Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISDN connects automatically

24 REPLIES
VIP Purple

Re: ISDN connects automatically

Hello,

can you post the configuration of the ISDN router that connects automatically ? It could be a routing protocol (like OSPF) causing interesting traffic to bring up the link...hard to say. Do a debug dialer events to see what causes the link to come up.

Regards,

Georg

New Member

Re: ISDN connects automatically

sorry for not posting the config. here is the config

hostname immexrtr

!

enable secret 5 $1$XqtN$nedhsBKJzE6/WLNI6ETMe0

!

ip subnet-zero

!

no ip domain-lookup

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 192.168.10.110 255.255.255.0

ip nat inside

no cdp enable

interface BRI0

no ip address

encapsulation ppp

no keepalive

dialer pool-member 1

isdn switch-type basic-net3

no fair-queue

no cdp enable

ppp authentication pap callin

!

interface Dialer1

description CONNECTION TO INTERNET

ip address negotiated

ip nat outside

encapsulation ppp

no keepalive

dialer pool 1

dialer idle-timeout 5

dialer string xxxxxx

dialer hold-queue 90

dialer-group 1

no fair-queue

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxx password xxxxxxx

!

ip nat inside source list 100 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 100 permit ip any any

dialer-list 1 protocol ip permit

no cdp run

!

Re: ISDN connects automatically

With this coniguration, any IP packet routed to dialer interface will trigger. Are you sure there's no incoming traffic to e0?

New Member

Re: ISDN connects automatically

yes, i am sure, since i have a firewall connected behind it and the pc has the gateway of the firewall. so when they connect to their browser, the router connects. but when the browser is closed, even then the line comes up automatically, i mean to say since there is no internet activity ther should be no traffic.

Is there any way to stop this situation. since our internet access is very expensive

the firewall config is below :

nterface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxx

passwd xxx

hostname immexfw

domain-name immexcourier.com

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

mtu outside 1500

mtu inside 1500

ip address outside 192.168.10.250 255.255.255.0

ip address inside 192.168.0.251 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 192.168.10.110 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.0.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

elnet 192.168.0.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

Cryptochecksum:xxxxx

immexfw#

Re: ISDN connects automatically

If your main traffic for the internet is web, you can try to use a more specific dialer-list. For example

dialer-list 1 protocol ip list 101

access-list 101 permit tcp any any eq www

This way you can understand whether another type of traffic is triggering the dialer or not.

Regards.

New Member

Re: ISDN connects automatically

my main trafic will be web and mails from exchange

so what will be my access-list for web and mails

so shall i change my

access-list 100 permit ip any any

dialer-list 1 protocol ip permit

thanks

Re: ISDN connects automatically

You can use dialer-list above for test or (I'm assuming excgange server is at your site) extend the accesslist

access-list 101 permit tcp any any eq www

access-list 101 permit ip host X.X.X.X any

X.X.X.X:Your exchange server.

With this ACL, any traffic to a port 80 or any traffic originating from your exchange server will trigger the dialer.

Regards.

New Member

Re: ISDN connects automatically

now my access list has become

ccess-list 100 permit ip any any

access-list 101 permit tcp any any eq www

access-list 101 permit ip host 192.168.0.250 any

dialer-list 1 protocol ip permit

is it right ?

if i change

dialer-list 1 protocol ip list 101

my router disconnects & doesnt comeup even if i try to browse the net.

Re: ISDN connects automatically

dialer-list statement certainly should be changed, this way you can differentiate the interesting traffic. Apply dialer-list 1 protocol ip list 101 and use "debug dialer events" and "debug dialer packets" commands to monitor dialer activities. You can send output of these debugs.

Regards.

New Member

Re: ISDN connects automatically

ok i change the dialer-list statement. As soon as i did my internet connection disconnected and router is not comming up. i am pasting the debug

01:19:16: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.6), 68 bytes, outgoing unin

teresting (list 101)

01:19:17: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.6), 68 bytes, outgoing unin

teresting (list 101)

01:19:19: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.6), 68 bytes, outgoing unin

teresting (list 101)

01:19:21: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.6), 68 bytes, outgoing unin

teresting (list 101)

01:19:21: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.7), 68 bytes, outgoing unin

teresting (list 101)

01:19:22: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.7), 68 bytes, outgoing unin

teresting (list 101)

01:19:24: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.7), 68 bytes, outgoing unin

teresting (list 101)

01:19:25: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.6), 68 bytes, outgoing unin

teresting (list 101)

01:19:26: Di1 DDR: ip (s=192.168.10.250, d=194.170.1.7), 68 bytes, outgoing unin

teresting (list 101)

Re: ISDN connects automatically

Are these destinations (194.170.1.6 and 7) web destinations? I can't connect port 80 of them (Or do you know what application is running on these hosts?). Have you got debugs for a web destination?

New Member

Re: ISDN connects automatically

194.170.1.6 & 7 are the dns of the ISP. We normally connects the internet through proxy. http://proxy1.emirates.net.ae

but things work fine if i say

dailer list 1 protocol ip permit

Re: ISDN connects automatically

You're right, i hadn't thought about DNS. Let's modify the ACL:

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq www

access-list 101 permit ip X.X.X.X any

Could you try?

Best Regards.

New Member

Re: ISDN connects automatically

Still not working

my access-list is now

access-list 101 permit tcp any any eq www

access-list 101 permit ip host 192.168.0.250 any

access-list 101 permit tcp any any eq domain

dialer-list 1 protocol ip list 101

debug output is

4:32:07: Di1 DDR: ip (s=192.168.10.250, d=195.229.240.67), 48 bytes, outgoing u

ninteresting (list 101)

04:32:14: Di1 DDR: ip (s=192.168.10.250, d=195.229.240.67), 48 bytes, outgoing u

ninteresting (list 101)

04:32:24: Di1 DDR: ip (s=192.168.10.250, d=195.229.240.67), 48 bytes, outgoing u

ninteresting (list 101)

04:32:28: Di1 DDR: ip (s=192.168.10.250, d=195.229.240.67), 48 bytes, outgoing u

ninteresting (list 101)

04:32:32: Di1 DDR: ip (s=217.165.5.152, d=195.229.240.67), 241 bytes, outgoing u

ninteresting (list 101)

04:32:34: Di1 DDR: ip (s=192.168.10.250, d=195.229.240.67), 48 bytes, outgoing u

ninteresting (list 101)

Re: ISDN connects automatically

Do you reach port 80 of this www proxy? Or any other port? And what is 195.229.240.67?

Regards.

New Member

Re: ISDN connects automatically

i can reach the web with the proxy mention. about the ip 195.229.240.67 i have no idea.

is it so diffcult to setup the router for interested traffic

Re: ISDN connects automatically

I feel really stuck, because we couldn't identify your interesting traffic. When you check in Internet Explorer (supposing you use this ) tools->internet options->connections->LAN settings->proxy server what address/name and port do you see?

Regards.

New Member

Re: ISDN connects automatically

the proxy server is proxy1.emirates.net.ae on port 8080

One more thing i want to highlight that even if i remove the firewall from the network,(it means router is disconnected from the network) i can see some activity on the router channels TXD & RXD. and ISDN doesnt disconnect even after set idle-timeout i.e 60s

Is that firewall is sending some traffic ?

any configuration is required in firewall also ?

i hope this will help.

Re: ISDN connects automatically

Hi, Let's modify ACL:

access-list 101 permit tcp any any eq 8080

access-list 101 permit ip host 192.168.0.250 any

access-list 101 permit tcp any any eq domain

dialer-list 1 protocol ip list 101

Dialer won't disconnect with the old dialer-list 1 protocol ip permit configuration because with this, any ip packet will be counted as interesting traffic.

Regards.

New Member

Re: ISDN connects automatically

hi,

i changed the ACL,

access-list 100 permit ip any any

access-list 101 permit tcp any any eq domain

access-list 101 permit tcp any any eq 8080

access-list 101 permit ip host 192.168.0.250 any

dialer-list 1 protocol ip list 101

but as soon as i put

dialer-list 1 protocol ip list 101

the bri0 shuts down & doesnt comeup

Re: ISDN connects automatically

Sorry but I can't find any more solution. You can try to capture traffic inbound the router i nterface or outbound the PIX using a sniffer or a free tool like ethereal, maybe this way you can determine your interesting traffic more accurately.

Good luck.

New Member

Re: ISDN connects automatically

hi

this might help

when i change the dialer-list to 101 the bri goes down & this is the debug command for dialer events

14:51:22: BR0:1 DDR: idle timeout

14:51:22: BR0:1 DDR: disconnecting call

14:51:22: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 4004444 dxbmmp

, call lasted 1496 seconds

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:22: Di1 DDR: No bundle in dialer_fsm_up

14:51:95415384114: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

14:51:94491146244: BR0 DDR: has total 0 call(s), dial_out 0, dial_in 0

14:51:94491053587: BR0:1 DDR: disconnecting call

14:51:94489281195: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

14:51:22: BR0:1 DDR: disconnecting call

14:51:23: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to down

when i change dialer-list to 100 instead of 101, the bri comes up and the debug result is

BR0 DDR: rotor dialout [priority]

14:52:39: BR0 DDR: Dialing cause ip (s=192.168.10.250, d=188.104.209.252)

14:52:39: BR0 DDR: Attempting to dial 4004444

14:52:171798691840: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

14:52:171807073788: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

14:52:46: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4004444

14:52:210453397504: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from 4004

444 , call lasted 9 seconds

14:52:210453397504: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down

14:52:210455263236: BR0 DDR: has total 0 call(s), dial_out 0, dial_in 0

14:52:210455170579: BR0:1 DDR: disconnecting call

14:52:210453398187: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di1

14:52:210503729152: DDR: Call disconnected, 3 packets unqueued and discarded

14:52:49: BR0:1 DDR: disconnecting call

14:52:49: BR0 DDR: rotor dialout [priority]

14:52:49: BR0 DDR: Dialing cause ip (s=192.168.10.250, d=24.106.68.255)

14:52:49: BR0 DDR: Attempting to dial 4004444

14:52:219043332096: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

14:52:219051714044: %DIALER-6-BIND: Interface BR0:1 bound to profile Di1

14:52:52: BR0:1 DDR: dialer protocol up

14:52:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0:1, changed state

to up

14:52:57: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to 4004444 dxbmmp

Re: ISDN connects automatically

Sorry, I'm really stuck. I can't produce any more solutions. We couldn't determine your interesting traffic. If you wat, you can use a sniffer or a free tool like ethereal to capture traffic between the PIX and the router, maybe this helps.

Regards and good luck and happy new year.

New Member

Re: ISDN connects automatically

when you think about extended ACL for domain, alwasy think about both TCP and UDP

so you access-list should include UDP

hope to help

148
Views
4
Helpful
24
Replies
CreatePlease login to create content