Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

configuring 501 behind 801 ISDN-dailup

hi,

I have the following config for my 801 ISDN (dialup). what would be my basic config for PIX 501 ?

hostname xxxxx

!

enable secret 5 XXXXX

!

username xxxxx password XXXXX

ip subnet-zero

!

no ip domain-lookup

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 192.168.0.241 255.255.255.0

ip nat inside

no ip route-cache

no cdp enable

!

interface BRI0

Description connected to the internet

no ip address

ip nat outside

encapsulation ppp

no ip route-cache

dialer pool-member 1

isdn switch-type basic-net3

no cdp enable

!

interface Dialer1

description CONNECTION TO INTERNET

ip address negotiated

ip nat outside

encapsulation ppp

no ip route-cache

no ip split-horizon

load-interval 30

dialer pool 1

dialer idle-timeout 300

dialer string xxxxxx

dialer hold-queue 10

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxx password xxxxxx

!

ip classless

no ip http server

!

!

no cdp run

!

line con 0

login

stopbits 1

line vty 0 4

password cisco

login

!

no rcapi server

!

!

end

I have also not added any route, on the router, i think it has to be on the pix, any help on basic pix config is appreciated

thanks & regards

sk

3 REPLIES
New Member

Re: configuring 501 behind 801 ISDN-dailup

Read the following URL for details on basic configuration of PIX firewall,

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b0.html

New Member

Re: configuring 501 behind 801 ISDN-dailup

Hello Everybody!

This is my routeur config:

ciradvxh#sho startup-config

Using 1953 out of 8046 bytes, uncompressed size = 3548 bytes

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service compress-config

!

hostname ciradvxh

!

boot system flash aaa0842.bin

no logging console

enable secret xxxxxxx

enable password xxx

!

username IPSGUAD password xxxxxxxxx!

!

!

!

!

ip subnet-zero

no ip source-route

!

ip inspect name fwr ftp

ip inspect name fwr h323

ip inspect name fwr realaudio

ip inspect name fwr smtp

ip inspect name fwr sqlnet

ip inspect name fwr streamworks

ip inspect name fwr tcp

ip inspect name fwr udp

no ip domain-lookup

no ip finger

isdn switch-type vn3

isdn tei-negotiation first-call

!

!

process-max-time 200

!

interface Ethernet0

description lan Cirad Vx Habitants

ip address 192.168.0.254 255.255.255.0

ip access-group 121 in

ip access-group 122 out

no ip directed-broadcast

ip nat inside

ip inspect fwr in

no cdp enable

!

interface BRI0

description Liaison NUMERIS

no ip address

no ip directed-broadcast

encapsulation ppp

dialer pool-member 1

dialer pool-member 2

dialer pool-member 3

isdn switch-type vn3

isdn send-alerting

no cdp enable

!

interface Dialer1

description MEDIASERV

ip address negotiated

ip access-group 123 out

no ip directed-broadcast

ip nat outside

ip inspect fwr out

encapsulation ppp

no ip route-cache

no ip split-horizon

dialer remote-name REGGAE

dialer idle-timeout 90

dialer string 00590326464

dialer caller 00590326464

dialer hold-queue 30

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username ciradvxh password 7 xxxxx

!

interface Dialer2

description connx SAV

ip address x.x.x 255.255.0.0

no ip directed-broadcast

encapsulation ppp

no ip split-horizon

dialer remote-name IPSGUAD

dialer idle-timeout 30

dialer string 00590894500

dialer caller 00596894500

dialer hold-queue 10

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication chap

!

interface Dialer3

description Neufchateau

ip address negotiated

ip access-group 123 out

no ip directed-broadcast

ip nat outside

encapsulation ppp

no ip route-cache

no ip split-horizon

dialer remote-name hpglp

dialer string 00590861785

dialer caller 00590861785

dialer hold-queue 30

dialer pool 3

dialer-group 3

ppp authentication pap chap

ppp pap sent-username pfo-vxh password xxx;

!

ip nat inside source list 121 interface Dialer1 overload

no ip http server

ip classless

no ip forward-protocol udp tftp

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 11.17.0.0 255.255.0.0 Dialer2

ip route 97.142.0.0 255.255.0.0 Dialer2

ip route 212.155.143.0 255.255.255.0 Dialer1

ip route 213.188.0.0 255.255.0.0 Dialer1

!

access-list 121 permit ip any any log

access-list 121 permit ip 192.168.0.0 0.0.255.255 any log

access-list 121 deny ip any any log

access-list 122 permit ip any any log

access-list 122 permit ip 97.142.1.0 0.0.0.255 any log

access-list 122 permit icmp any any log

access-list 122 deny ip any any log

access-list 123 permit ip any any log

access-list 123 deny udp any any eq netbios-ns

access-list 123 deny udp any any eq netbios-dgm

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

dialer-list 3 protocol ip permit

!

line con 0

exec-timeout 0 0

transport input none

stopbits 1

line vty 0 4

exec-timeout 60 0

password xxxx

login

!

end

We recently added a server gateaway. Our ISDN line automaticaly connects and i don't understand why! It was the same before we buy the server.

In French system, you pay each time it connects so, it's a problem for us. Can you help us please to understand what happend in this traffic. btw: i've got a routeur cisco 803, but the debug command only give me messages like this: Dial on demand packets/events debugging is on! So i can't know who connects and when!

Thanks for your cooperation.

New Member

Re: configuring 501 behind 801 ISDN-dailup

You need to configure inside ip with mask of your network, then an outside ip, and a default route to the lan adress of your ISDN router. You also need to change the ethernet ip, of ISDN router to another network. Search the Cisco technical document for config example. Good luck!

//Patrik.

102
Views
0
Helpful
3
Replies
CreatePlease login to create content