.41
ip route 172.26.251.254 255.255.255.255 192.168.250.230
ip route 172.27.1.0 255.255.255.240 172.25.255.10
ip route 172.27.1.16 255.255.255.240 172.25.255.12
ip route 172.27.1.80 255.255.255.240 172.25.255.48
ip route 172.27.1.96 255.255.255.240 172.25.255.48
ip route 172.27.16.0 255.255.255.240 172.25.255.31
ip route 172.27.21.64 255.255.255.252 192.168.250.230
ip route 172.27.21.65 255.255.255.255 172.25.255.52
ip route 172.27.21.66 255.255.255.255 172.25.255.52
ip route 172.27.21.67 255.255.255.255 172.25.255.52
ip route 172.27.128.0 255.255.255.248 172.25.255.11
ip route 172.27.128.33 255.255.255.255 172.25.255.14
ip route 172.27.128.48 255.255.255.248 172.25.255.27
ip route 172.27.128.57 255.255.255.255 172.25.255.12
ip route 172.27.128.120 255.255.255.248 172.25.255.23
ip route 172.27.128.144 255.255.255.248 172.25.255.29
ip route 172.27.128.153 255.255.255.255 172.25.255.10
ip route 172.27.128.192 255.255.255.248 172.25.255.30
ip route 172.27.128.200 255.255.255.248 172.25.255.32
ip route 172.27.128.208 255.255.255.248 172.25.255.31
ip route 172.27.129.1 255.255.255.255 172.25.255.33
ip route 172.27.129.3 255.255.255.255 172.25.255.33
ip route 172.27.129.8 255.255.255.248 172.25.255.43
ip route 172.27.129.25 255.255.255.255 172.25.254.54
ip route 172.27.129.25 255.255.255.255 172.25.255.54
ip route 172.27.129.41 255.255.255.255 172.25.255.35
ip route 172.27.129.56 255.255.255.248 172.25.255.46
ip route 172.27.129.65 255.255.255.255 172.25.255.34
ip route 172.27.129.71 255.255.255.255 172.25.255.34
ip route 172.27.129.89 255.255.255.255 172.25.255.52
ip route 172.27.129.129 255.255.255.255 172.25.255.40
ip route 172.27.129.130 255.255.255.255 172.25.255.40
ip route 172.27.129.145 255.255.255.255 172.25.255.38
ip route 172.27.129.161 255.255.255.255 172.25.255.37
ip route 172.27.129.200 255.255.255.248 172.25.255.42
ip route 172.27.129.224 255.255.255.248 172.25.254.131
ip route 172.27.130.1 255.255.255.255 172.25.255.29
ip route 172.27.130.9 255.255.255.255 172.25.255.30
ip route 172.27.130.17 255.255.255.255 172.25.255.40
ip route 172.27.130.33 255.255.255.255 172.25.254.133
ip route 172.27.130.49 255.255.255.255 172.25.255.57
ip route 172.27.130.129 255.255.255.255 172.25.255.18
ip route 172.27.148.1 255.255.255.255 172.25.255.22
ip route 172.27.152.0 255.255.255.248 172.25.255.19
ip route 172.27.152.8 255.255.255.248 172.25.255.54
ip route 172.27.152.16 255.255.255.248 172.25.255.24
ip route 172.27.152.33 255.255.255.255 172.25.255.56
ip route 172.27.156.32 255.255.255.248 172.25.255.44
ip route 172.27.156.80 255.255.255.248 172.25.255.26
ip route 172.27.156.104 255.255.255.255 172.25.255.51
ip route 172.27.156.105 255.255.255.255 172.25.255.13
ip route 172.27.156.144 255.255.255.248 172.25.255.41
ip route 172.27.156.200 255.255.255.248 172.25.255.36
ip route 172.27.156.217 255.255.255.255 172.25.255.48
ip route 172.27.156.247 255.255.255.255 172.25.255.27
ip route 172.27.157.9 255.255.255.255 172.25.255.39
ip route 172.27.157.25 255.255.255.255 172.25.255.25
ip route 172.27.157.105 255.255.255.255 172.25.255.55
ip route 172.27.157.177 255.255.255.255 172.25.255.60
ip route 192.168.60.0 255.255.255.0 192.168.250.230
ip route 192.168.120.0 255.255.255.0 192.168.250.254
ip route 192.168.121.0 255.255.255.0 192.168.250.254
ip route 192.168.130.0 255.255.255.0 192.168.250.254
ip route 192.168.170.125 255.255.255.255 192.168.250.230
ip route 192.168.192.0 255.255.255.0 192.168.250.254
ip route 192.168.200.19 255.255.255.255 192.168.250.230
ip route 192.168.200.33 255.255.255.255 192.168.250.230
ip route 192.168.200.45 255.255.255.255 192.168.250.254
ip route 192.168.200.66 255.255.255.255 192.168.250.254
ip route 192.168.248.144 255.255.255.248 192.168.250.230
ip route 192.168.250.0 255.255.255.0 192.168.250.230
ip route 192.168.255.240 255.255.255.240 172.25.255.10
no ip http server
!
!
logging 192.168.200.140
logging 192.168.250.209
access-list 4 permit 192.168.250.209
access-list 4 permit 192.168.250.1
access-list 4 permit 192.168.192.8 0.0.0.3
access-list 4 permit 192.168.192.64 0.0.0.15
access-list 4 permit 192.168.130.0 0.0.0.255
access-list 4 permit 192.168.120.0 0.0.0.255
access-list 4 permit 192.168.121.0 0.0.0.255
access-list 4 deny any log
access-list 6 deny any log
access-list 7 permit 192.168.250.209
access-list 7 permit 192.168.200.33
access-list 7 permit 192.168.120.150
access-list 7 permit 192.168.250.1
access-list 7 deny any log
access-list 20 deny any
access-list 100 permit tcp 172.27.1.0 0.0.0.31 host 192.168.250.220 range 7500 7999
access-list 100 permit tcp 172.27.128.0 0.0.31.255 host 192.168.60.33 range 7000 7199
access-list 100 deny tcp any any eq bgp
access-list 100 deny tcp any eq bgp any
access-list 100 permit tcp 172.27.0.0 0.0.255.255 host 192.168.250.220 established
access-list 100 permit tcp 172.27.0.0 0.0.255.255 host 10.101.1.3 established
access-list 100 permit tcp 172.27.0.0 0.0.255.255 host 192.168.60.33
access-list 100 permit tcp 172.26.0.0 0.0.31.255 host 10.103.1.3 range 8000 9000
access-list 100 permit tcp 172.27.128.0 0.0.31.255 host 192.168.250.220 range 7000 7199
access-list 100 permit tcp 172.27.128.0 0.0.31.255 host 10.101.1.3 range 7000 7199
access-list 100 permit tcp host 172.19.36.10 host 192.168.60.32 eq 10103
access-list 100 permit tcp host 172.19.36.16 host 192.168.60.32 eq 10303
access-list 100 permit tcp 172.19.0.0 0.0.255.255 host 192.168.250.220 range 7500 7999
access-list 100 permit tcp 172.19.0.0 0.0.255.255 host 192.168.250.220 range 10000 10599
access-list 100 permit tcp 172.19.0.0 0.0.255.255 host 10.101.1.3 range 7500 7999
access-list 100 permit tcp 172.19.0.0 0.0.255.255 host 10.101.1.3 range 10000 10399
access-list 100 permit tcp 172.25.0.0 0.0.255.255 host 172.20.1.1 eq 2065
access-list 100 permit tcp 172.25.0.0 0.0.255.255 host 172.20.2.1 eq 2065
access-list 100 deny icmp host 192.168.250.1 172.25.254.0 0.0.0.255
access-list 100 deny icmp host 192.168.250.1 172.25.255.0 0.0.0.255
access-list 100 permit tcp 172.25.0.0 0.0.255.255 172.20.1.0 0.0.0.63 eq 1976
access-list 100 permit tcp 172.25.0.0 0.0.255.255 eq 1976 172.20.1.0 0.0.0.63
access-list 100 permit tcp 172.19.0.0 0.0.63.255 172.20.1.60 0.0.0.3 eq 1976
access-list 100 permit tcp 172.19.0.0 0.0.63.255 eq 1976 172.20.1.60 0.0.0.3
access-list 100 permit tcp any 192.168.248.144 0.0.0.7 eq 2065
access-list 100 permit tcp any 192.168.150.144 0.0.0.7 eq 2065
access-list 100 permit tcp any eq 2065 192.168.248.144 0.0.0.7 established
access-list 100 permit tcp any eq 2065 192.168.150.144 0.0.0.7 established
access-list 100 permit tcp 172.27.128.0 0.0.31.255 host 192.168.170.125 range ftp-data 22
access-list 100 permit tcp host 172.19.30.126 host 172.20.1.6
access-list 100 permit tcp any eq telnet any established
access-list 100 permit icmp any any
access-list 100 permit icmp 172.25.255.0 0.0.0.255 any echo
access-list 100 permit icmp 172.19.0.0 0.0.255.255 any
access-list 100 permit icmp 172.25.254.0 0.0.0.255 any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit ip any host 192.168.250.1
access-list 100 permit ip any host 192.168.250.209
access-list 100 permit tcp 172.26.0.0 0.0.255.255 host 10.103.1.3 established
access-list 100 permit tcp 172.19.4.0 0.0.0.255 172.20.1.60 0.0.0.3 eq 1976
access-list 100 permit tcp 172.19.4.0 0.0.0.255 eq 1976 172.20.1.60 0.0.0.3
access-list 100 permit tcp 172.19.4.0 0.0.0.255 192.168.248.144 0.0.0.7 eq 2065
access-list 100 permit tcp 172.19.4.0 0.0.0.255 eq 2065 192.168.248.144 0.0.0.7
access-list 100 permit tcp 172.19.4.0 0.0.0.255 host 192.168.250.220 range 7500 7999
access-list 100 permit tcp 172.19.4.0 0.0.0.255 host 192.168.250.220 range 10000 11999
access-list 100 permit tcp 172.19.0.0 0.0.255.255 host 192.168.250.220 range 10000 11999
access-list 100 permit icmp 172.19.3.0 0.0.0.255 host 192.168.200.33 echo-reply
access-list 100 permit tcp 172.19.3.0 0.0.0.255 172.20.1.60 0.0.0.3
access-list 100 permit tcp host 172.26.152.10 host 10.103.1.3 eq 8040
access-list 100 permit ip host 172.27.129.130 host 172.20.1.1
access-list 100 permit ip host 172.27.129.130 host 172.20.2.1
access-list 100 permit tcp host 172.27.129.130 host 172.20.1.35
access-list 100 permit tcp host 172.27.129.65 host 192.168.250.220 eq 7239
access-list 100 deny ip any any log
access-list 125 permit ip any any log
dialer-list 1 protocol ip permit
dialer-list 5 protocol ip permit
no cdp log mismatch duplex
cdp timer 125
cdp holdtime 255
no cdp run
!
tacacs-server host 192.168.200.45 single-connection
tacacs-server host 192.168.200.66 single-connection
tacacs-server directed-request
tacacs-server key 7 xxxxxxxxxxxxxxxx
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
password 7 xxxxxxxxxxxxxxxx
login authentication no_tacacs
transport preferred none
line 1 96
session-timeout 30
modem InOut
modem autoconfigure type mica-v90
transport input telnet
transport output none
autoselect ppp
line aux 0
password 7 xxxxxxxxxxxxxxxxxxxxx
login authentication no_tacacs
line vty 0 4
access-class 4 in
password 7 xxxxxxxxxxxxxxxxxxxxx
transport preferred none
!
ntp clock-period 17180090
ntp server 172.20.1.101
ntp server 172.20.1.100
end
version 12.3
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
no service password-recovery
no service dhcp
!
hostname DPC207
!
boot-start-marker
boot-end-marker
!
logging buffered 10000 debugging
no logging console
enable secret level 10 5 xxxxxxxxxxxxxxxxx
enable secret 5 xxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxx
!
username BACKUP password 7 xxxxxxxxxxxxxxxx
username ibmlog01 privilege 10 secret 5 xxxxxxxxxxxxxxxxx
username Johnston secret 5 xxxxxxxxxxxxxxxx
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
no ip domain lookup
!
no ip bootp server
ip audit po max-events 100
!
isdn switch-type basic-ni
!
!
class-map match-all online
match access-group 110
class-map match-all batch
match access-group 111
!
!
policy-map percentages
class online
bandwidth percent 50
set dscp af31
class batch
bandwidth percent 25
set dscp af21
class class-default
fair-queue
set dscp default
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set shazam1 esp-3des
mode transport
!
crypto ipsec profile Securebank
set transform-set shazam1
!
!
!
interface Tunnel1
bandwidth 128
ip address 172.19.28.97 255.255.255.224
ip access-group 125 in
no ip redirects
ip mtu 1420
ip nhrp authentication logmein
ip nhrp map multicast dynamic
ip nhrp network-id 6700
ip nhrp holdtime 900
delay 1000
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel key 6700
tunnel protection ipsec profile Securebank shared
!
interface Ethernet0/0
ip address 10.1.1.249 255.255.0.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
full-duplex
no cdp enable
!
interface Serial0/0
no ip address
ip nat inside
encapsulation frame-relay IETF
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type cisco
!
interface Serial0/0.100 point-to-point
ip address 152.161.185.34 255.255.255.252
ip nat inside
no cdp enable
frame-relay interface-dlci 700
class one
!
interface BRI0/0
no ip address
ip nat inside
encapsulation ppp
dialer pool-member 10
isdn switch-type basic-ni
isdn spid1 xxxxxxxxxx0101
isdn spid2 xxxxxxxxxx0101
no keepalive
no cdp enable
ppp multilink
!
interface Dialer1
ip address 172.25.255.32 255.255.255.0
ip nat inside
encapsulation ppp
dialer pool 10
dialer remote-name BACKUP
dialer idle-timeout 120 either
dialer fast-idle 10
dialer string 1888xxxxxxx class SHAZAM_DBU
dialer string 1888xxxxxxx class SHAZAM_DBU
dialer-group 5
no cdp enable
ppp authentication chap
!
router bgp 64621
no synchronization
bgp log-neighbor-changes
network 152.161.185.32 mask 255.255.255.252
network 172.19.28.96 mask 255.255.255.224
network 172.26.128.201 mask 255.255.255.255
network 172.27.128.201 mask 255.255.255.255
neighbor 152.161.185.33 remote-as 65000
distribute-list 8 in
no auto-summary
!
ip nat inside source static 10.103.1.3 172.17.255.4
ip nat inside source static 192.168.60.33 172.17.255.5
ip nat outside source static 10.1.1.7 172.27.128.201
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 152.161.185.33
ip route 0.0.0.0 0.0.0.0 172.25.255.1 200
ip route 10.1.1.198 255.255.255.255 10.1.1.254
ip route 10.1.1.253 255.255.255.255 10.1.1.254
ip route 10.2.1.253 255.255.255.255 10.1.1.254
ip route 10.3.1.253 255.255.255.255 10.1.1.254
ip route 10.5.1.253 255.255.255.255 10.1.1.254
ip route 10.6.1.253 255.255.255.255 10.1.1.254
ip route 10.7.1.253 255.255.255.255 10.1.1.254
ip route 10.7.1.254 255.255.255.255 10.1.1.254
ip route 10.8.1.253 255.255.255.255 10.1.1.254
ip route 10.9.1.253 255.255.255.255 10.1.1.254
ip route 10.9.1.254 255.255.255.255 10.1.1.254
ip route 10.10.1.253 255.255.255.255 10.1.1.254
ip route 68.139.85.198 255.255.255.255 152.161.185.33
ip route 172.19.1.112 255.255.255.240 10.1.1.254
ip route 172.20.1.6 255.255.255.255 Dialer1
ip route 172.27.128.201 255.255.255.255 10.1.1.7
ip route 192.168.250.0 255.255.255.0 Dialer1 200
ip route 192.168.250.242 255.255.255.255 Dialer1
!
!
!
map-class frame-relay one
frame-relay adaptive-shaping becn
frame-relay cir 56000
frame-relay bc 8000
frame-relay mincir 28000
service-policy output percentages
!
map-class dialer BACKUP
logging trap notifications
logging source-interface Serial0/0.100
logging 192.168.250.209
access-list 6 deny any log
access-list 7 permit 192.168.250.209
access-list 7 permit 192.168.200.33
access-list 7 deny any log
access-list 8 permit 68.139.85.198
access-list 8 permit 10.101.1.3
access-list 8 permit 10.103.1.3
access-list 8 permit 192.168.200.33
access-list 8 permit 68.139.117.110
access-list 8 permit 192.168.250.0 0.0.0.255
access-list 8 permit 192.168.248.0 0.0.0.255
access-list 8 permit 192.168.150.144 0.0.0.7
access-list 8 permit 172.20.1.0 0.0.0.252
access-list 101 deny eigrp any any
access-list 101 permit ip any any
access-list 105 permit icmp any any
access-list 105 permit tcp host 10.1.1.7 host 172.17.255.5 eq 7032
access-list 105 permit gre any host 10.1.1.249
access-list 105 permit esp any host 10.1.1.249
access-list 105 permit udp any eq isakmp host 10.1.1.249 eq isakmp
access-list 105 permit tcp any eq 22 host 10.1.1.249 established
access-list 105 permit icmp any host 10.1.1.249 echo
access-list 105 permit icmp any host 10.1.1.249 echo-reply
access-list 105 deny tcp any any
access-list 105 deny udp any any
access-list 105 deny icmp any any
access-list 110 permit tcp any host 192.168.250.220
access-list 110 permit tcp any host 10.101.1.3
access-list 110 permit tcp any host 10.103.1.3
access-list 110 permit tcp any host 192.168.200.33
access-list 110 permit tcp any 192.168.248.144 0.0.0.7
access-list 110 permit tcp any 192.168.150.144 0.0.0.7
access-list 110 permit tcp any 172.20.1.60 0.0.0.3
access-list 110 permit tcp any host 192.168.60.33
access-list 110 permit tcp any host 192.168.60.32
access-list 111 permit tcp any host 192.168.172.14
access-list 111 permit tcp any host 192.168.170.125
access-list 111 permit tcp any host 10.100.1.3
access-list 111 permit tcp any host 10.104.1.3
access-list 125 permit ip 172.19.0.0 0.0.63.255 host 192.168.250.209
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 1976 172.20.1.60 0.0.0.3 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 172.20.1.60 0.0.0.3 eq 1976
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 2065 192.168.248.144 0.0.0.7 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 192.168.248.144 0.0.0.7 eq 2065
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 2065 192.168.150.144 0.0.0.7 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 192.168.150.144 0.0.0.7 eq 2065
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 172.20.1.1
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 172.20.2.1
access-list 125 permit tcp 172.19.0.0 0.0.255.255 host 10.101.1.3 range 7500 7999
access-list 125 permit tcp 172.19.0.0 0.0.255.255 host 192.168.250.220 range 7500 7999
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 192.168.250.1
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 192.168.200.33
access-list 125 permit ip 172.19.0.0 0.0.255.255 172.19.0.0 0.0.255.255
access-list 125 permit icmp 172.19.0.0 0.0.255.255 172.20.1.60 0.0.0.3 echo
access-list 125 deny ip any any log
dialer-list 5 protocol ip list 101
cdp timer 125
cdp holdtime 255
no cdp run
!
!
dial-peer cor custom
!
!
!
!
banner login ^C
NOTICE: This is a private network device. You must disconnect at
once if you are not an authorized user!
Actual or attempted use, access, examination, or configuration
change by an unauthorized person will result in criminal and civil
prosecution to the full extent of the law.
^C
privilege interface level 10 frame-relay interface-dlci
privilege interface level 10 frame-relay
privilege interface level 10 shutdown
privilege interface level 10 ip address
privilege interface level 10 ip
privilege interface level 10 no frame-relay interface-dlci
privilege interface level 10 no frame-relay
privilege interface level 10 no shutdown
privilege interface level 10 no ip address
privilege interface level 10 no ip
privilege interface level 10 no
privilege configure level 10 ip route
privilege configure level 10 interface
privilege configure level 10 ip
privilege configure level 10 no ip route
privilege configure level 10 no interface
privilege configure level 10 no ip
privilege configure level 10 no
privilege exec level 10 copy
privilege exec level 10 write erase
privilege exec level 10 write
privilege exec level 10 configure terminal
privilege exec level 10 configure
privilege exec level 10 no
!
line con 0
password 7 xxxxxxxxxxxxxxxxxx
activation-character 90
transport output none
line aux 0
password 7 xxxxxxxxxxxxxxxxx
activation-character 90
transport output none
line vty 0 4
exec-timeout 0 0
password 7 xxxxxxxxxxxx
transport output telnet ssh
!
!
end
version 12.4
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
no service password-recovery
no service dhcp
!
hostname DPC273
!
boot-start-marker
boot system flash flash:c1841-advipservicesk9-mz.124-25.bin
boot-end-marker
!
logging count
logging buffered 10000 debugging
no logging console
enable secret level 10 5 xxxxxxxxxxxxxxx
enable secret 5 xxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common
no ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name shazam.net
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
isdn switch-type basic-ni
!
username tempaccess privilege 10 secret 5 xxxxxxxxxxxx
username BACKUP password 7 xxxxxxxxxx
username ibmlog01 privilege 10 secret 5 xxxxxxxxxxxxx.
username Johnston secret 5 xxxxxxxxxxxxxx.
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set shazam1 esp-3des
mode transport
!
crypto ipsec profile Securebank
set transform-set shazam1
!
!
!
!
interface Tunnel1
ip address 172.19.28.33 255.255.255.224
ip access-group 125 in
no ip redirects
ip mtu 1420
ip nhrp authentication logmein
ip nhrp map multicast dynamic
ip nhrp network-id 6700
ip nhrp holdtime 900
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 6700
tunnel protection ipsec profile Securebank shared
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 172.29.129.1 255.255.255.240
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description "AT&T Frame"
bandwidth 56
no ip address
encapsulation frame-relay IETF
no fair-queue
!
interface Serial0/0/0.10 multipoint
ip address 10.25.106.14 255.255.255.252
ip nat inside
ip virtual-reassembly
frame-relay interface-dlci 16
!
interface BRI0/1/0
no ip address
ip nat inside
ip virtual-reassembly
encapsulation ppp
dialer pool-member 10
isdn switch-type basic-ni
isdn point-to-point-setup
isdn spid1 xxxxxxxxxx1111
isdn spid2 xxxxxxxxxx1111
no keepalive
no cdp enable
ppp multilink
!
interface Dialer1
ip address 172.25.255.56 255.255.255.0
ip nat inside
ip virtual-reassembly
encapsulation ppp
dialer pool 10
dialer remote-name BACKUP
dialer idle-timeout 120 either
dialer fast-idle 10
dialer string 1888xxxxxxx class SHAZAM_DBU
dialer string 1888xxxxxxx class SHAZAM_DBU
dialer-group 5
no cdp enable
ppp authentication chap
!
router eigrp 4
passive-interface FastEthernet0/0
passive-interface FastEthernet0/1
network 10.25.106.12 0.0.0.3
default-metric 56 100 255 255 1500
distribute-list 9 in
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.25.106.13
ip route 0.0.0.0 0.0.0.0 172.25.255.1 200
ip route 10.101.1.3 255.255.255.255 10.25.106.13
ip route 10.103.1.3 255.255.255.255 10.25.106.13
ip route 172.17.255.0 255.255.255.248 10.25.106.13
ip route 172.17.255.0 255.255.255.248 172.25.255.1 200
ip route 172.20.1.1 255.255.255.255 10.25.106.13
ip route 172.20.1.6 255.255.255.255 Dialer1
ip route 172.20.2.1 255.255.255.255 10.25.106.13
ip route 172.26.152.33 255.255.255.255 172.29.129.2
ip route 172.27.152.33 255.255.255.255 172.29.129.3
ip route 172.29.0.0 255.255.0.0 172.29.129.2
ip route 172.29.123.1 255.255.255.255 172.29.129.3
ip route 172.29.123.2 255.255.255.255 172.29.129.3
ip route 172.29.129.5 255.255.255.255 172.29.129.3
ip route 172.29.135.1 255.255.255.255 172.29.129.3
ip route 172.29.135.2 255.255.255.255 172.29.129.3
ip route 172.29.136.1 255.255.255.255 172.29.129.3
ip route 172.29.139.1 255.255.255.255 172.29.129.3
ip route 172.29.139.2 255.255.255.255 172.29.129.3
ip route 192.168.60.33 255.255.255.255 10.25.106.13
ip route 192.168.60.33 255.255.255.255 172.25.255.1 200
ip route 192.168.150.144 255.255.255.248 10.25.106.13
ip route 192.168.200.33 255.255.255.255 10.25.106.13
ip route 192.168.200.33 255.255.255.255 Dialer1 200
ip route 192.168.248.0 255.255.255.0 172.25.255.1 200
ip route 192.168.250.0 255.255.255.0 172.25.255.1 200
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static 10.103.1.3 172.17.255.4
ip nat inside source static 192.168.60.33 172.17.255.5
ip nat outside source static 172.29.129.3 172.27.152.33
!
!
map-class dialer BACKUP
logging source-interface Serial0/0/0.10
logging 192.168.250.209
access-list 4 permit 192.168.250.209
access-list 4 permit 172.25.255.1
access-list 4 permit 10.25.106.13
access-list 4 deny any log
access-list 7 permit 192.168.250.209
access-list 9 permit 10.103.1.3
access-list 9 permit 192.168.200.33
access-list 9 permit 172.20.1.61
access-list 9 permit 172.20.1.60
access-list 9 permit 172.20.1.63
access-list 9 permit 172.20.1.62
access-list 9 permit 192.168.250.0 0.0.0.255
access-list 9 permit 192.168.60.0 0.0.0.255
access-list 9 permit 192.168.248.0 0.0.0.255
access-list 9 deny any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 deny eigrp any any
access-list 101 permit ip any any
access-list 101 remark Access-list for dial on demand routing
access-list 105 permit tcp host 172.29.129.3 host 172.17.255.5 eq 7143
access-list 105 permit tcp host 172.29.129.3 host 172.17.255.4 eq 8143
access-list 105 permit esp any host 172.29.129.1
access-list 105 permit gre any host 172.29.129.1
access-list 105 permit udp any host 172.29.129.1 eq isakmp
access-list 105 permit tcp any eq 22 host 172.29.129.1 established
access-list 105 permit icmp 172.29.0.0 0.0.255.255 host 172.29.129.1 echo
access-list 105 permit icmp 172.29.0.0 0.0.255.255 host 172.29.129.1 echo-reply
access-list 105 deny tcp any any log
access-list 105 deny udp any any
access-list 105 deny icmp any any
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 1976 172.20.1.60 0.0.0.3 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 172.20.1.60 0.0.0.3 eq 1976
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 2065 192.168.248.144 0.0.0.7 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 192.168.248.144 0.0.0.7 eq 2065
access-list 125 permit tcp 172.19.0.0 0.0.255.255 eq 2065 192.168.150.144 0.0.0.7 established
access-list 125 permit tcp 172.19.0.0 0.0.255.255 192.168.150.144 0.0.0.7 eq 2065
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 172.20.1.1
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 172.20.2.1
access-list 125 permit tcp 172.19.0.0 0.0.255.255 host 10.101.1.3 range 7500 7999
access-list 125 permit tcp 172.19.0.0 0.0.255.255 host 192.168.250.220 range 7500 7999
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 192.168.250.1
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 192.168.250.209
access-list 125 permit ip 172.19.0.0 0.0.255.255 host 192.168.200.33
access-list 125 permit ip 172.19.0.0 0.0.255.255 172.19.0.0 0.0.255.255
access-list 125 permit icmp 172.19.0.0 0.0.255.255 172.20.1.60 0.0.0.3 echo
access-list 125 deny ip any any log
dialer-list 5 protocol ip list 101
no cdp run
!
!
!
control-plane
!
!
banner login ^C
NOTICE: This is a private network device. You must disconnect at
once if you are not an authorized user!
Actual or attempted use, access, examination, or configuration
change by an unauthorized person will result in criminal and civil
prosecution to the full extent of the law.
^C
privilege interface level 10 frame-relay interface-dlci
privilege interface level 10 frame-relay
privilege interface level 10 shutdown
privilege interface level 10 ip address
privilege interface level 10 ip
privilege interface level 10 no frame-relay interface-dlci
privilege interface level 10 no frame-relay
privilege interface level 10 no shutdown
privilege interface level 10 no ip address
privilege interface level 10 no ip
privilege interface level 10 no
privilege configure level 10 ip route
privilege configure level 10 interface
privilege configure level 10 ip
privilege configure level 10 no ip route
privilege configure level 10 no interface
privilege configure level 10 no ip
privilege configure level 10 no
privilege exec level 10 copy
privilege exec level 10 write erase
privilege exec level 10 write
privilege exec level 10 configure terminal
privilege exec level 10 configure
privilege exec level 10 no
!
line con 0
privilege level 10
password 7 xxxxxxxxxxxxxxx
activation-character 90
transport output none
line aux 0
exec-timeout 0 50
password 7 xxxxxxxxxxxxxxxxxxxxxxx
activation-character 90
no exec
transport output none
line vty 0 4
access-class 4 in
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxxx
transport input telnet ssh
transport output telnet ssh
line vty 5 15
access-class 4 in
password 7 xxxxxxxxxxxxx
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
end
01-13-2011 10:48 AM
The routes on the 5300 are not shown and I am also missing the lan interfaces on Rtr-A and Rtr-B.
Still any overlap is likely to be on the lan side but with the info provided, it is not possible to check this.
Why make it so difficult? Suspecting we are talking about private addresses anyway?
01-13-2011 12:05 PM
Sorry I have updated the above configs. Didn't think the additional info would be required. My testing I am just running a ping from each of the remote routers being logged in.
I appreciate the help.
01-13-2011 02:02 PM
Your config is way more complex than normal with a dial-up solution.
Can you please be a bit more specific about which traffic flows are having problems?
There is too much in there to fiddle it out or guess.
Perhaps there also are other connections between the sites? (MPLS, ...)
If so, I must also ask for a topology drawing showing how everything is connected.
Thank you.
01-13-2011 02:24 PM
That was whay I had posted the first config. All I would like to do is get into Router A and start a ping so my ping would be from 172.25.255.32 to 172.25.255.1 (AS5300 dialer interface). While this ping was running do the same from Router B (172.25.255.56 --> 172.25.255.1).
When I do this Router A stops getting responces from the AS5300, Router B is able to ping fine. If I run a "debug IP ICMP" on Router B I can see the responces for 255.32 and 255.56 comeing in.
If I have another router dial in Router A and B will stop and router C will be able to pass data. It blows me away. I can't figure out what I have wrong.
.
01-14-2011 12:43 AM
OK, that is a clear problem description.
The problem is in your config. You are using dialer strings on the AS5300.
In DDR, the next-hop ip must be mapped to the phone number or username to differentiate between destinations.
With only one connection, the traffic is sent over this connection by default.
However, when there is another incoming call with an identical username, the system has no means to distinguish between connections anymore.
Use differing username on RtrA and B. As an alternative, you can use dialer maps to allow multiple connections:
regards,
Leo
01-19-2011 01:28 PM
Thanks for your help. I now have it going. I added dialer interface
for each device dialing in an
d addressed each interface with a /30 address.
I just got 30 devices dialing in and passing data at the same time.
Thanks a bunch for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: