Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AS5200 help needed...

Status
Not open for further replies.

jtho

MIS
Nov 8, 2001
6
US
I'm trying to get a Cisco 1811 router to dial into an AS5200. The AS5200 was used solely for remote user dial-in but I want to be able to have router dialin ability as a backup connection for GRE tunnels.

The AS5200 has 1 group-async interface and I recently changed it to have 5 async interfaces, one of which I've configured for my 1811 to dial into. I want to be able to assign an IP to both ends, no address pools.

My issue is that when I dial into the AS5200 from my 1811 the call is answered by whichever async is next in line (1-24) and not the async interface that I want to use (async 24). How do I fix that?

Thanks!!

Here are pieces of the AS5200's config:
!
interface Serial0:23
description pri 1 (Local Dial-up)
no ip address
no ip proxy-arp
ip pim dense-mode
encapsulation ppp
no logging event link-status
dialer pool-member 1
ntp broadcast
isdn switch-type primary-5ess
isdn incoming-voice modem
no peer default ip address
no fair-queue
no cdp enable
ppp authentication chap pap optional
ppp multilink
!
interface Async24
description modem lines
ip address 10.88.1.6 255.255.255.252
no ip proxy-arp
ip irdp
ip irdp multicast
ip irdp maxadvertinterval 90
ip irdp minadvertinterval 45
ip irdp holdtime 240
ip pim dense-mode
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
no logging event link-status
dialer in-band
autodetect encapsulation ppp
ntp broadcast
async mode interactive
no peer default ip address
no fair-queue
no cdp enable
ppp authentication pap chap
ppp multilink
hold-queue 75 in
!
interface Group-Async1
description modem lines
ip unnumbered Loopback0
no ip proxy-arp
ip irdp
ip irdp multicast
ip irdp maxadvertinterval 90
ip irdp minadvertinterval 45
ip irdp holdtime 240
ip pim dense-mode
ip tcp header-compression
no ip mroute-cache
no logging event link-status
dialer in-band
dialer rotary-group 4
dialer-group 1
autodetect encapsulation ppp
ntp broadcast
async mode dedicated
peer default ip address pool default
no fair-queue
no cdp enable
ppp authentication pap chap
ppp multilink
group-range 1 20
 
jtho,

You can't choose. Well, you can, but in a little different way. Basically, an async interface is a modem.(rather, the serial interface to a modem, but whatever)

You can individually configure each async interface for specific usage/customer(like, different ip address on each, perhaps different access-list on each interface, maybe even different ppp authentication protocol on each, etc) BUT, since you cannot choose a modem on INBOUND calls (outside->5200) this type of configuration is limited to OUTBOUND calls only (5200->outside).

On some of the bigger access servers, you could use a feature called 'modem pooling' (deprecated) or 'resource pool management' to control the physical modem/nextport calls came in on, but that's overkill for what you want to do.



What you WANT to do (heh) is REbundle everyone back up into a group-async, then add a 'dialer profile' configuration on top of it. Basically, this configuration would create 2 interfaces for a dial-in session(1 physical[async interface] and 1 logical[dialer interface], but only 1 of them(actual dialer interface) would actually have ip address information on them.

This allows you to take a call on ANY async interface, and based off of the authenticated username and password(there are other ways, but let's stick to this) the call would 'bind' to a logical dialer interface for additional configuration, like ip address and stuff.

Here's the mega-doc on it. I realize this could be kinda funky to understand, but post a question and we'll take care of it:

 
Thanks for the info, that worked perfectly. Now that I'm connected though is there a way to secure the link? I was thinking of maybe re-routing the current IPSEC peer through the dial interface but didn't know if that would work given the low bandwidth.

For those that might need it here is the resulting config...

***AS5200***
interface Serial0:23
description pri 1 (Local Dial-up)
no ip address
no ip proxy-arp
ip pim dense-mode
encapsulation ppp
no logging event link-status
dialer pool-member 1
ntp broadcast
isdn switch-type primary-5ess
isdn incoming-voice modem
no peer default ip address
no fair-queue
no cdp enable
ppp authentication chap
ppp multilink
!
interface Group-Async1
description modem lines
no ip address
no ip proxy-arp
ip pim dense-mode
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
no logging event link-status
dialer in-band
dialer pool-member 1
ntp broadcast
async mode dedicated
no peer default ip address
no fair-queue
no cdp enable
ppp authentication chap
group-range 1 24
hold-queue 75 in
!
interface Dialer2
ip address 10.88.1.6 255.255.255.252
encapsulation ppp
dialer pool 1
dialer remote-name rt-testvpn_1811-rtr
dialer idle-timeout 9999
pulse-time 0
ppp authentication chap
!
***C1811***
!
interface Async1
no ip address
encapsulation ppp
dialer in-band
dialer pool-member 1
async mode dedicated
ppp authentication chap
!
interface Dialer1
description Dial backup to access1-rtr
ip address 10.88.1.5 255.255.255.252
encapsulation ppp
dialer pool 1
dialer string 555-5555
dialer-group 1
no cdp enable
ppp authentication chap
!
line 1
modem InOut
transport input all
autoselect ppp
stopbits 1
speed 115200
flowcontrol hardware
!
 
I think you're 'asking for it' by adding any extra overhead across the async connection. We're only talking about ~50kDOWN/33.6kUP MAX for a v.90 call anyway. It's circuit-switched, too - does that give you any assurance?

I guess if you just ran a routing protocol over it(or did some floating static route magic) you could reestablish the existing ipsec tunnel over it.
 
I agree but given the fact that these connections are to Banks and Credit Unions I have to have some sort of encryption or the FDIC will have a fit.

I'll give it a shot and see how slow it ends up being. Thanks again.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top