dialer idle-timout doesn't get reset

Discussion in 'Cisco' started by Dennis Ortsen, Jul 30, 2004.

  1. Hi,

    I'm facing a problem with a 803 (one ISDN interface).
    I have configured two dialer interfaces and acces lists and dialer-lists. I
    have read quite a few posts on several newsgroups, but I can't seem to find
    the answer to my problem. Hopefully someone can shed some light on this.

    My problem is that whenever a call is established, the idle-timeout doesn't
    get reset whenever "interesting traffic" is passing the interface. I have an
    access-list configured and a dialer-list configured to look at the traffic
    that is passing that interface. No matter what traffic I send over that ISDN
    line/interface, the idle-timeout is never reset.

    Here's the IOS version I'm running:

    Cisco Internetwork Operating System Software
    IOS (tm) C800 Software (C800-Y6-MW), Version 12.1(10), RELEASE SOFTWARE
    (fc1)
    Copyright (c) 1986-2001 by cisco Systems, Inc.

    Here's my config:

    interface Ethernet0
    description connected to EthernetLAN
    ip address 192.168.1.2 255.255.255.0
    ip nat inside
    no cdp enable
    !
    interface BRI0
    description connected to Corporate Networks
    no ip address
    encapsulation ppp
    dialer pool-member 1
    isdn switch-type basic-net3
    no cdp enable
    ppp authentication chap pap
    !
    interface Dialer1
    description ISDN to routerA
    ip address negotiated
    ip nat outside
    encapsulation ppp
    no ip split-horizon
    dialer pool 1
    dialer idle-timeout 300
    dialer string 123456789
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname myusername
    ppp chap password mypassword
    ppp pap sent-username myusername password mypassword
    !
    interface Dialer2
    description ISDN to routerB
    ip address negotiated
    ip nat outside
    encapsulation ppp
    no ip split-horizon
    dialer pool 1
    dialer idle-timeout 300
    dialer string 987654321
    dialer-group 2
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname myusername2
    ppp chap password mypassword2
    ppp pap sent-username myusername2 password mypassword2
    !
    router rip
    version 2
    network 200.0.0.0
    no auto-summary
    !
    ip nat inside source list 101 interface Dialer1 overload
    ip nat inside source list 102 interface Dialer2 overload
    no ip http server
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip route 10.1.1.0 255.255.255.0 Dialer1
    ip route 193.168.200.0 255.255.255.0 Dialer2
    !
    logging trap debugging
    logging 192.168.1.3
    access-list 100 permit ip 192.168.1.0 0.0.0.255 host 10.1.1.7
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    access-list 110 permit ip 192.168.1.0 0.0.0.255 host 193.168.200.1
    dialer-list 1 protocol ip list 100
    dialer-list 2 protocol ip list 110
    no cdp run

    Any help is very much appreciated.

    Thanks,

    Dennis Ortsen
     
    Dennis Ortsen, Jul 30, 2004
    #1
    1. Advertisements

  2. Dennis Ortsen

    PES Guest

    I think it is because your nat is translating the source address to an
    address that is not matched by the access-list.
     
    PES, Jul 30, 2004
    #2
    1. Advertisements

  3. Hi P. Stewart,

    Hmmm... I'm a newbie in IOS so forgive me if I say something impossible,
    stupid or offensive, but, if what you are saying is true, then I would also
    have problems accessing any machine on the other end of the ISDN line,
    wouldn't I?

    I thought it worked like this:
    the dialer-list contains the information on what is to be regarded as
    "interesting traffic", not the access-list. The access-list serves one
    purpose only, and that is to initiate a call to interface Dialer 1 whenever
    a packet for that specific host (10.1.1.7 in this case) is received by the
    router. The dialer-list serves as a "filter" for "interesting traffic" to
    the idle-timeout timer, right? And by filter I mean that if an ip packet is
    received for that interface Dialer 1 it should only reset the idle-timeout
    timer, nothing more.

    And, by using the "ip nat inside source list ....." I have specified a route
    for packets travelling from the Dialer interface to my ethernet interface.

    Could you tell me whether I have just said something impossible, stupid or
    anything else?
    Perhaps there are more configuration parameters I can or need to set...

    Thanks,

    Dennis
     
    Dennis Ortsen, Jul 30, 2004
    #3
  4. Dennis Ortsen

    PES Guest

    In your case, the access-list is used to further filter your dialer list.
    So not only does the packet have to be ip, but also match the access-list.
    If you omitted the access list in your dialer list, all ip traffic would be
    interesting. The access-list has nothing to do with initiating the call, it
    is used to more granularly filter the dialer list. The interface probably
    only comes up initially because there really can't be a true nat translation
    until the interface is up.
    This has nothing to do with a route. This has to do with how the source
    address is changed when a packet goes from an interface labeled ip nat
    inside to an interface labeled ip nat outside. If you are doing a private
    lan to lan isdn, you do not typically configure nat (unless you have a
    specific need).
     
    PES, Jul 30, 2004
    #4
  5. Dennis Ortsen

    Dennis Guest

    Hi,
    Ehm, OK. I'm getting the picture now, I think... I'm filtering twice.
    The dialer-list command is the command that triggers the call to the
    specified dialer-group.
    The access-list command is used to filter out what is allowed to travel over
    the configured interface to the destination. And it is used to define what
    is "interesting traffic". Am I right?

    So with this setup:

    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip route 10.1.1.0 255.255.255.0 Dialer1
    ip route 193.168.200.0 255.255.255.0 Dialer2
    !
    logging trap debugging
    logging 192.168.1.3
    access-list 100 permit ip 192.168.1.0 0.0.0.255 host 10.1.1.7
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    access-list 110 permit ip 192.168.1.0 0.0.0.255 host 193.168.200.1
    dialer-list 1 protocol ip list 100
    dialer-list 2 protocol ip list 110

    I'm not getting the dialer idle-timout counter reset.

    But with this setup...:

    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip route 10.1.1.0 255.255.255.0 Dialer1
    ip route 193.168.200.0 255.255.255.0 Dialer2
    !
    logging trap debugging
    logging 192.168.1.3
    access-list 100 permit ip 192.168.1.0 0.0.0.255 host 10.1.1.7
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    access-list 110 permit ip 192.168.1.0 0.0.0.255 host 193.168.200.1
    dialer-list 1 protocol ip permit
    dialer-list 2 protocol ip permit

    ....it would work? Cause any packet that needs to go to network 10.1.1.0 (to
    initiate the call) will trigger interface Dialer 1 to call that host. Since
    that is defined in the ip route command. But this will only happen when the
    packet needs to travel to host 10.1.1.7 AND it must be an ip packet. Only
    then the call will be initiated. Then I don't understand why I would need a
    dialer-list for that dialer-group...

    I thought I figured it all out... but I'm loosing it again.

    Basically what I want is to be able to remote control a few PC's by using
    either Terminal Services or pcANYWHERE, and occasionally transfer some files
    using SMB networking.
    What I don't want is that calls are made when it is not needed (phone bill).

    Any suggestions?

    Thanks,

    Dennis
     
    Dennis, Aug 3, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.