03-25-2008 09:35 AM
My setup:
I have a 2811 router with PVDM2-24DM and MN-1CE1T1-PRI modules installed and configured. There is a plain vanilla voice T1 (not PRI) so I am using PRI-to-CAS for my dialup users. The connection is for field users to dial in and gain access to the internet only. When they connect to the router they all use the same generic user.
Two problems:
1. The dialup connections timeout and automatically disconnect after 2 minutes. I have placed the command 'session-timeout 30 output' in the line 0/322 0/345 config and it didn't help. Do I need to put something in the group-async1 interface?
2. The dial-in users need to be able to access the internet and nothing on the inside LAN. Unfortunately this is a different need from what I was told originally so I'm in a bind. The router they are dialing into is actually my LAN gateway router and when they connect they can hit any IP on my internal LAN, but cannot get outside to the world. The router's default gateway points to my firewall but when I do a tracert on an outside world IP the traffic isn't getting sent to the firewall, it just dies. Tracert to any inside IP works fine. I need to figure out how to get them to the internet and then create an access-list that will prevent them from getting to the LAN.
I'm attaching a copy of my running-config. All help is appreciated.
Solved! Go to Solution.
03-26-2008 09:54 AM
Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.
The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).
Thanks, Mak
03-25-2008 03:22 PM
I have solved part of problem #2. I can now surf through the dialup connection. I forgot to add a route on the PIX pointing back to that subnet, DUH! I still need some kind of access-list though to keep users from accessing my LAN while still being able to use the internet.
Also the 2 minute disconnect issue is still present.
03-26-2008 06:48 AM
I have resolved this issue but can't find how to close this. Thanks.
03-26-2008 09:54 AM
Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.
The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).
Thanks, Mak
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide