What is the difference between the two destinations??

From: Hunt Lee (ciscoforme3@yahoo.com.au)
Date: Mon Nov 18 2002 - 08:32:03 GMT-3

                      200.0.0.1/32
                       /
R1 ----- ISDN ------ R2
                       \
                      201.0.0.1/32

R1 dialer int: 192.168.10.2 (assigned by a IP Pool from R2)
R2 Bri 0 int: 192.168.10.1

There is an IPSec tunnel between R1 & 201.0.0.1/32

The requirement is that when R1 pings 201.0.0.1, not only it will establish an IPSec
tunnel, it will also trigger the ISDN to dial to R2. However, only traffic from R1
going to 200.0.0.1 & 201.0.0.1 should trigger the ISDN, but nothing else.

Hence I have created a dialer-list at R1:-

access-list 110 permit ip any host 192.168.10.1
dialer-list 1 protocol ip list 110
!

Howeveer, based on the 2 differenet desinations, I was expecting that they both
would be interesting traffic (to trigger the ISDN), but I found that one is, while
the other isn't. Any ideas??

tutu#ping 200.0.0.1
*Mar 1 00:05:34.239: Di1 DDR: ip (s=192.168.10.2, d=192.168.10.1), 152 bytes,
outgoing interesting (list 110)
*Mar 1 00:05:34.335: Di1 DDR: ip (s=192.168.10.2, d=192.168.10.1), 152 bytes,
outgoing interesting (list 110)
*Mar 1 00:05:34.435: Di1 DDR: ip (s=192.168.10.2, d=192.168.10.1), 152 bytes,
outgoing interesting (list 110)
*Mar 1 00:05:34.531: Di1 DDR: ip (s=192.168.10.2, d=192.168.10.1), 152 bytes,
outgoing interesting (list 110)
*Mar 1 00:05:34.631: Di1 DDR: ip (s=192.168.10.2, d=192.168.10.1), 152 bytes,
outgoing interesting (list 110)

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/44 ms
tutu#
*Mar 1 00:05:37.415: Di1 DDR: ip (s=192.168.10.2, d=200.0.0.1), 100 bytes, outgoing
uninteresting (list 110)
*Mar 1 00:05:37.459: Di1 DDR: ip (s=192.168.10.2, d=200.0.0.1), 100 bytes, outgoing
uninteresting (list 110)
*Mar 1 00:05:37.503: Di1 DDR: ip (s=192.168.10.2, d=200.0.0.1), 100 bytes, outgoing
uninteresting (list 110)
*Mar 1 00:05:37.543: Di1 DDR: ip (s=192.168.10.2, d=200.0.0.1), 100 bytes, outgoing
uninteresting (list 110)
*Mar 1 00:05:37.587: Di1 DDR: ip (s=192.168.10.2, d=200.0.0.1), 100 bytes, outgoing
uninteresting (list 110)

Below is my config for R1:-

R1#sh run
Building configuration...

Current configuration : 1763 bytes
!
!
username posets password 0 win
ip subnet-zero
no ip finger
no ip domain-lookup
!
no ip dhcp-client network-discovery
isdn switch-type basic-net3
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
!
crypto isakmp key 1234a address 192.168.10.1
!
!
crypto ipsec transform-set setOne esp-des esp-sha-hmac
!
crypto map combined 10 ipsec-isakmp
 set peer 192.168.10.1
 set transform-set setOne
 match address 101
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
!
interface BRI0
 no ip address
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool-member 1
 isdn switch-type basic-net3
 cdapi buffers regular 0
 cdapi buffers raw 0
 cdapi buffers large 0
 ppp authentication pap chap
!
interface Dialer1
 ip address negotiated
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer remote-name Posets
 dialer idle-timeout 180
 dialer string 2222
 dialer-group 1
 ppp authentication pap chap
 crypto map combined
!
ip kerberos source-interface any
ip classless
ip route 192.168.10.1 255.255.255.255 Dialer1
ip route 200.0.0.0 255.0.0.0 192.168.10.1
ip route 201.0.0.0 255.0.0.0 192.168.10.1
no ip http server
!
access-list 101 permit ip any 201.0.0.0 0.255.255.255
access-list 110 permit ip any host 192.168.10.1
dialer-list 1 protocol ip list 110

Can some one tell me why they are differnet. Any help would be greatly appreciated.

Thanks

Best Regards,
H.

http://careers.yahoo.com.au - Yahoo! Careers
- 1,000's of jobs waiting online for you!

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:23:04 GMT-3