Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
335
Views
0
Helpful
5
Replies

Can any one Help!! ISDN interesting traffic

shoebwk
Level 1
Level 1

‎12-30-2003 05:05 AM - edited ‎03-02-2019 12:36 PM

Hi,

can any one help me controlling my ISDN router to Dial only for the interesting traffic.

I have the following access list below which doesnt work.

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq 8080

access-list 101 permit ip host 192.168.0.250 any

dialer-list 1 protocol ip list 101

and if i change the ACL to

access-list 100 permit ip any any

dialer-list 1 protocol ip permit.

things work fine but router is always on despite the command idle-timout 60

The PIX is connected to the router.

Even if i remove PIX from the network there is some traffic from the PIX that makes BRI0 always on.

The IP address as follows

PIX : E1=192.168.0.251 E0=192.168.10.250

ROuter : E0=192.168.10.110

Exchange Server : 192.168.0.250.

We connect to internet via proxy : proxy1.emirates.net.ae :8080

Below the debug output for the Dialer events

when i change the dialer-list to 101 the bri goes down & this is the debug command for dialer events

14:51:22: BR0:1 DDR: idle timeout

14:51:22: BR0:1 DDR: disconnecting call

14:51:22: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 4004444 dxbmmp

, call lasted 1496 seconds

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:95415384114: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

14:51:94491146244: BR0 DDR: has total 0 call(s), dial_out 0, dial_in 0

14:51:94491053587: BR0:1 DDR: disconnecting call

14:51:94489281195: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

14:51:22: BR0:1 DDR: disconnecting call

14:51:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to down

when i change dialer-list to 100 instead of 101, the bri comes up and the debug result is

BR0 DDR: rotor dialout [priority]

14:52:39: BR0 DDR: Dialing cause ip (s=192.168.10.250, d=188.104.209.252)

14:52:39: BR0 DDR: Attempting to dial 4004444

14:52:171798691840: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

14:52:171807073788: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

14:52:46: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4004444

14:52:210453397504: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 4004

444 , call lasted 9 seconds

14:52:210453397504: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

14:52:210455263236: BR0 DDR: has total 0 call(s), dial_out 0, dial_in 0

14:52:210455170579: BR0:1 DDR: disconnecting call

14:52:210453398187: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

14:52:210503729152: DDR: Call disconnected, 3 packets unqueued and discarded

14:52:49: BR0:1 DDR: disconnecting call

14:52:49: BR0 DDR: rotor dialout [priority]

14:52:49: BR0 DDR: Dialing cause ip (s=192.168.10.250, d=24.106.68.255)

14:52:49: BR0 DDR: Attempting to dial 4004444

14:52:219043332096: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

14:52:219051714044: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

14:52:52: BR0:1 DDR: dialer protocol up

14:52:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to up

14:52:57: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4004444 dxbmmp

Labels:
0 Helpful
5 Replies 5

akelkar
Level 1
Level 1

‎12-30-2003 05:47 AM

With the first ACL 101, only the statements that the 101 has defined will be interesting. If there is no interesting traffic, the call will drop after the idle timeout expires. In the second case, the ISDN stays up all the time since you have a dialer list that says to permit all ip (its not attached to an ACL even if you have it defined in there) Hence all ip traffic is interesting and the ISDN will stay up all the time. Idle timeout does not matter here cause all and any traffic is interesting.

0 Helpful

shoebwk
Level 1
Level 1
In response to akelkar

‎12-30-2003 11:55 PM

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq 8080

access-list 101 permit ip host 192.168.0.250 any

dialer-list 1 protocol ip list 101

The above ACL works fine if the router is directly connected to the switch. But if i connect a firewall then router doesnt comeup once disconnected.

0 Helpful

ashok_boin
Level 5
Level 5
In response to shoebwk

‎12-31-2003 01:34 AM

Hi,

Could you please give, what's your requirement, i mean which traffic you want to allow. Because now you are allowing only DNS,traffic to 8080 port and from your exchange server. And please tell me on which direction you are applying this ACL for BRI.

If it's not working after connecting PIX firewall, then the problem is router is not receiving any traffic from PIX. Please check PIX configuration.

Regards...

Ashok.


With best regards...
Ashok
0 Helpful

shoebwk
Level 1
Level 1
In response to ashok_boin

‎12-31-2003 04:31 AM

Things works fine when there is no ACL i.e

dialer-list 1 protocol ip permit.

So there is no point that router is not receiving traffic from the PIX. The problem only comes when i define ACL like for ex.

access-list 101 permit tcp any any eq www

access-list 101 permit ip host 192.168.0.250 any

dialer-list 1 protocol ip list 101

0 Helpful

deilert
Level 6
Level 6
In response to shoebwk

‎12-31-2003 08:21 AM

change the last line in acl 101 to

access-list 101 permit ip any any

or

access-list 101 permit ip any any log

the log keyword will give you SA & DA as well as the port they are connecting to .

0 Helpful
Customers Also Viewed These Support Documents