Hi Nilesh,
I will try, but the remote router is a production box in a remote location, and I *don't* want to have to drive out to reload the box. :-)
The entire router config is below.
My experience is that the dialer watch doesn't appear to hit the access-list at all, but a manual attempt to initiate dialing works perfectly, failing during the "off" hours.
please contact me at cisco@brucemacdougall.ca if you wish to discuss.
Bruce
R3#wr t
Building configuration...
Current configuration : 3682 bytes
!
! Last configuration change at 23:32:44 AST Tue Apr 1 2003
! NVRAM config last updated at 23:33:25 AST Tue Apr 1 2003
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname R3
!
logging buffered 10000 debugging
logging rate-limit console 10 except errors
enable secret ....
!
username R0 password ...
memory-size iomem 25
clock timezone AST -4
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
no ip domain-lookup
ip dhcp excluded-address 10.122.228.0 10.122.228.15
!
ip dhcp pool dpool
network 10.122.228.0 255.255.255.0
default-router 10.122.228.1
dns-server 192.168.1.10
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
no ip dhcp-client network-discovery
chat-script Dialit ABORT ERROR ABORT BUSY "" "AT" OK "ATDT \T" TIMEOUT 45 CONNEC
T \c
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key
!
!
crypto ipsec transform-set vpn1 esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map CMAP local-address Ethernet0
crypto map CMAP 10 ipsec-isakmp
set peer
set transform-set vpn1
match address 101
!
!
!
!
interface Loopback1
ip address 10.2.228.1 255.255.255.0
ip nat inside
!
interface Tunnel0
bandwidth 1000
ip address 10.3.3.3 255.255.255.0
ip nat inside
ip ospf cost 5
tunnel source Loopback1
tunnel destination 10.2.225.1
crypto map CMAP
!
interface Ethernet0
ip address dhcp
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map CMAP
!
interface FastEthernet0
ip address 10.122.228.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
!
interface Async5
ip address 10.1.228.2 255.255.255.0
ip nat inside
encapsulation ppp
no ip route-cache
ip ospf network point-to-point
ip ospf cost 65000
no ip mroute-cache
dialer in-band
dialer map ip 10.9.8.0 name R0 broadcast 1number
dialer map ip 10.1.228.1 name R0 broadcast 1number
dialer watch-group 129
dialer-group 1
async default routing
async mode interactive
ppp authentication chap
!
router ospf 100
log-adjacency-changes
network 10.1.228.0 0.0.0.255 area 0
network 10.3.3.0 0.0.0.255 area 0
network 10.122.228.0 0.0.0.255 area 0
!
ip nat pool natpool 10.122.228.16 10.122.228.254 netmask 255.255.255.0
ip nat inside source list 50 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
access-list 50 deny 10.122.228.0 0.0.0.15
access-list 50 permit 10.122.228.0 0.0.0.255
access-list 101 permit ip host 10.2.228.1 host 10.2.225.1
access-list 110 deny ospf any any
access-list 110 permit ip any any
access-list 111 deny ospf any any
access-list 111 permit ip any any log time-range DIALBK
dialer watch-list 129 ip 10.9.8.0 255.255.255.0
dialer-list 1 protocol ip list 111
!
!
!
line con 0
exec-timeout 0 0
escape-character 88
line aux 0
script dialer Dialit
modem InOut
modem autoconfigure discovery
transport input all
autoselect ppp
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
password ....
login
line vty 5 15
login
!
no scheduler allocate
ntp clock-period 17168727
ntp peer 192.5.41.41
time-range DIALBK
periodic Monday 7:00 to 19:00
periodic Tuesday 7:00 to 19:00
periodic Wednesday 7:00 to 19:00
periodic Friday 7:00 to 22:00
periodic Saturday 7:00 to 19:00
periodic Thursday 7:00 to 19:00
!
end
