Cisco 801 simple questions on simple setup 1

[DanielUK]

Hi, wondering if anyone can give me a couple of pointers? I have complete brain fade today so apologise if these questions are blindingly obvious!

I have installed a Cisco 801 ISDN router onto our Win2k server (Dell) which services a handful of win2k Professional client. It's physically connected to the com port (using the blue cable) as for some reason it couldn't detect it just by plugging into the 3com OfficeConnect hub we have. Anyway....

I've use FastStep installed on the server to find the router and successfully dial up to our ISP, so far so good. It's the next bit that's confusing me.

Under "LAN Address and Mask" I'm ok with the subnet mask (255.255.255.0) and the fact I want to leave the server to take care of DHCP. But, I'm not sure of the "IP Address for your LAN connection". Is it the IP for the router, the server or LAN itself? Either option is confusing me as when I look at the scope properties in DHCP on the server, the IP range is 192.168.0.2 - 192.168.0.15, the server is fixed at 192.168.0.13 and the scope is down as 192.168.0.0. Which IP am I meant to stick in and where am I meant to find it?

Lastly, once I do get the addressing configured, what is the basic process to change the clients from dialling using their internal modem to using the router?

Thanks in advance for any pointers. As you can see I don't do an awful lot of network administration!!

Dan

 

[DanielUK]

OK, I'm understanding this a bit better now.

The IP address it asks for is the IP address I want to give it so that the machines can connect to it. In this case I've given it 192.168.0.16. I can now ping this IP from the server itself and the workstations but am having difficulty now connecting to the net via the LAN.

I'm not sure what the LAN settings on the Win2k clients should be as I can't seem to find anywhere to specify the default gateway IP address i.e. the router. I've been to connection options on Internet Explorer and chosen "never dial a connection" and looked at the "LAN settings" dialog but I'm not sure what to do here other than "Automatically detect settings" which doesn't work. Am I missing something fundamental here?

Thanks

Dan

 

[DanielUK]

I can ping an external IP address from the server that the router is attached to, but not from a client PC. Also, when I issue a tracert command from the server or clients e.g. tracert microsoft.com I get "Unable to resolve target system name microsoft.com".

Any clues?

Thanks

Dan

 

[lui3]

do this. set the ip address of the lan interface on the router to 192.168.0.1 255.255.255.0

this will be your default gateway for your clients and server.

set the default gateways in the server via start-->control panels-->network connections-->right click properties and tcp/ip. their is setting in their for default gateway.

for the clients they should be getting the dhcp settings from the router if they are configured to do so. check and make sure they are by going to the ms dos prompt

start run and then type command

then at the prompt type

ipconfig /all

this will give you the ip information for the clients.

you will also need to specify a valid dns server to use in the dhcp settings on the router as well as a domain name if you like. the domain name is optional.

next try to ping the default gateway from a pc to make sure that they are getting the ip address via dhcp. they clients need to be set to automatically get ip, default, dns etc from the dhcp server.

then ping the default gateway and work your way out to

http://www.microsoft.com

once you get a reply from microsoft you should be able to get on the net. if not go internet explorer tools options and do the lan connection setup and specify manual and i connect via local area network. that should be it. you should be good to go from their if your router is connecting to the internet properly via dialup, isdn, dsl, or cable. whichever you are using.

let me know how this works.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[DanielUK]

Thanks Lui3, I'm not in work till Monday so I'll do as you suggest then.

I wanted to ask what is the difference between the server and the router providing DHCP? Does it matter in relation to the above tests as I was hoping to leave the server to provide IP's?

Many thanks

Dan

 

[lui3]

just turn off dhcp on the router if it is enabled. just let the server hand out the ip information but make sure that the default gateway supplied in the server dhcp properties if 192.168.0.1 or whatever ip address you give the lan interface on the router. that way the hosts will use the router as the gateway to other networks.ie internet

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[DanielUK]

Thanks Lui3,

Well I just wrote a long message only to find the Tek-Tips site had gone down, just as I submitted. Oh well, here it is again!

I found that the default gateway was missing on the clients and that I needed to add 192.168.0.16 (the router IP) as a gateway in the TCP/IP advanced properties -it's down as a Metric of 1, whatever that is.

To cut a long message short I can now ping an external IP via the router on the server and on a client. But, I can't browse webistes via IE and tracert will not resolve to external domains, I get "unable to resolve target system....etc" so I gather this must now be a DNS problem. DNS is served up by the server (192.168.0.13) and I can resolve LAN names etc

What should I do now?

Many thanks

Dan

 

[lui3]

can you resolve host names from your dns server. also make sure the default gateway on the dns server is set properly. it must be able to reach domain servers on the internet to resolve names.

make sure that the dns server local one that is can resolve via external dns servers. you may have to point it at external dns servers from your isp. they should know what they are or look on router and see if it has the dns server ips and use them in the server. i am not that skilled with dns so this may not be too much help. let me know what you find.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[DanielUK]

Thanks Lui3, I can only resolve internal host names i.e. on the LAN but not external ones. I think I might drop a quick question to the Windows 2000 Server forum regarding the DNS -I'm not too hot either! I'm not entirely sure how to correctly point to external dns servers.

Thanks

Dan

 

[DanielUK]

Oh, another thing I found, that has been mentioned before, is that whilst my intial pings have made the router dial up, ping and then disconnect, the last test I tried failed to disconnect -I had to pull the ISDN plug after about 12 minutes. Looking at previous threads there doesn't seem to be a documented cause and resolution. Is this a common problem?

Thanks

Dan

 

[lui3]

can you post your configuration

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[DanielUK]

Thanks Lui3, I've just managed to get the router to resolve external addresses with help from the Win2k Server forum. Basically the IP address needed setting up in the Forwarders tab in the DNS console after these instructions were followed as my tab properties were grayed out:

http://www.petri.co.il/no_forwarding_or_root_hints_on_dns_server.htm

was followed.

Anyway, back to this disconnection problem, here is the config minus sensitive data:

[PC to Router Connection]
ConnectionType=3

[DHCP Server in Router]
SetRouterAsDHCPServerOnE0=0

[DHCP Relay Settings]
SetDHCPRelay=0
RemoteDHCPServerAddress=

[PC Settings]
UsePCGatewayAsRouterLANIP=0
SetAutomaticChangeIPStackWhenNeededByFastStep=1
SetChangeIPStackOnConsole=0
SetForceStaticAddressOnPCAlways=0
ForceStaticIPAddress=
ForceStaticIPMask=
SetPCAsDHCPClientAlwaysOnConsole=0
UseRouterLANIPAsPCGateway=0
SetAdjustPCStackSettings=1

[Belle Systems]
SetBelleSystemSupport=0
RebootCount=-1
ISPSetupURL=http://www.cisco.com/go/faststep
ISPLocalURL=http://www.cisco.com
UniqueID=4

[Service Selection]
ShowTestConnectionButton=1
ShowTechSupportInfoButton=1
ISPSuccessText1=
ISPSuccessText2=
ISPSuccessText3=
ISPSuccessText4=
UniqueID=5

[Local LAN Ethernet0 Settings]
SetNetBiosFilterOnE0=1
LANIPAddressE0=192.168.0.16
LANIPSubnetMaskE0=255.255.255.0

[Router Security]
RouterName=Router
ReadonlyPassword=********
EnablePassword=*********

[Setup Type]
SetRouterToDefaultConfig=1
SetSkipTesting=1
SetRunMonitorNow=0

[ISDN Settings]
EnableAOCTimeout=0
AOCShortHoldTimeOut=120
SwitchType=5
SwitchSpeed=3
SPID1=
SPID2=
IdleTimeoutISP=300
LoadThresholdISP=10
HoldQueueISP=10

[Cost Control Settings]
SetRestrictToOneDataChannel=0
SetRestrictTimeOfDayWhenDataCallsCanBeMade=0
SetStartTime=00:00
SetEndTime=23:59

[Remote Phone]
RemotePhoneNumberISP1=**********
RemotePhoneNumberISP2=

[PPP Settings]
HideCentralRouternameISP=0
UserNameISP=******.co.uk
PasswordISP=******
CentralRouterISP=

[NAT Settings]
HidePAT=0
HideAddressRange=0
HideNetworkAddress=0
FirstAddress=0.0.0.0
LastAddress=0.0.0.0
NetworkSubnetMask=255.0.0.0

[Remote Network Interface Settings]
SetNetBiosFilterOnISP=1
WANIPAddressISP=81.78.71.195
WANIPSubnetMaskISP=255.255.255.255
AutomaticWANIPAddressDiscoverISP=6

[Skipped Dialogs]
SkipToSetupandTest=0
PCToRouterConnection=0
ReviewSettings=0
SaveFileAs=0
StartMonitoring=0
TestingInterfaceConnectionISP=0
EraseConfiguration=0
InternetServersEnableDMZ=0
RemoteConnectionType=0
RemotePhoneNumbersISP=0
PPPUserNameAndPasswordISP=0
InternetServersIPAddressRangeGivenByYourISP=0
NextConnection=0
CostControlSetting=0
LanIPAddressAndMaskForEthernet0=0
UniqueID=6

[TechSupportInfoDetail]
Title=
PhoneDescription1=
PhoneDescription2=
PhoneDescription3=
PhoneDescription4=
Phone1=
Phone2=
Phone3=
Phone4=
EmailAddress=
ServiceProviderURL=

[Additional IOS Commands]
cmd1=

; ******************************************************************************
; The flags below this line are private to Cisco Fast Step. Please do not modify them.
; ********************************************************************

[RouterData]
SupportedService=15
ServiceSupportedMember(0)=3
ServiceSupportedMember(1)=5
ServiceSupportedMember(2)=7
ServiceSupportedMember(3)=8
ServiceSupportedMember(4)=9
ServiceSupportedMember(5)=11
ServiceSupportedMember(6)=13
ServiceSupportedMember(7)=14
ServiceSupportedMember(8)=16
ServiceSupportedMember(9)=17
ServiceSupportedMember(10)=18
ServiceSupportedMember(11)=20
ServiceSupportedMember(12)=21
ServiceSupportedMember(13)=23
ServiceSupportedMember(14)=24
RouterModel=C801
IOSVersion=12.2 (8)
UserName=
UniqueIDCounter=236
SkipAllTests=1
FirewallGenned=1
InterfaceCount=2
InterfaceListItem(0)=Ethernet interface(0)
InterfaceListItem(1)=BRI interface(1)
LineListCount=2
LineListItem(0)=LINE_CONSOLE(0)
LineListItem(1)=LINE_VTY(1)
ServiceCount=15
ServiceListItem(0)=SERVICE_IPROUTING(0)
ServiceListItem(1)=SERVICE_AUTO_SPID(1)
ServiceListItem(2)=SERVICE_TECH_SUPPORT_INFO(2)
ServiceListItem(3)=SERVICE_USER_LIST(3)
ServiceListItem(4)=SERVICE_DHCPSERVER(4)
ServiceListItem(5)=SERVICE_DNS(5)
ServiceListItem(6)=SERVICE_NAT(6)
ServiceListItem(7)=SERVICE_TIMERANGEACCLIST(7)
ServiceListItem(8)=SERVICE_TIMERANGEACCLIST(8)
ServiceListItem(9)=SERVICE_TIMERANGEACCLIST(9)
ServiceListItem(10)=SERVICE_TIMERANGEACCLIST(10)
ServiceListItem(11)=SERVICE_TIMERANGEACCLIST(11)
ServiceListItem(12)=SERVICE_TIMERANGEACCLIST(12)
ServiceListItem(13)=SERVICE_TIMERANGEACCLIST(13)
ServiceListItem(14)=SERVICE_NETBIOSACCESSLIST(14)
RouterMessageCount=0
GUISettingCount=1
GUISettingListItem(0)=CGUISetting(0)

[Router-M-Board]
CPU 5 Seconds=-1
CPU 1 Minute=-1
CPU 5 Minutes=-1
Memory Total=-1
Memory Free=-1
Memory Used=-1
UniqueID=2

[HVD]
UniqueID=1

[CurrentConnection]
UniqueID=0

[Ethernet interface(0)]
Type=4
InterfaceNumber=0
SlotNumber=-1
ShutdownFlag=0
SkipTestFlag=0
KeepAliveFlag=0
ProtectedFlag=0
Layer2NodeListCount=1
Layer2NodeListItem(0)=LAYER_2_ETHERNET(0)Ethernet interface(0)
UniqueID=7

[LAYER_2_ETHERNET(0)Ethernet interface(0)]
MACAddress=
BackupID=0
ParentID=7
Type=5
Destination Name=
Delay Backup Down=60
Delay Backup Up=5
Sub Interface Number=-1
Destination Type=1
RCN Type=3
Node Number=-1
SkipTest=0
Layer2Valid=1
Dunno Encaps=0
Layer 3 Node List Count=1
Layer 3 Node List Item(0)=IP Node(0)LAYER_2_ETHERNET(0)Ethernet interface(0)
UniqueID=25

[IP Node(0)LAYER_2_ETHERNET(0)Ethernet interface(0)]
IPUnnumberedInterfaceType=2
IPUnnumberedInterfaceNumber=-1
IPPoolEnabled=0
AddressSource=3
Type=2
UniqueID=26

[BRI interface(1)]
UniqueID=8
LineAttachedFlag=1
AutoDetect=1
ChannelListCnt=2
ChannelMember(0)=Channel(0)BRI interface(1)
ChannelMember(1)=Channel(1)BRI interface(1)
Type=8
InterfaceNumber=0
SlotNumber=-1
ShutdownFlag=0
SkipTestFlag=0
KeepAliveFlag=0
ProtectedFlag=0
Layer2NodeListCount=1
Layer2NodeListItem(0)=LAYER_2_PPP(0)BRI interface(1)

[Channel(0)BRI interface(1)]
SPIDStatus=1
ChannelStatus=0
DesireDisconnectChannel=0
DesireConnectChannel=0
LoggedInUserName=
LDN=
ChannelNumber=0
CallListCnt=0
UniqueID=11

[Channel(1)BRI interface(1)]
SPIDStatus=1
ChannelStatus=0
DesireDisconnectChannel=0
DesireConnectChannel=0
LoggedInUserName=
LDN=
ChannelNumber=1
CallListCnt=0
UniqueID=13

[LAYER_2_PPP(0)BRI interface(1)]
AuthenticationType=4
MultiLink=1
Callin=1
BackupID=0
ParentID=8
Type=2
Destination Name=
Delay Backup Down=60
Delay Backup Up=5
Sub Interface Number=-1
Destination Type=2
RCN Type=3
Node Number=-1
SkipTest=0
Layer2Valid=1
Dunno Encaps=0
Layer 3 Node List Count=1
Layer 3 Node List Item(0)=IP Node(0)LAYER_2_PPP(0)BRI interface(1)
UniqueID=23

[IP Node(0)LAYER_2_PPP(0)BRI interface(1)]
IPUnnumberedInterfaceType=2
IPUnnumberedInterfaceNumber=-1
IPPoolEnabled=0
DHCPServerEnabled=0
Type=2
UniqueID=24

[LINE_CONSOLE(0)]
Type=3
StartNumber=0
EndNumber=0
LoginType=-1
ExecTimeout=120
LoginPassword=
UniqueID=15

[LINE_VTY(1)]
Type=5
StartNumber=0
EndNumber=4
LoginType=3
ExecTimeout=0
LoginPassword=
UniqueID=16

[SERVICE_IPROUTING(0)]
DefaultGatewayID=8
DefaultGateway=
RoutingType=2
AutonomousSystem=-1
Area=-1
ProcessID=-1
IPRouterCache=1
IPProxyARP=0
IPClassless=1
RoutingLayer2NodeListCnt=1
RoutingInterfaceMember(0)=7
RoutingLayer2NodeMember(0)=25
StaticRouteListCnt=0
Type=9
SkipTestFlag=0
ServiceEnabled=1
UniqueID=17

[SERVICE_AUTO_SPID(1)]
AutoSPIDSupported=0
Type=17
SkipTestFlag=0
ServiceEnabled=1
UniqueID=18

[SERVICE_TECH_SUPPORT_INFO(2)]
Info=
Type=18
SkipTestFlag=0
ServiceEnabled=1
UniqueID=19

[SERVICE_USER_LIST(3)]
Type=16
SkipTestFlag=0
ServiceEnabled=1
UniqueID=20

[SERVICE_DHCPSERVER(4)]
DHCPPoolListCnt=0
ExcludedAddressRangeListCnt=0
Type=7
SkipTestFlag=0
ServiceEnabled=1
UniqueID=21

[SERVICE_DNS(5)]
DNSServerCnt=0
DNSTestTarget=

http://www.cisco.com

Type=5
SkipTestFlag=0
ServiceEnabled=0
UniqueID=22

[SERVICE_NAT(6)]
Pool Name=
nOutsideLayer2NodeID=23
Overloaded Flag=1
StaticTranslationListCount=0
NatPoolListCount=1
NatPoolListItem(0)=NAT Pool(0)SERVICE_NAT(6)
InsideLayer2NodeListCnt=1
InsideLayer2NodeMember(0)=25
Type=13
SkipTestFlag=0
ServiceEnabled=1
UniqueID=28

[NAT Pool(0)SERVICE_NAT(6)]
Pool Name=
UniqueID=227

[SERVICE_TIMERANGEACCLIST(7)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=36

[SERVICE_TIMERANGEACCLIST(8)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=37

[SERVICE_TIMERANGEACCLIST(9)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=84

[SERVICE_TIMERANGEACCLIST(10)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=129

[SERVICE_TIMERANGEACCLIST(11)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=130

[SERVICE_TIMERANGEACCLIST(12)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=177

[SERVICE_TIMERANGEACCLIST(13)]
ProtocolListCnt=0
InsideLayer2NodeListCnt=0
OutsideLayer2NodeListCnt=0
Type=24
SkipTestFlag=0
ServiceEnabled=1
UniqueID=225

[SERVICE_NETBIOSACCESSLIST(14)]
ProtocolListCnt=7
ProtocolMember(0)=NetBiosAccessListProtocol(0)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(1)=NetBiosAccessListProtocol(1)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(2)=NetBiosAccessListProtocol(2)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(3)=NetBiosAccessListProtocol(3)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(4)=NetBiosAccessListProtocol(4)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(5)=NetBiosAccessListProtocol(5)SERVICE_NETBIOSACCESSLIST(14)
ProtocolMember(6)=NetBiosAccessListProtocol(6)SERVICE_NETBIOSACCESSLIST(14)
InsideLayer2NodeListCnt=2
InsideInterfaceMember(0)=7
InsideLayer2NodeMember(0)=25
InsideInterfaceMember(1)=8
InsideLayer2NodeMember(1)=23
OutsideLayer2NodeListCnt=0
Type=23
SkipTestFlag=0
ServiceEnabled=1
UniqueID=226

[NetBiosAccessListProtocol(0)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=3
ICMPMessage=-1
SourcePort=138
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=228

[NetBiosAccessListProtocol(1)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=3
ICMPMessage=-1
SourcePort=137
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=229

[NetBiosAccessListProtocol(2)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=3
ICMPMessage=-1
SourcePort=139
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=230

[NetBiosAccessListProtocol(3)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=2
ICMPMessage=-1
SourcePort=137
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=231

[NetBiosAccessListProtocol(4)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=2
ICMPMessage=-1
SourcePort=138
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=232

[NetBiosAccessListProtocol(5)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=3
Protocol=2
ICMPMessage=-1
SourcePort=139
DestinationPort=-1
TimeRange=
TimeRangeName=
UniqueID=233

[NetBiosAccessListProtocol(6)SERVICE_NETBIOSACCESSLIST(14)]
Source=0.0.0.0
SourceMask=255.255.255.255
Destination=0.0.0.0
DestinationMask=255.255.255.255
PermitOrDeny=2
Protocol=18
ICMPMessage=-1
SourcePort=-1
DestinationPort=-1
TimeRange=time-range
TimeRangeName=TIME
UniqueID=234

[CGUISetting(0)]
Key=ISP Range Type Key
Value=No Address Range Given
UniqueID=27

 

[lui3]

hmm. can you get the running configuration file and post that instead? this is more difficult to read.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization

 

[DanielUK]

Also, is the NAT firewall automatically configured i.e. I don't have to do anything more to the setup?

I've been doing all these tests with ZoneAlarm turned off but I'm mindful that when I put it back on it may block access to the router -I take it all I need to do is add the router IP to the list of OK IP addresses?

Thanks again,

Dan

 

[DanielUK]

Sorry to be a bit thick but what is the running configuration file? I'm only aware of the one.

Thanks

Dan

 

[ROUTERKID1]

On you router form the # prompt type show running-config.

 

[DanielUK]

Thanks, here it is:

OutputCommand base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/show/running-config/CR
Command was: show running-config--------------------------------------------------------------------------------
Building configuration...

Current configuration : 2114 bytes
!
! Last configuration change at 17:56:42 UTC Mon Jul 26 2004
! NVRAM config last updated at 17:31:42 UTC Mon Jul 26 2004
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
logging buffered 8192 debugging
aaa new-model
!
!
aaa session-id common
enable secret 5 $1$QvfG$fiD6ZzWY/6SZFmkxNGsGO.
!
username Router password 7 142713181F13253920
username Router password 7 070D235E4908150916000F03
ip subnet-zero
no ip source-route
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.0.16 255.255.255.0
ip access-group 121 in
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap pap callin
ppp multilink
!
interface Dialer1
description ISP
ip address negotiated
ip access-group 121 in
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer pool 1
dialer remote-name Cisco1
dialer idle-timeout 300
dialer string 08089916001 class DialClass
dialer hold-queue 10
dialer load-threshold 10 either
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ****************.co.uk
ppp chap password 7 121D0D44475E1A172F38343A3A21261B
ppp pap sent-username **************.co.uk password 7 14131A5859513C38213B23272B07031E
ppp multilink
!
ip nat inside source list 18 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
!
!
map-class dialer DialClass
access-list 18 permit 192.168.0.0 0.0.0.255
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
exec-timeout 0 0
!
no rcapi server
!
!
time-range TIME
periodic daily 0:00 to 23:59
!
end
--------------------------------------------------------------------------------command completed.

 

[DanielUK]

Hmmm, regardless of this call disconnection observation I've spent the afternoon configuring the client machines to use the router. Although I'm going to have to read up on the NAT firewall side of things I thought that using ZoneAlarm on the server would be secure for a number of tests -it's what I have been using on the indivdual dialling clients. I dialled out from the server that the router is physically connected to and visited grc.com to do an open port test. It's saying that port 80 and telnet is open. I disabled telnet on the server (under services) about two days ago and I've checked it's still disabled so how come it saying it managed to connect to that port? Any ideas? I would have thought ZoneAlarm would have blocked that as it does on the client machines.

Thanks

Dan

 

[DanielUK]

Sorry to be a bit thick here but I just did a test from a client with ZoneAlarm installed. I went for a normal dialup connection and did the port probe on grc.com -everything passes ie. all probes are blocked (stealth). I then rejig the settings to connect from client through router. I run the same test and telnet open and rest are closed (not stealth as in last test). What is being probed now, the router itself or the server it's attached to?...it's getting late and I'm confused! %-)

Thanks

Dan

 

[lui3]

i wonder if you have interesting traffic keeping the line up. try changing your dialer list specifying interesting traffic to something more restrictive. say keeping it to one host. then issue debug dialer or debug isdn commands on the router in ios mode to see if you can see what it causing the link to stay up. then you will know if its just the traffic on your local network keeping you up. you can also specify interesting traffic allowed only to be something like icmp or something so that you can limit what traffic will issue the dial. then when that traffic is not present the link should come down.

show dialer

command will tell you why the connection is up as well as well as the reason for previous attempts

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization