Dialup connection problems

Answered Question
Mar 25th, 2008
User Badges:

My setup:


I have a 2811 router with PVDM2-24DM and MN-1CE1T1-PRI modules installed and configured. There is a plain vanilla voice T1 (not PRI) so I am using PRI-to-CAS for my dialup users. The connection is for field users to dial in and gain access to the internet only. When they connect to the router they all use the same generic user.


Two problems:


1. The dialup connections timeout and automatically disconnect after 2 minutes. I have placed the command 'session-timeout 30 output' in the line 0/322 0/345 config and it didn't help. Do I need to put something in the group-async1 interface?


2. The dial-in users need to be able to access the internet and nothing on the inside LAN. Unfortunately this is a different need from what I was told originally so I'm in a bind. The router they are dialing into is actually my LAN gateway router and when they connect they can hit any IP on my internal LAN, but cannot get outside to the world. The router's default gateway points to my firewall but when I do a tracert on an outside world IP the traffic isn't getting sent to the firewall, it just dies. Tracert to any inside IP works fine. I need to figure out how to get them to the internet and then create an access-list that will prevent them from getting to the LAN.


I'm attaching a copy of my running-config. All help is appreciated.



Attachment: 
Correct Answer by Makarand Chitale about 9 years 2 months ago

Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.


The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).


Thanks, Mak

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
qbakies11 Tue, 03/25/2008 - 15:22
User Badges:

I have solved part of problem #2. I can now surf through the dialup connection. I forgot to add a route on the PIX pointing back to that subnet, DUH! I still need some kind of access-list though to keep users from accessing my LAN while still being able to use the internet.


Also the 2 minute disconnect issue is still present.

qbakies11 Wed, 03/26/2008 - 06:48
User Badges:

I have resolved this issue but can't find how to close this. Thanks.

Correct Answer
Makarand Chitale Wed, 03/26/2008 - 09:54
User Badges:
  • Cisco Employee,

Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.


The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).


Thanks, Mak

Actions

This Discussion