Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
148
Views
0
Helpful
1
Replies

How do I set the idle-timeout on a dial in connection to a 3620?

admin_2
Level 3
Level 3

‎06-26-2002 02:16 PM - edited ‎03-01-2019 10:54 PM

We have remote pc's dialing into our

internal network via a 3620 over a T1. We are having a problem where

software on the pc's is continually

attempting to make a connection to some

internet site to check for updates or

something of the sort. This traffic is

causing the idle timer to get reset and

as a result these calls never time out.

We have had calls stay on idling for

over 4 hours. I have set an access list

on both incoming and outgoing traffic

that only permits traffic bound to/from

addresses on our network. But I cannot

find the right configuration to keep

these unsolicited traffic from resetting

the idle-timer. Here are some snippets

from our config -

interface Group-Async1

ip unnumbered FastEthernet0/0

ip access-group 101 in

ip access-group 102 out

no ip directed-broadcast

encapsulation ppp

no ip route-cache

no ip mroute-cache

dialer in-band

dialer idle-timeout 600 either

dialer-group 1

async default routing

async mode interactive

peer default ip address pool dialup

fair-queue 64 16 0

no cdp enable

ppp authentication chap

group-range 33 56

hold-queue 60 in

....

access-list 101 permit ip any 172.0.0.0 0.255.255.255

access-list 101 permit ip any 10.0.0.0 0.255.255.255

access-list 101 deny ip any any log-input

access-list 102 deny icmp host 172.25.11.11 any log

access-list 102 deny icmp host 172.16.1.2 any log

access-list 102 permit ip 172.0.0.0 0.255.255.255 any

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip any any log

dialer-list 1 protocol ip list 101

...line 33 56

session-timeout 15

logout-warning 180

autoselect during-login

autoselect ppp

absolute-timeout 480

session-disconnect-warning 15

modem InOut

modem autoconfigure type GFB

transport input all

We are at IOS 12.0(7)T

Labels:
0 Helpful
1 Reply 1

Not applicable

‎06-26-2002 02:16 PM

Make sure you understand that if you

don't care where the remotes connect

to, but you don't want that traffic to

be considered interesting (reset the idle

timer), then you only need specify this

with an access-list associated with the

dialer-list. If you don't want that

traffic to be allowed at all in the first

place, then you should simply use an

inbound access-list on the ingress

interface.

For interesting traffic, you are permitting

any source, dest 172.0.0.0 or 10.0.0.0.

"debug dialer packet" would show you

what dialer packets there are, and whether

they are interesting or not. "sh dialer"

would show you the state of the idle timer

(you should see that go to 0 if there is

no interesting traffic). And the logged

access-lists should also show where the

hits are.

Your config looks OK, assuming that all

the interesting traffic is destined to

172.0.0.0 or 10.0.0.0. If the idle timer

is still not resetting a call, this may be

a bug. I would then suggest you try

upgrading to latest 12.1 code.

0 Helpful
Customers Also Viewed These Support Documents