Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Serial with a ISDN Backup

Status
Not open for further replies.
Dannyrae74

Dannyrae74

Technical User
Nov 28, 2006
15
GB
Hi All,

I currently have a cisco 1800 configured with a serial interface, i've configured a isdn backup. When I shut down the serial interface the isdn dials up connects and I can ping from the router but not out from PC's on the LAN.

Below is my configuration, i'd be grateful for any help.

Thanks in advance.

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
ip domain name domain.co.uk
ip name-server 212.42.162.1
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall rtsp
ip inspect name firewall h323
ip inspect name firewall netshow
ip inspect name firewall ftp
ip inspect name firewall sqlnet
!
isdn switch-type basic-net3
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-994770686
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-994770686
revocation-check none
rsakeypair TP-self-signed-994770686
!
!
crypto pki certificate chain TP-self-signed-994770686
certificate self-signed 01
30820262 308201CB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39393437 37303638 36301E17 0D303830 35323731 30353235
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3939 34373730
36383630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
AE0EDA7F C989F113 88D6F06C 91DBE7D0 4C0BA058 2143BF32 4189D697 8DB14EFF
BF0CA10D DFDC90CC 43821277 2D2D8083 BE18D1ED 96398F16 447D4DC1 EF0B7AF2
A0BDFEAC B0C1682A 6EEFB7DE 1FB0EAF7 046D3044 B668A090 50D56DB6 3FF869EF
8E20A1E3 636778E9 C8535BAD 90F795FA 7C24592E AA322AC8 2176892B E050053B
02030100 01A3818B 30818830 0F060355 1D130101 FF040530 030101FF 30350603
551D1104 2E302C82 2A524C43 2D426972 6D696E67 68616D2E 72656675 6765652D
6C656761 6C2D6365 6E747265 2E6F7267 2E756B30 1F060355 1D230418 30168014
9709B57B 40607119 2F677312 B4AF9561 92C1BA2A 301D0603 551D0E04 16041497
09B57B40 6071192F 677312B4 AF956192 C1BA2A30 0D06092A 864886F7 0D010104
05000381 81001118 AEB33CBE 3FFCCB59 463F6CCA 8CD5F948 7D4D5B14 61FE9BC8
9D41A3C8 22CA7EBE 47692B5C CBB92026 585A994D 98C59CE2 FD1C77B5 94BF7C42
BD949B4E B9D2FEC3 6A136E7C 1C286EEA D9C318B3 B82409D7 39448A8C 8255B48F
6322C381 28C92DF6 3BC27B5C 46D71592 276E5DD4 234B3AFD BB074091 29D86CAF
A967F45F A0E3
quit
username xxxxx privilege 15 password 7 0956410E1E1C47474E
username xxxxx privilege 15 password 7 111B1506464058
username xxxxx privilege 15 secret 5 $1$r6Yo$y3J5oifJIf0YRWkoyKTRa/
!
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 600
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp keepalive 180
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-aes esp-sha-hmac
crypto ipsec transform-set vpn2 esp-3des esp-sha-hmac
!
crypto map backup 30 ipsec-isakmp
description backup VPN to London over ISDN
set peer 195.224.149.114
set transform-set vpn1
match address 102
!
crypto map vpn 10 ipsec-isakmp
set peer x.x.x.x
set transform-set vpn1
match address 102
!
!
!
!
interface FastEthernet0/0
description Internal Network
ip address 10.0.26.1 255.255.255.0
ip nat inside
ip inspect firewall in
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description WAN
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation ppp
shutdown
crypto map vpn
!
interface BRI0/1/0
description Network-I ISDN Line
no ip address
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
isdn point-to-point-setup
no cdp enable
!
interface Dialer1
description Backup ISDN connection to web
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string 08456653000
dialer-group 1
no cdp enable
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp pap sent-username xxxxx password 0 xxxxx
crypto map backup
!
no ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 0.0.0.0 0.0.0.0 Dialer1 200
!
!
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 110 interface Serial0/0/0 overload
ip nat inside source list 115 interface Dialer1 overload
!
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 23 permit 10.0.1.207
access-list 23 permit 10.0.26.0 0.0.0.255
access-list 101 permit ip 10.0.26.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.26.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 110 deny ip 10.0.26.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 110 permit ip 10.0.26.0 0.0.0.255 any
access-list 115 deny ip 10.0.26.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 115 permit ip 10.0.26.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community xxxxx RO
no cdp run
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CCCCCCC
No unauthorised access allowed
^C
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
end
 
Sort by date Sort by votes
Don't you need protocol ip permit or something on the BRI??? Can't remember...also, what about ipcp commands on the dialer?

Burt
 
Upvote 0 Downvote
Theres a "dialer-list 1 protocol ip permit" in the above configuration is this what you meant?

I think that I could possibly be an issue with the natting as when the ISDN interface comes up I can ping the internet from the router but not from the PC's on the LAN?????

Thanks Daniel
 
Upvote 0 Downvote
Hello
For testing reason try to kill the Cryto map "match address 102" It sending traffic into the VPN tunnel even when the ISDN becomes active.
Maybe not related,but for your IOS firewall is letting all outside traffic into your network.You should have an access-list on the outside interface,that should only let in ISAKMP and ESP and the needed three ICMP messages.
Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
238
madwok
madwok
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
403
BIS
BIS
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
92
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
134
Geraldine Souza
Geraldine Souza
jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
162
jarod_paris
jarod_paris

Part and Inventory Search

Sponsor

Back
Top