Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
3
Replies

Dialup connection problems

Go to solution
qbakies11
Level 1
Level 1

‎03-25-2008 09:35 AM

My setup:

I have a 2811 router with PVDM2-24DM and MN-1CE1T1-PRI modules installed and configured. There is a plain vanilla voice T1 (not PRI) so I am using PRI-to-CAS for my dialup users. The connection is for field users to dial in and gain access to the internet only. When they connect to the router they all use the same generic user.

Two problems:

1. The dialup connections timeout and automatically disconnect after 2 minutes. I have placed the command 'session-timeout 30 output' in the line 0/322 0/345 config and it didn't help. Do I need to put something in the group-async1 interface?

2. The dial-in users need to be able to access the internet and nothing on the inside LAN. Unfortunately this is a different need from what I was told originally so I'm in a bind. The router they are dialing into is actually my LAN gateway router and when they connect they can hit any IP on my internal LAN, but cannot get outside to the world. The router's default gateway points to my firewall but when I do a tracert on an outside world IP the traffic isn't getting sent to the firewall, it just dies. Tracert to any inside IP works fine. I need to figure out how to get them to the internet and then create an access-list that will prevent them from getting to the LAN.

I'm attaching a copy of my running-config. All help is appreciated.

Labels:
Preview file
4 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Makarand Chitale
Cisco Employee
Cisco Employee
In response to qbakies11

‎03-26-2008 09:54 AM

Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.

The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).

Thanks, Mak

View solution in original post

0 Helpful
3 Replies 3

Go to solution
qbakies11
Level 1
Level 1

‎03-25-2008 03:22 PM

I have solved part of problem #2. I can now surf through the dialup connection. I forgot to add a route on the PIX pointing back to that subnet, DUH! I still need some kind of access-list though to keep users from accessing my LAN while still being able to use the internet.

Also the 2 minute disconnect issue is still present.

0 Helpful

Go to solution
qbakies11
Level 1
Level 1
In response to qbakies11

‎03-26-2008 06:48 AM

I have resolved this issue but can't find how to close this. Thanks.

0 Helpful

Go to solution
Makarand Chitale
Cisco Employee
Cisco Employee
In response to qbakies11

‎03-26-2008 09:54 AM

Regarding call disconnecting in 2 mins, with "dialer in-band" configured the idle timer defaults to 120 seconds. You need to add the "dialer idle-timeout xxx" command under dialer 101 and group-async 1.

The xxx in dialer idle-timeout is in seconds and you need to make the call on how long users can remain connected w/o actually using the connection (being idle).

Thanks, Mak

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents