Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Loosing Route to Remote Client (Take 2)

This relates to two prior posts of mine below. I was asked to provide my configuration and I just got around to cleaning it up. I have included the configuration of my access server at the bottom of this post. Passwords are blanked out and IP addresses have been changed for security reasons.

Once again any assistance is greatly appreciated.

Loosing Route to Remote Client

Dec 3, 2001, 8:22am Pacific

I have more details in relation to a prior problem I posted that nobody responded to (below). Hopefully these new details will help to diagnose my problem.

The 2509-RJ Access Server is dropping the route to the Remote Client exactly 2 minutes after the Windows Dial-Up Networking client connects and the route to it is added. Once again if someone could help me discover what is causing this I would appreciate it.

Thanks,

Kevin

---Original Message---

Can't maintain TCP/IP communications with Windows Dial-Up Networking client

Nov 30, 2001, 2:03pm Pacific

I am setting up a Cisco 2509-RJ to provide Dial-In access for Remote Windows Dial-Up Networking Clients. So far the client can connect, authenticate retrieve a DHCP IP address, DNS, and WINS settings, and even utilize TCP/IP network resources for almost exactly 2 minutes. However once those two minutes are up all TCP/IP communications fail. The modem remains connected and the client still registers sending and recieving bytes with the Access Server until I force it to disconnect.

I haven't discovered any timeout settings on my client or server that are set at 2 minutes. If anyone has an idea as to what might be causing this I would appreciate some guidance.

---Access Server Configuration---

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ACCESSRV1

!

aaa new-model

aaa authentication login default local

aaa authentication ppp default if-needed local

aaa authorization exec default local

aaa authorization network default local

enable password 7 ###############

!

username RemoteDDR1 password 7 ###############

username DIALUSER password 7 ###############

ip subnet-zero

ip dhcp-server 172.16.145.3

async-bootp subnet-mask 255.255.255.0

async-bootp dns-server 172.16.146.1 172.16.147.4

async-bootp nbns-server 172.16.145.3

chat-script dialnum ABORT ERROR ABORT BUSY ABORT "NO ANSWER" "" "ATDT\T" TIMEOUT

60 CONNECT \c

!

!

process-max-time 200

!

interface Ethernet0

description connected to office LAN

ip address 172.16.164.80 255.255.255.0

no ip directed-broadcast

no keepalive

!

interface Serial0

no ip address

no ip directed-broadcast

shutdown

!

interface group-async1

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

dialer in-band

dialer rotary-group 1

async default routing

async mode interactive

peer default ip address dhcp

group-range 1 2

!

interface group-async2

no ip address

no ip directed-broadcast

shutdown

group-range 3 8

!

interface Dialer1

ip unnumbered Ethernet0

no ip directed-broadcast

encapsulation ppp

ip tcp header-compression passive

dialer in-band

dialer wait-for-carrier-time 60

dialer map ip 10.1.1.1 name RemoteDDR1 modem-script dialnum 915558675309

dialer hold-queue 10

dialer-group 1

peer default ip address dhcp

pulse-time 10

no cdp enable

ppp authentication chap

!

ip default-gateway 172.16.145.1

ip http server

ip classless

ip route 172.16.0.0 255.255.0.0 172.16.145.0

ip route 10.1.1.0 255.255.255.0 10.1.1.1

ip route 10.1.1.1 255.255.255.255 Dialer1

!

access-list 100 permit tcp any any eq telnet

access-list 100 deny ip any any

dialer-list 1 protocol ip list 100

!

line con 0

exec-timeout 0 0

transport input none

line 1 2

exec-timeout 0 0

autoselect during-login

autoselect ppp

modem InOut

modem autoconfigure discovery

rotary 1

transport input all

stopbits 1

speed 57600

flowcontrol hardware

line 3 8

line aux 0

line vty 0 4

exec-timeout 0 0

!

end

4 REPLIES

Re: Loosing Route to Remote Client (Take 2)

Often times complex troubleshooting issues are best addressed in an interactive trouble-shooting session with one of our trained technical assistance engineers. While other forum users may be able to help, it’s often difficult to do so for this type of issue.

To utilize the resources at our Technical Assistance Center, please visit http://www.cisco.com/tac and to open a case with one of our TAC engineers, visit http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

New Member

Re: Loosing Route to Remote Client (Take 2)

Try simplifing your config. Also you have dialer rotary-group 1 in your interface group-async1 config. If you are letting people dial in, I don't believe you want the router to dial out on that same line. You might try setting the modem and not using autoconfig, adjusting the speed to 36400 and not using async mode interactive. Set it to dedicated. Also why do you need to all routing updates out this interface, async default routing?

New Member

Re: Loosing Route to Remote Client (Take 2)

The problem is the dialer-list is pointing to an acl that only permits telnet traffic as interesting. Do your users have constant telnet sessions going?

access-list 100 permit tcp any any eq telnet

access-list 100 deny ip any any

dialer-list 1 protocol ip list 100

Just for grins configure "dialer-list 1 protocol ip permit" and see if they can stay connected for longer times while passing other interesting traffic(debug dialer packet).

Josh

New Member

Re: Loosing Route to Remote Client (Take 2)

Hi Thanks all for replying.

The reasons for the complications and access-list is that I am looking to have remote users be able to dial-in and use the same modems to perform dial-on-demand routing to customer extranets.

I have actually resolved the issue. It had an overlapping static route set that was causing the problem. Dial-in in using local autentication is working just fine. Now if only I could get the IAS Radius server on NT 4.0 Option Pack 4 to work I'd be a happy man. But that's another issue.

86
Views
0
Helpful
4
Replies