Hi everyone, I'm new to the list, having just received my first Ascend
(derived) box. I've previously used Livingston/Lucent Portmasters for the
last 5 years.
I'm in the middle of replacing a PM4 with an APX and am having the
following difficulties:
1)
On the PM4 I pre-auth dialins by doing a CLI check first via Radius.
Basically, to prevent abuse (we operate a Free ISP in the UK), we check
the CLID against a list of known abusers and Reject them outright before
even pickingup the line. Otherwise the DEFAULT is to accept the call.
However on the APX, if I use clid-prefer, I can reject the connection ok,
but the APX simply accepts non-rejected connections without a username
or password. Not good.
If I use clid-first then the APX receives the Reject, but ignores it and
picks up the call allowing the abuser to dial in.
There doesn't seem to be a way with Taos to make it do what I want.
2) I have a number of dial back users - where during the CLID check,
we recognise the number and do a callback. On PMs it is this:
1234567890 Service-Type = Call-Check
Service-Type = Callback-Framed-User,
Callback-Id = "dbusername"
Where dbusername is a profile stored in the PM.
On the APX, it seems I need:
1234567890 Service-Type = Outbound-User
Framed-Route = "212.108.64.129/28 212.108.64.129 1 n dbusername-out"
But the APX loads "dbusername-out" via RADIUS, so I add in:
dbusername-out User-Password="xxxxxxx", Service-Type = Outbound-User
User-Name = "dbusername"
Ascend-Dial-Number = "1231231230",
Framed-Protocol = PPP,
Framed-IP-Address = 212.108.64.129,
Framed-IP-Netmask = 255.255.255.240,
Ascend-Send-Auth = Send-Auth-PAP,
Ascend-Send-Secret = "xxxxxxxxxx"
This doesn't seem to work (despite reading the pdfs very carefully). Does the
APX need a special hash code just to do dialback?
3) I can successfully dialin and ping the apx, and from the apx ping the
dialled in IP. I can ping the local subnet and the wider internet (and
traceroute) from the APX. However, the dialled in computer cant ping
anything outside the apx. It seems that it isn't routing the packets through
as the apx doesn't seem to be answering arp requests for the dialled in IP.
Advice on where to look next?
Many thanks for any pointers anyone can provide.
Regards,
Paul Gregg.
PS. Whats a good IRC channel for ascend users? [Can't find one on efnet]
--
| Paul Gregg |T: +44 (0) 28 90424190
| Technical Director |F: +44 (0) 28 90424709
| The Internet Business Ltd |W: http://www.tibus.com
| Holywood House, Innis Court |E: info at tibus.com
| Holywood, Co Down, BT18 9HF |P: pgregg at tibus.com
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request at bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>