5259.book Page i Thursday, October 10, 2002 5:39 PM Troubleshooting Remote Access Networks Plamen Nedeltchev, Ph.D 201 W 103rd Street Indianapolis, IN 46290 USA 5259.book Page ii Thursday, October 10, 2002 5:39 PM ii Troubleshooting Remote Access Networks Plamen Nedeltchev Copyright© 2003 Cisco Systems, Inc Published by: Cisco Press 201 West 103rd Street Indianapolis, IN 46290 USA All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Printed in the United States of America First Printing November 2002 Library of Congress Cataloging-in-Publication Number: 2001096586 ISBN: 1-58705-076-5 Warning and Disclaimer This book is designed to provide information about troubleshooting remote access networks Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an “as is” basis The author, Cisco Press, and Cisco Systems, Inc shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized Cisco Press or Cisco Systems, Inc cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark Feedback Information At Cisco Press, our goal is to create in-depth technical books of the highest quality and value Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community Readers’ feedback is a natural continuation of this process If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at feedback@ciscopress.com Please make sure to include the book title and ISBN in your message We greatly appreciate your assistance 5259.book Page iii Thursday, October 10, 2002 5:39 PM iii Publisher Editor-in-Chief Executive Editor Cisco Representative Cisco Press Program Manager Cisco Marketing Communications Manager Cisco Marketing Program Manager Production Manager Development Editor Senior Project Editor Copy Editor Technical Editors Team Coordinator Cover Designer Composition Indexer Corporate Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 John Wait John Kane Brett Bartow Anthony Wolfenden Sonia Torres Chavez Tom Geitner Edie Quiroz Patrick Kanouse Andrew Cupp Sheri Cain Cris Mattison Brian Feeny Brian Morgan William R Wagner Jonathan Zung Tammi Ross Louisa Adair Argosy Publishing Tim Wright European Headquarters Cisco Systems Europe 11 Rue Camille Desmoulins 92782 Issy-les-Moulineaux Cedex France http://www-europe.cisco.com Tel: 33 58 04 60 00 Fax: 33 58 04 61 00 Americas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Cisco Systems Australia, Pty., Ltd Level 17, 99 Walker Street North Sydney NSW 2059 Australia http://www.cisco.com Tel: +61 8448 7100 Fax: +61 9957 4350 Cisco Systems has more than 200 offices in the following countries Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China • Colombia • Costa Rica • Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong • Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain Sweden • Switzerland • Taiwan • Thailand • Turkey • Ukraine • United Kingdom • United States ã Venezuela ã Vietnam ã Zimbabwe Copyright â 2000, Cisco Systems, Inc All rights reserved Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The iQ Logo, Kernel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, RateMUX, ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, are registered trademarks of Cisco Systems, Inc or its affiliates in the U.S and certain other countries All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0010R) 5259.book Page iv Thursday, October 10, 2002 5:39 PM iv About the Author Plamen Nedeltchev was born in February 1954 in Silistra, Bulgaria He graduated from high school as valedictorian in 1972 In 1980, he received an M.S (Summa Cum Laude) from Saint Petersburg State Electro-Technical University In 1989, he received his Ph.D from the Bulgarian Academy of Science, Sofia, Bulgaria Plamen worked as the chief information officer of VMT (a division of the Ministry of Transport of Bulgaria) in his country of origin He joined Sprint E-Solutions in 1999 as a senior network architect The same year, he joined Cisco’s Remote Access team as a technical consultant During his career, he has published more than 40 publications in English, Russian, and Bulgarian, including four recent articles in the Cisco Packet Magazine He speaks five languages and has one technical patent The scope of his technical expertise and interests includes bridging, switching, routing, capacity planning, compression, multicast, QoS, content networking, SOHO, ROBO, design/modeling/simulation, ISDN, Frame Relay, VPN, xDSL, cable modem, dial, wireless, and troubleshooting In his spare time, he enjoys political history, philosophy, literature, sports, and music About the Technical Reviewers Brian Feeny (CCIE No 8036) is the senior network engineer for ShreveNet Inc., an Internet service provider, where he has been working for the last six years He is also a Partner in Netjam LLC, which specializes in sales and support of Cisco network equipment Brian has more than ten years experience in the networking industry Brian Morgan (CCIE No 4865) is a Cisco Press author (CCNP Remote Access Exam Certification Guide) and a frequent contributor in both editing and content He has been in the networking industry for over ten years as a consultant in large internetworking environments He has also spent much of the last five years as an instructor for Cisco Learning Partners teaching ICND, BSCN/I, BCRAN, CATM, CVOICE, CCIE/CCNP bootcamps, and other courses William R Wagner works as a Cisco Certified System Instructor for Skyline Computer Corp He has 23 years of computer programming and data communication experience He has worked for corporations and companies such as Independent Computer Consultants, Numerax, McGraw-Hill/Numerax, and Standard and Poors He has teaching experience with the Chubb Institute, Protocol Interface Inc., Geotrain, Mentor Technologies, and he is currently teaching at Skyline Computers Corp William also holds a degree in Computer Science, is a CNE, and currently holds his CCNA and CCNP from Cisco Jonathan Zung (CCNP, CCDP, working towards CCIE) has been at Cisco for nearly five years He started at Cisco as a UNIX systems administrator, but for the last four years at Cisco, he has been working as a network engineer supporting Cisco’s internal remote access environment He graduated from California Polytechnic State University at San Luis Obispo with a B.S in MIS and a minor in Computer Science in 1997 In addition to being one of the book’s technical reviewers who helped me with all phases to improve the content, Jonathan is the principal author of the design and troubleshooting content of Multi-Chassis Multilink Point-to-Point Protocol (MMP) in Chapter 10, “ISDN Design Solutions” and Chapter 12, “ISDN BRI Troubleshooting” of this book 5259.book Page v Thursday, October 10, 2002 5:39 PM v Dedication I dedicate this book to one of the most amazing people I have ever met, my wife Tatiana, for her sincere moral support and help through all these years I dedicate this book to my kids, Nickolay and Irina, who make me a very proud father —Plamen 5259.book Page vi Thursday, October 10, 2002 5:39 PM vi Acknowledgments To my managers: This book wouldn’t be possible if I didn’t have the continuous and unconditional support of my managers: Felicia Brych, who devoted her time for months to make this book happen, and Chuck Trent and Henry White, who encouraged me and created an unmatchable atmosphere of trust and encouragement to ensure the success of this project Special appreciation goes to my Sprint E-Solutions manager, Debra Wieland, and to Chris Starsiak for believing in me and for the support To the Cisco Press team: Many thanks to Brett Bartow for giving me the chance to write for Cisco Press, and Drew Cupp for his assistance, persistence, and remarkable language skills during the creation of this book I would also like to thank Sheri Cain for her excellent work in managing this book through the production process Finally, I want to thank Jill Batistick, Ginny Bess Munroe, Christopher Cleveland, Cris Mattison, Doug Ingersoll, and Marianne Huff for providing me with assistance, formatting, and editing the content, improving the language, and for technical corrections To the technical editors of this book: My special appreciation goes to Brian Feeny (CCIE No 8036), Brian Morgan (CCIE No 4865), Bill Wagner (CCSI), and especially to Jonathan Zung (CCDP, CCNP) for their valuable comments, devotion and time, and helping me to make this book better To my colleagues who helped write and edit: Many thanks to my colleagues from the Remote Access team at Cisco, who are some of the most talented engineers I’ve ever worked with in my carrier All of them are at different stages of achieving the highest Cisco certifications, but all together, they make what usually is referred to as “The Team” and as such, everyone has their own technical strengths, preferences, and proven techniques Some of them have written part of this book, some of them have reviewed the content, and some of them did both Overall, sharing this collective experience, in my understanding, adds value to this book and serves the readers’ needs best As a result, this book includes only the proven best practices type of information and proven troubleshooting scenarios from more than tens of thousands of cases in the recent years I would like to thank the following team members and note their contributions to this book: Felicia Brych (BComm, MPM) is from Canada and holds degrees from Memorial University of Newfoundland and the University of Quebec Felicia managed Cisco’s Internal Remote Access Services department from December 1999 to August 2001, with successes that included the global deployment of VPN and significant cost reduction for all remote access solutions Prior to working for Cisco, she managed Remote Access and Technology Services for Revenue Canada Felicia currently leads IT initiatives involving collaboration infrastructure and IP telephony for the home In her spare time, Felicia enjoys gardening and spending time with her husband, three stepchildren, and two Labrador Retrievers 5259.book Page vii Thursday, October 10, 2002 5:39 PM vii Felicia is the principal author of the foreword and the “Management Considerations” section for Chapter of this book Felicia edited the entire content of this book for style and language Chuck Cardamon is an IT analyst in Infrastructure, Carrier Services & Provisioning He has an AOS degree in Culinary Arts and is a veteran, retiring as a U.S Navy SEAL after 20 years of service He is a proponent of organ donation and was a live liver donor to save the life of a friend In his spare time, he rides motorcycles and fly fishes He has been married for 26 years and has adult children Chuck is the principal author of the “Provisioning of Enterprise Remote Access Services” section for Chapter Jered T Huegen is a network engineer supporting remote access services for Cisco Systems He has been working towards his CCIE in Communications and Services and passed the written exam Jered has helped to facilitate the growth of the remote access infrastructure from a few hundred clients to accommodate 40,000 clients He has a college background in math and accounting In his spare time, Jered enjoys being a pit crewmember and making split-second setup decisions for a dirt-track race team He was married in September 2002 Jered is the principal author of the following chapters: • Chapter 5, “Dial Technology Background” • Chapter 6, “Dial Design and Configuration Solutions” • Chapter 7, “Dial Troubleshooting” • Chapter 8, “Dial Troubleshooting Scenarios” Omid Kaabipour (CCNA) has a B.S in Business Administration (MIS) from San Jose State University As a lead engineer for Frame Relay with the Remote Access group, he participated in design, support, and troubleshooting Frame Relay, ISDN, VPN, and Dial Recently, Omid has been working with the Cisco Northeast Transport Group on transport technologies across a wide range of Cisco platforms, including WAN, LAN, MAN and Frame Relay troubleshooting, design, and maintenance In his spare time, he thrives on listening to classical music and enjoys going to movies Omid is the principal author of the Frame Relay host migration scenario in Chapter 18 of this book and helped with the technical review of this book at its final phase David Iacobacci is a network engineer in the Cisco IT Remote Access Services group and has been the technical lead of the team for about two years He has been working toward his CCIE in Security A native New Yorker, he lived in Japan for over nine years, working for Nihon Cisco Systems and Procter & Gamble Far East, Inc., after obtaining an MBA from the International University of Japan He also holds a BS in Mechanical Engineering from Rutgers University and has worked for Citigoup, FMC Corporation, and the U.S Navy When not working, David enjoys his free time with his wife and daughter fm.fm Page viii Monday, October 14, 2002 1:34 PM viii David is the principal author of the following chapters: • Chapter 20, “Remote Access VPN Design and Configuration Solutions” • Chapter 21, “Remote Access VPN Troubleshooting” Zack Schaefer (CCNP, CCDP) is currently working on his CCIE He has spent a majority of his post college career working for Cisco in its Remote Access department Throughout his entire career at Cisco, he has helped support Cisco’s entire VPN infrastructure, solving thousands of VPN problems yearly He is currently a network engineer supporting WAN, LAN, MAN, and remote access for Latin America and the Central and Southeast United States Additionally, he routinely performs VPN troubleshooting training for fellow Cisco employees Zack is the principal author of Chapter 22, “Remote Access VPN Troubleshooting Scenarios.” James Michael Thompson (CCNP, CCDA) made a move from the music industry to the networking industry in the late 1980s Before working with the Cisco Remote Access team, Jim worked as a WAN engineer and as a CNE at a network integration company Jim passed the CCIE qualifying exam and is scheduled to take the lab exam in the near future He lives in Sonora, California, with hobbies such as photography, hiking, mountain biking, kayaking, and still enjoys making music Jim helped with the technical review of this book at its final phase Lainie van Doornewaard has been with Cisco Systems, Inc for approx five and a half years after leaving a career in law enforcement She worked as the team lead for support for the engineering community, then joined the Network Operations Team, which is responsible for Cisco’s corporate LAN, WAN, and MAN infrastructure She transferred to the Remote Access team in July of 2000 and has been the backup engineer for VPN and lead engineer for xDSL for almost two years She is currently a team lead for the Remote Access Engineering team in San Jose Lainie helped with the technical review of this book at its final phase I’d like to acknowledge the contributions of some of the founders of the Remote Access environment at Cisco: Yinpo Wong, BS, BA, MBA, currently Engineering Manager at Cisco Systems, Inc., John B Cornell III, currently Member of Technical Staff (IT) at Cisco Systems, Inc., and Craig Huegen, CCIE #2100, who is currently Chief Network Architect for Cisco Systems Finally, this book enjoyed the encouragement of many people, and I’d like to thank Dave Holloway, Kristine Smith, Lanny Ripple, Julie Martinez, Jeff Galisky, Terrance Blackman, Lilyan Gonzalez, Albert Soeherman, Diana Perez, Sidney Thompson, Damian Morris, Al Roethlisberger, Jawahar Sivasankaran (CCIE 8870), Doug Gober, Kathleen O’Looney, and many others 5259.book Page ix Thursday, October 10, 2002 5:39 PM ix Contents at a Glance Foreword xxiii Introduction xxv Part I Remote Access Fundamentals Chapter Remote Access Overview Chapter Telecommunication Basics 37 Chapter The Cloud 69 Chapter Troubleshooting Approaches, Models, and Tools 95 Part II Dial 123 Chapter Dial Technology Background 125 Chapter Dial Design and Configuration Solutions 141 Chapter Dial Troubleshooting 181 Chapter Dial Troubleshooting Scenarios 219 Part III ISDN 231 Chapter ISDN Technology Background 233 Chapter 10 ISDN Design Solutions 257 Chapter 11 Cisco ISDN Configuration Solutions 289 Chapter 12 ISDN BRI Troubleshooting 313 Chapter 13 Troubleshooting Scenarios for ISDN BRI 359 Part IV Frame Relay 411 Chapter 14 Frame Relay Technology Background 413 Chapter 15 Frame Relay Design Solutions 433 Chapter 16 Basic and Advanced Frame Relay Configurations 457 Chapter 17 Frame Relay Troubleshooting 491 Chapter 18 Frame Relay Troubleshooting Scenarios 547 5259.book Page x Thursday, October 10, 2002 5:39 PM x Part V VPN 589 Chapter 19 VPN Technology Background 591 Chapter 20 Remote Access VPN Design and Configuration Solutions 633 Chapter 21 Remote Access VPN Troubleshooting 675 Chapter 22 Remote Access VPN Troubleshooting Scenarios 765 Appendix A Answers to Review Questions 807 Index 835