Mark,

thanks for your reply. I've used your NAT suggestion but no the problem I find is that DDR is not being activated by IP traffic. Think this could be a routing issue but not sure, I've put my config below so if you or anyone else has any suggestions it would be greatly appreciated.

Slán

Paul

Config of Cisco 1700 Router;

sh run

Building configuration...

Current configuration : 1223 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CLI_WWW

!

enable secret 5 $1$L5gF$K18j4OvJ4j7/rU7ZMwLUU/

!

username paulk password 0 balally

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Loopback1

no ip address

!

interface BRI0

ip address 192.168.1.2 255.255.255.0

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

ppp authentication pap

ppp multilink

!

interface FastEthernet0

ip address 10.20.20.1 255.255.255.0

ip nat inside

speed 10

!

interface Serial0

no ip address

shutdown

no fair-queue

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer idle-timeout 300

dialer string 91891121121

dialer load-threshold 1 either

dialer-group 2

no cdp enable

ppp authentication pap

ppp multilink

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

!

!

access-list 1 permit 10.20.20.0 0.0.0.255

access-list 101 permit ip any any

dialer-list 2 protocol ip list 101

!

line con 0

password infinity

login

line aux 0

line vty 0 4

password 7 104A0616011B17

end

Paul,

Two things: your default static route needs to point to interface Dialer1 instead of to 192.168.1.1, and BRI0 should have no IP address.

Also, you have PPP authentication enabled. This means that after you dial in, and the far end authenticates you, you will authenticate the far end. I don't know if the far end will stand for that.

HTH

Mark

So to avoid that your router requests the remote to authenticate, add this:

interface Dialer1

ppp authentication pap callin

Also, you'll have to configure the username and password of your ISP account:

interface Dialer1

ppp pap sent-username password

hth

Herbert

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

All,

thanks for your interest and help. I'm not getting as far as activating the ISDN call. Say I try and ping an off net IP address say 192.168.1.1 this does not seem to activate "interesting traffic" from the access-list. Is there anything you can see worng with my access-lists or routing?

Thanks a mill

sh run

Building configuration...

Current configuration : 1223 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxxxxxxx

!

enable secret 5 xxxxxxxxxxxx

!

username xxxxxxxxxxxxxxx password 0 xxxxxxxxx

ip subnet-zero

!

isdn switch-type basic-net3

!

!

!

interface Loopback1

no ip address

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

!

interface FastEthernet0

ip address 10.20.20.1 255.255.255.0

ip nat inside

speed 10

!

interface Serial0

no ip address

shutdown

no fair-queue

!

interface Dialer1

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer idle-timeout 300

dialer string xxxxxxxxxx

dialer load-threshold 1 either

dialer-group 2

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxxxxx password xxxxxxxxxxxx

ppp multilink

!

ip nat inside source list 1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 1 permit 10.20.20.0 0.0.0.255

access-list 101 permit ip any any

dialer-list 2 protocol ip list 101

!

line con 0

password xxxxxxxxxxxxx

login

line aux 0

line vty 0 4

password 7 xxxxxxxxxxxxxxxx

end

I don't see anything wrong. I'd try some debugs:

debug dialer

debug ppp authentication

debug isdn q931

and then try the ping. See what the resulting messages indicate.

HTH

Mark

Your configuration looks fine. You should verify that your ISDN line is up "show isdn status". Make sure that your Layer 1 is active and that your layer 2 status is TEI assigned. If this check's out I would proceed with

debug isdn q931

debug ppp neg

debug dialer

Daniel

Lads,

I did a sh isdn status, Layer1 was active and Layer2 showed Multi-frame established but there was nothing for Layer3. Also I turned on the following debugs;

debug isdn q921

debug ppp neg

debug dialer

and performed the ping but nothing happened except that the ping timing out. a "show dialer" did not indicate a call to the number had been made nor did a "show isdn active". I'm a bit confused now. Thanks for your help though.

Does "debug isdn q921" give no output at all? That would mean there is a layer 2 problem since you should see periodic q921 messages. (You do have "terminal monitor" turned on I hope).

Furthermore, if your layer2 is ok then "debug isdn q921" will not show anything useful, so change that to "debug isdn q931".

Also "show isdn history" will include terminated calls (including failed calls) whereas "show isdn active" only shows currently active calls.

If all that doesn't learn you more, and if your router is not used for anything else, try "debug ip packet detail" to see what happens with your ping packets. DO NOT do this on a production router since it may produce so much output that the router can hang or crash.

hth

Herbert

Lads,

I got rid of the dialer interface and applied all the info to the BRI interface, also I didnt use the access-list 101 but instead used;

dialer-list 1 protocol ip permit

Once I did this it all worked i.e debug alarms came up and ISDN connected and the ISP assigned me an IP address. Thanks so much for all your help. Hope I can do the same some time.

regards

Paul