Attendant line status at remote site
we have a centralized 4.1.3 call manager with remote site using mpls. we set up the attendant application for the receptionist at the remote site and everything worked as expected. The next day, she no longer could see the line status.
I've tried it from the main site and it works fine. We've tried restarting the services.
Does anyone know what might have happened?
thanks
Rob
problem turned out to be the windows xp firewall running on the receptionist pc. when it was turned off, line status worked.
solution is to add the acclient program as an exception in the firewall settings
Rob
Similar Messages
-
Unified Attendant Console - License and Remote Site
I need an Attendant Console solution for a 6 site IPT design. I have CUCMBE at the corporate site with 5 remote locations. I want to have an Attendant Console in each location. I was going to use the Business Attendant version, but see it only support 3 Queues, thoguht I had read it was 6 queues, so I guess I need to go with the Enterprise version.
1. To support 6 active clients, I need to order 6 licenses at $2950.00? Seems awful expensive compared to the old Attendant Console...
2. Queues would need to be created for each site, Business only has 3, but Enterprise has 50?Hehe Chris, you're right. I've always thought that this is only the language for the installation details, but I've just tried it on my PC.
Thanks a lot.
regards
Marc -
Connecting to an ISDN BRI on a router from a PSTN line from remote site..!!
Friends,
I have a 1812 at HO with WIC1 BS/T Card, connected it to an ISDN BRI line.One of my critical remote location uses Leased circuit to reach my HO Router.But in case if LL goes down,some of the important PC's at the remote site should be able to dial to HO Router BRI Number using PSTN line, get connected and continue, ip address assigned from HO Router and access the application... Is any way available...Hi Arnab.
You need to configure dial backup through AUX port. You need to connect a normal PSTN line to a modem which in turn is connected to your AUX port. You will have to configure a chat script which you can find in the attachmnet. The attachment is a working example in one of my routers.
You also have to create an ASYNC interface. Check that in the attached file also
--Pls rate if useful--- -
Line Loop by Remote status on T1
Recently, my AS5400XM started getting this status on some of my T1(I have DS3). I've worked with our vendor and they indicated it is a Cisco bug. We have never had this issue before until they migrated our system to a different switch. The problem can be resolve if my provider restart their T1. But we are seeing the issue again from time to time. Needless to say, I just wanted to find ways to pin point the issue. I believe it is on their end, but i need to get data or anything at all to prevent this from happening again.
Can anyone help me out? I need some starting point.
Below is the output of "show controllers T1 | section is up":
1 7/0:9 is up. (Line Loop by Remote)
Applique type is Channelized T1
Receiver has no alarms.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info of slot 7: HW: 1536, PLD Rev: 7
Framer Version: 0x58
T1 7/0:10 is up. (Line Loop by Remote)
Applique type is Channelized T1
Receiver has no alarms.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info of slot 7: HW: 1536, PLD Rev: 7
Framer Version: 0x58
And this is output of my log:
013-05-29 09:20:34 Local7.Notice 192.168.1.6 7207: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:3, LINE loopback request from external network
2013-05-29 09:20:34 Local7.Notice 192.168.1.6 7208: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:4, LINE loopback request from external network
2013-05-29 09:20:34 Local7.Notice 192.168.1.6 7209: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:5, LINE loopback request from external network
2013-05-29 09:20:34 Local7.Notice 192.168.1.6 7210: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:6, LINE loopback request from external network
2013-05-29 09:20:34 Local7.Notice 192.168.1.6 7211: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:7, LINE loopback request from external network
2013-05-29 09:20:34 Local7.Notice 192.168.1.6 7212: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:8, LINE loopback request from external network
2013-05-29 09:20:35 Local7.Notice 192.168.1.6 7213: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:9, LINE loopback request from external network
2013-05-29 09:20:35 Local7.Notice 192.168.1.6 7214: *Jun 28 04:10:42.775: %CONTROLLER-5-LOOPSTATUS: Controller T1 7/0:10, LINE loopback request from external network
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7215: *Jun 28 06:07:46.027: %CONTROLLER-5-UPDOWN: Controller T1 7/0:1, changed state to down
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7216: *Jun 28 06:07:46.027: %CSM-5-PRI: delete PRI at slot 7, unit 1, channel 23 with index 12
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7217: *Jun 28 06:07:46.027: %CONTROLLER-5-UPDOWN: Controller T1 7/0:2, changed state to down
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7218: *Jun 28 06:07:46.035: %CSM-5-PRI: delete PRI at slot 7, unit 2, channel 23 with index 13
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7219: *Jun 28 06:07:46.039: %CONTROLLER-5-UPDOWN: Controller T1 7/0:12, changed state to down
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7220: *Jun 28 06:07:46.047: %CSM-5-PRI: delete PRI at slot 7, unit 12, channel 23 with index 11
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7221: *Jun 28 06:07:46.047: %CONTROLLER-5-UPDOWN: Controller T1 7/0:13, changed state to down
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7222: *Jun 28 06:07:46.055: %CSM-5-PRI: delete PRI at slot 7, unit 13, channel 23 with index 4
2013-05-29 11:17:37 Local7.Notice 192.168.1.6 7223: *Jun 28 06:07:46.055: %CONTROLLER-5-UPDOWN: Controller T1 7/0:14, changed state to downcboulanger wrote:I suggest you use the following controller command: loopback network ignoreThe description mentions "Ignore the remote line loopback reqs from NI". This should prevent your AS5400XM to automatically activate line loopback.
Correct, but chances are that when some remote device is erroneously trying to command remote loopback, traffic will not pass anyway. -
Cisco 3905 problem / remote site
Hi all!
Information:
I have CUCM 8.6.2.20000-2 and many Cisco IP Phone 3905 (SIP). Some of them deployed in central office and some in remote sites.
Phone information:
Boot Version: 3905.0-0-0-01-01
DSP Version: 12.0.0.8
Application: 3905.9-2-2-0
Symptoms:
In remote sites only!
The phone is registered and working fine. However, after few hours idle state I lift the handset, dial any number and nothing happens. Drop the call and try again 2-3 times. After that either call passed or get permanent busy tone (need to reboot the phone to work again).
The phone is marked as registered on CUCM and I hear dial tone when lifted the handset.
I cannot collect debug messages from phones, because as soon as I login via telnet it going work fine.
There is no such problem in central office.
Phones print following messages in terminal all the time:
17:07:10:302 x [CENTRAL] CDP/LLDP-MED CB function is called
17:07:26:491 [sip] 03:58:24.490 pjsua_acc.c SIP outbound status for acc 0 is not active
17:07:26:495 [sip] 03:58:24.494 pjsua_acc.c "п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>: registration success, status=200 (OK ), will re-register in 120 seconds
17:07:26:502 [sip] 03:58:24.500 pjcu.c pjcu_on_reg_state2(), Account["п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>] : OK, status=200
17:07:26:506 x [pcu] pcuRcvHandler(CALL), SRV_EV, eid=0, cid=65535,
17:07:26:510 x [pcu] [pcux_insrv_cb():7071] CUCM_DateTime:Mon, 27 May 2013 11:07:26 GMT
17:07:26:511 x [pcu] Sync time from server: Mon, 27 May 2013 11:07:26 GMT
17:07:26:515 x [pcu] [set_svr_type][1599] Bfe active_server_idx=0, serverType=0
17:07:26:515 x [pcu] [set_svr_type][1602] Aft serverType=0, Server Number=2
17:07:26:531 [ipps] ----- PCU: CC_SRV, pid=0, eid=0, cid=65535 -----
17:07:26:532 [ipps] In func: remoteNtyEvtProcess(), lib = 0, cid = 65535, ntyEv = 0
17:07:26:533 f [ipps] In func: remoteNtyEvtProcess(), recv inservice nty, svrType = 0, cause = 0
17:07:26:534 f [MMI] <RCV>: In func: ui_nty(), lid = 0, cid = 65535, ntyEv = 0
17:07:26:535 x [CENTRAL] IPPS CB function(RegStatus) is called (1) with Line (0)
17:07:26:536 f [ipps] In func: mlcu_isKpmlEnabled(), KPML value = 3, blRet = 1
17:07:26:537 x [CENTRAL] Enter FSM: State(STANDBY) | Event(REGISTER_OK) | Cause(0)
17:07:26:540 x [CENTRAL] Unexpected event REGISTER_OK (cause=0) at STANDBY state
17:07:26:541 x [CENTRAL] Waiting event in STANDBY
17:07:58:990 x [CENTRAL] CDP/LLDP-MED CB function is called
17:08:39:022 [sip] 03:59:37.021 pjcu.c pjcuRcvHandler(KA), KA_REQUEST, eid=-1, p1=192.168.70.1:5060
17:08:39:040 [sip] 03:59:37.036 pjcu.c pjcu_rpt_ka_status(), target(192.168.70.1:5060): status=1, id=27
17:08:39:044 x [pcu] pcuRcvHandler(KA), KA_RESPONSE, eid=0, addr=192.168.70.1:5060, status=1
17:08:39:050 x [pcu] [pcu_polling_sipserver_thread():1478] mark!
17:08:54:130 x [CENTRAL] CDP/LLDP-MED CB function is called
Thanks for your help.There are 2 versions of firmware on cisco.com. cmterm-3905.9-2-1-0 is the default firmware going with CUCM 8.6.2.20000-2 for 3905 phones and cmterm-3905.9-2-2-0 I've installed recently. Both versions of firmware with same problems.
Some new information. I get traffic dump with wireshark.
INVITE sip:[email protected]:5060;transport=tcp SIP/2.0
Via: SIP/2.0/TCP 192.168.70.86:3457;rport;branch=z9hG4bKPjdp3HjFLs7Dy03RL9ce.16qung.tOq5O3
Max-Forwards: 70
From: "............ .............." ;tag=5a25b465-747b-4c31-a020-1a9636827427
To: sip:[email protected]
Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="SEP10BD18DD3F59";+u.sip!model.ccm.cisco.com="592"
Call-ID: e9edcc43-6a9b-42b8-8efc-99f702b313d1
CSeq: 28324 INVITE
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
User-Agent: Cisco-CP3905/9.2.1
Supported: replaces,join,sdp-anat,norefersub,extended-refer,X-cisco-callinfo,X-cisco-serviceuri,X-cisco-escapecodes,X-cisco-service-control,X-cisco-monrec,X-cisco-config,X-cisco-sis-4.0.0,X-cisco-xsi-7.0.1
Expires: 900
Accept: application/sdp
Allow-Events: kpml,dialog
Remote-Party-ID: "............ ..............";privacy=off
Content-Type: application/sdp
Content-Length: 294
As you can see phone trying to invite [email protected]:5060, BUT I dial 7103 DN from 7102. So where are other numbers? Bug? -
I have a problem making a call from Isle of Man that has a 2900 router running CME 8.6 and a remote site Singapore that is on a UCS560, we have created a site to site VPN and can ping from either phone vlan to either phone vlan interfaces. The problem is that when I call from the Isle of Man site the call routes, rings on the remote phone and the user answers, they can hear the Isle of Man but the Isle of man cannot hear them... I hear you all say one way voice must be routing, well I cannot find where the error and like I say we can ping. I have added the singapore config as a starting point and we are calling from 0977 Isle of Man to 3123 Singapore.
version 15.1
parser config cache interface
no service pad
no service timestamps debug uptime
service timestamps log datetime msec localtime
service internal
service compress-config
service sequence-numbers
hostname SG_UC_560
boot-start-marker
boot system flash:/uc500-advipservicesk9-mz.151-4.M6
boot-end-marker
no logging buffered
no logging rate-limit
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa session-id common
clock timezone WST 8 0
network-clock-participate wic 1
network-clock-select 1 BRI0/1/0
network-clock-select 2 BRI0/1/1
dot11 syslog
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 172.16.100.1 172.16.100.99
ip dhcp excluded-address 172.16.100.200 172.16.100.255
ip dhcp excluded-address 192.168.138.1 192.168.138.99
ip dhcp excluded-address 192.168.138.200 192.168.138.255
ip dhcp pool phone
network 172.16.100.0 255.255.255.0
default-router 172.16.100.1
option 150 ip 172.16.100.1
ip dhcp pool data
import all
network 192.168.138.0 255.255.255.0
default-router 192.168.138.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool DoorIntercom
host 192.168.138.5 255.255.255.0
hardware-address 7c1e.b3fe.09a8
ip inspect WAAS flush-timeout 10
ip dhcp-client update dns server both
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
isdn switch-type basic-net3
trunk group ALL_BRI
hunt-scheme longest-idle
translation-profile outgoing PROFILE_ALL_BRI
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
registrar server expires max 600 min 60
no update-callerid
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice class cause-code 1
no-circuit
voice register global
mode cme
source-address 172.16.100.1 port 5060
max-dn 120
max-pool 30
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
authenticate register
authenticate realm uc500.local
timezone 42
date-format D/M/Y
hold-alert
create profile sync 0002461994550035
voice register dn 1
number 199
name Door Intercom
no-reg
label Door Intercom
voice register pool 1
registration-timer max 720 min 660
id mac 7C1E.B3FE.09A8
type CiscoMobile-iOS
number 1 dn 1
cor incoming user-internal default
dtmf-relay rtp-nte
username 199 password
codec g711ulaw
voice hunt-group 1 parallel
final 399
list 122,123
timeout 16
pilot 501
voice translation-rule 4
rule 15 /^...$/ /62223151/
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1112
rule 10 /^90[0123][1-9]\(.*\)/ /019\1/
rule 15 /^9/ //
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
voice translation-rule 3119
rule 1 /^3\(...\)/ /\1/
voice translation-rule 3121
rule 1 /3121/ /121/
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile IOM
translate called 3119
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_BRI
translate calling 4
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
fax interface-type fax-mail
license udi pid UC560-BRI-K9 sn FGL164912CA
archive
log config
logging enable
logging size 600
hidekeys
process-max-time 150
ip tftp source-interface Vlan90
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 85400
crypto isakmp key xxxxxxxxx address IP of Isle of Man no-xauth
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map IOM-VPN 10 ipsec-isakmp
set peer IP of Isle of Man
set transform-set ESP-3DES-MD5
match address 150
interface Loopback0
ip address xxxxxxxxx 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0
ip ddns update hostname xxxxxxxxx
ip ddns update dyndns
ip address dhcp client-id GigabitEthernet0/0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map IOM-VPN
interface Integrated-Service-Engine0/0
description Interface used to manage integrated application modulecue is initialized with default IMAP group
ip unnumbered Vlan90
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface GigabitEthernet0/1/0
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/1
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/2
no ip address
macro description cisco-desktop
spanning-tree portfast
interface GigabitEthernet0/1/3
description Interface used to communicate with integrated service module
switchport access vlan 90
no ip address
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface BRI0/1/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
interface Virtual-Template200 type serial
no ip address
interface Vlan1
ip address 192.168.138.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan90
ip address 10.1.10.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
interface Vlan100
ip address 172.16.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local pool SDM_WEBVPN_POOL_1 192.168.138.20 192.168.138.29
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip route 10.1.10.1 255.255.255.255 Vlan90
access-list 100 deny ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 permit ip 10.1.10.0 0.0.0.3 any
access-list 100 permit ip 192.168.138.0 0.0.0.255 any
access-list 100 permit ip 172.16.100.0 0.0.0.255 any
access-list 150 permit ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 100
snmp-server community public RO
tftp-server flash:/phones/6901_6911/SCCP6911.9-1-1-0.loads alias SCCP6911.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/SCCP6901.9-1-1-0.loads alias SCCP6901.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/KNL6911SCCP.9-1-1-0.zz.sgn alias KNL6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/KNL6901SCCP.9-1-1-0.zz.sgn alias KNL6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/BFS6911SCCP.9-1-1-0.zz.sgn alias BFS6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6911SCCP.9-1-1-0.zz.sgn alias APP6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6901SCCP.9-1-1-0.zz.sgn alias APP6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.loads alias SCCP69xx.9-1-1-2-sr.loads
tftp-server flash:/phones/69xx/BOOT69xx.0-0-0-14.zz.sgn alias BOOT69xx.0-0-0-14.zz.sgn
tftp-server flash:/phones/69xx/DSP69xx.0-0-0-4.zz.sgn alias DSP69xx.0-0-0-4.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.zz.sgn alias SCCP69xx.9-1-1-2-sr.zz.sgn
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/525/spa525g-7-4-9c.bin alias spa525g-7-4-9c.bin
tftp-server flash:/phones/50x-30x/spa50x-30x-7-4-9c.bin alias spa50x-30x-7-4-9c.bin
tftp-server flash:/phones/7906_7911/apps11.9-2-1TH1-13.sbn alias apps11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cnu11.9-2-1TH1-13.sbn alias cnu11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cvm11sccp.9-2-1TH1-13.sbn alias cvm11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/dsp11.9-2-1TH1-13.sbn alias dsp11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/jar11sccp.9-2-1TH1-13.sbn alias jar11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/SCCP11.9-2-1S.loads alias SCCP11.9-2-1S.loads
tftp-server flash:/phones/7906_7911/term06.default.loads alias term06.default.loads
tftp-server flash:/phones/7906_7911/term11.default.loads alias term11.default.loads
tftp-server flash:/phones/7914/S00105000400.sbn alias S00105000400.sbn
tftp-server flash:/phones/7915/B015-1-0-4.SBN alias B015-1-0-4.SBN
tftp-server flash:/phones/7916/B016-1-0-4.SBN alias B016-1-0-4.SBN
tftp-server flash:/phones/7921/APPS-1.4.1SR1.SBN alias APPS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/CP7921G-1.4.1SR1.LOADS alias CP7921G-1.4.1SR1.LOADS
tftp-server flash:/phones/7921/GUI-1.4.1SR1.SBN alias GUI-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUXR-1.4.1SR1.SBN alias TNUXR-1.4.1SR1.SBN
tftp-server flash:/phones/7921/SYS-1.4.1SR1.SBN alias SYS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUX-1.4.1SR1.SBN alias TNUX-1.4.1SR1.SBN
tftp-server flash:/phones/7921/WLAN-1.4.1SR1.SBN alias WLAN-1.4.1SR1.SBN
tftp-server flash:/phones/7925/APPSH-1.4.1SR1.SBN alias APPSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/CP7925G-1.4.1SR1.LOADS alias CP7925G-1.4.1SR1.LOADS
tftp-server flash:/phones/7925/GUIH-1.4.1SR1.SBN alias GUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JSYSH-1.4.1SR1.SBN alias JSYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JUIH-1.4.1SR1.SBN alias JUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/SYSH-1.4.1SR1.SBN alias SYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXH-1.4.1SR1.SBN alias TNUXH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXRH-1.4.1SR1.SBN alias TNUXRH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/WLANH-1.4.1SR1.SBN alias WLANH-1.4.1SR1.SBN
tftp-server flash:/phones/7931/apps31.9-1-1TH1-16.sbn alias apps31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cnu31.9-1-1TH1-16.sbn alias cnu31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cvm31sccp.9-1-1TH1-16.sbn alias cvm31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/dsp31.9-1-1TH1-16.sbn alias dsp31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/jar31sccp.9-1-1TH1-16.sbn alias jar31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/SCCP31.9-1-1SR1S.loads alias SCCP31.9-1-1SR1S.loads
tftp-server flash:/phones/7931/term31.default.loads alias term31.default.loads
tftp-server flash:/phones/7936/cmterm_7936.3-3-21-0.bin alias cmterm_7936.3-3-21-0.bin
tftp-server flash:/phones/7937/apps37sccp.1-4-4-0.bin alias apps37sccp.1-4-4-0.bin
tftp-server flash:/phones/7940_7960/P00308010200.bin alias P00308010200.bin
tftp-server flash:/phones/7940_7960/P00308010200.loads alias P00308010200.loads
tftp-server flash:/phones/7940_7960/P00308010200.sb2 alias P00308010200.sb2
tftp-server flash:/phones/7940_7960/P00308010200.sbn alias P00308010200.sbn
tftp-server flash:/phones/7941_7961/apps41.9-1-1TH1-16.sbn alias apps41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cnu41.9-1-1TH1-16.sbn alias cnu41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cvm41sccp.9-1-1TH1-16.sbn alias cvm41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/dsp41.9-1-1TH1-16.sbn alias dsp41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/jar41sccp.9-1-1TH1-16.sbn alias jar41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/SCCP41.9-1-1SR1S.loads alias SCCP41.9-1-1SR1S.loads
tftp-server flash:/phones/7941_7961/term41.default.loads alias term41.default.loads
tftp-server flash:/phones/7941_7961/term61.default.loads alias term61.default.loads
tftp-server flash:/phones/7942_7962/apps42.9-1-1TH1-16.sbn alias apps42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cnu42.9-1-1TH1-16.sbn alias cnu42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cvm42sccp.9-1-1TH1-16.sbn alias cvm42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/dsp42.9-1-1TH1-16.sbn alias dsp42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/jar42sccp.9-1-1TH1-16.sbn alias jar42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/SCCP42.9-1-1SR1S.loads alias SCCP42.9-1-1SR1S.loads
tftp-server flash:/phones/7942_7962/term42.default.loads alias term42.default.loads
tftp-server flash:/phones/7942_7962/term62.default.loads alias term62.default.loads
tftp-server flash:/phones/7945_7965/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/dsp45.9-1-1TH1-16.sbn alias dsp45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/jar45sccp.9-1-1TH1-16.sbn alias jar45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/SCCP45.9-1-1SR1S.loads alias SCCP45.9-1-1SR1S.loads
tftp-server flash:/phones/7945_7965/term45.default.loads alias term45.default.loads
tftp-server flash:/phones/7945_7965/term65.default.loads alias term65.default.loads
tftp-server flash:/phones/7970_7971/apps70.9-1-1TH1-16.sbn alias apps70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cnu70.9-1-1TH1-16.sbn alias cnu70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cvm70sccp.9-1-1TH1-16.sbn alias cvm70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/dsp70.9-1-1TH1-16.sbn alias dsp70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/jar70sccp.9-1-1TH1-16.sbn alias jar70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/SCCP70.9-1-1SR1S.loads alias SCCP70.9-1-1SR1S.loads
tftp-server flash:/phones/7970_7971/term70.default.loads alias term70.default.loads
tftp-server flash:/phones/7970_7971/term71.default.loads alias term71.default.loads
tftp-server flash:/phones/7975/apps75.9-1-1TH1-16.sbn alias apps75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cnu75.9-1-1TH1-16.sbn alias cnu75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cvm75sccp.9-1-1TH1-16.sbn alias cvm75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/dsp75.9-1-1TH1-16.sbn alias dsp75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/jar75sccp.9-1-1TH1-16.sbn alias jar75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/SCCP75.9-1-1SR1S.loads alias SCCP75.9-1-1SR1S.loads
tftp-server flash:/phones/7975/term75.default.loads alias term75.default.loads
tftp-server flash:/phones/8961/dkern8961.100609R2-9-2-2.sebn alias dkern8961.100609R2-9-2-2.sebn
tftp-server flash:/phones/8961/kern8961.9-2-2.sebn alias kern8961.9-2-2.sebn
tftp-server flash:/phones/8961/rootfs8961.9-2-2.sebn alias rootfs8961.9-2-2.sebn
tftp-server flash:/phones/8961/sboot8961.031610R1-9-2-2.sebn alias sboot8961.031610R1-9-2-2.sebn
tftp-server flash:/phones/8961/sip8961.9-2-2.loads alias sip8961.9-2-2.loads
tftp-server flash:/phones/8961/skern8961.022809R2-9-2-2.sebn alias skern8961.022809R2-9-2-2.sebn
tftp-server flash:/phones/9951/dkern9951.100609R2-9-2-2.sebn alias dkern9951.100609R2-9-2-2.sebn
tftp-server flash:/phones/9951/kern9951.9-2-2.sebn alias kern9951.9-2-2.sebn
tftp-server flash:/phones/9951/rootfs9951.9-2-2.sebn alias rootfs9951.9-2-2.sebn
tftp-server flash:/phones/9951/sboot9951.031610R1-9-2-2.sebn alias sboot9951.031610R1-9-2-2.sebn
tftp-server flash:/phones/9951/sip9951.9-2-2.loads alias sip9951.9-2-2.loads
tftp-server flash:/phones/9951/skern9951.022809R2-9-2-2.sebn alias skern9951.022809R2-9-2-2.sebn
tftp-server flash:/phones/9971/dkern9971.100609R2-9-2-2.sebn alias dkern9971.100609R2-9-2-2.sebn
tftp-server flash:/phones/9971/kern9971.9-2-2.sebn alias kern9971.9-2-2.sebn
tftp-server flash:/phones/9971/rootfs9971.9-2-2.sebn alias rootfs9971.9-2-2.sebn
tftp-server flash:/phones/9971/sboot9971.031610R1-9-2-2.sebn alias sboot9971.031610R1-9-2-2.sebn
tftp-server flash:/phones/9971/sip9971.9-2-2.loads alias sip9971.9-2-2.loads
tftp-server flash:/phones/9971/skern9971.022809R2-9-2-2.sebn alias skern9971.022809R2-9-2-2.sebn
tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:/ringtones/RingList.xml alias RingList.xml
tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:/ringtones/Bass.raw alias Bass.raw
tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:/ringtones/Chime.raw alias Chime.raw
tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:/ringtones/Pop.raw alias Pop.raw
tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw
tftp-server flash:/Desktops/CampusNight.png
tftp-server flash:/Desktops/TN-CampusNight.png
tftp-server flash:/Desktops/CiscoFountain.png
tftp-server flash:/Desktops/TN-CiscoFountain.png
tftp-server flash:/Desktops/CiscoLogo.png
tftp-server flash:/Desktops/TN-CiscoLogo.png
tftp-server flash:/Desktops/Fountain.png
tftp-server flash:/Desktops/TN-Fountain.png
tftp-server flash:/Desktops/MorroRock.png
tftp-server flash:/Desktops/TN-MorroRock.png
tftp-server flash:/Desktops/NantucketFlowers.png
tftp-server flash:/Desktops/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:/bacdprompts/en_bacd_allagentsbusy.au alias en_bacd_allagentsbusy.au
tftp-server flash:/bacdprompts/en_bacd_disconnect.au alias en_bacd_disconnect.au
tftp-server flash:/bacdprompts/en_bacd_enter_dest.au alias en_bacd_enter_dest.au
tftp-server flash:/bacdprompts/en_bacd_invalidoption.au alias en_bacd_invalidoption.au
tftp-server flash:/bacdprompts/en_bacd_music_on_hold.au alias en_bacd_music_on_hold.au
tftp-server flash:/bacdprompts/en_bacd_options_menu.au alias en_bacd_options_menu.au
tftp-server flash:/bacdprompts/en_bacd_welcome.au alias en_bacd_welcome.au
tftp-server flash:/bacdprompts/en_bacd_xferto_operator.au alias en_bacd_xferto_operator.au
radius-server attribute 31 send nas-port-detail
control-plane
voice-port 0/0/0
cptone SG
station-id number 401
caller-id enable
voice-port 0/0/1
cptone SG
station-id number 402
caller-id enable
voice-port 0/0/2
cptone SG
station-id number 403
caller-id enable
voice-port 0/0/3
cptone SG
station-id number 404
caller-id enable
voice-port 0/1/0
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/1/1
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/3/0
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/0-BG
caller-id enable
voice-port 0/3/1
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/1-BG
caller-id enable
voice-port 0/3/2
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/2-BG
caller-id enable
voice-port 0/3/3
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/3-BG
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Vlan90
sccp ccm 172.16.100.1 identifier 1 version 3.1
sccp
sccp ccm group 1
associate ccm 1 priority 1
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
destination-pattern 401
port 0/0/0
no sip-register
dial-peer voice 2 pots
destination-pattern 402
port 0/0/1
no sip-register
dial-peer voice 3 pots
destination-pattern 403
port 0/0/2
no sip-register
dial-peer voice 4 pots
destination-pattern 404
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description ôcatch all dial peer for BRI/PRIö
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/1
dial-peer voice 150 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/0
dial-peer voice 151 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/1
dial-peer voice 152 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/2
dial-peer voice 153 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/3
dial-peer voice 154 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/3/0
no sip-register
dial-peer voice 155 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/3/1
no sip-register
dial-peer voice 156 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/3/2
no sip-register
dial-peer voice 157 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/3/3
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 399
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 52 pots
trunkgroup ALL_BRI
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 53 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 54 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 55 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 56 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 57 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 58 pots
trunkgroup ALL_BRI
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 59 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 60 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 61 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 64 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 65 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 66 pots
trunkgroup ALL_BRI
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 67 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 68 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 69 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 70 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 71 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 72 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 73 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 74 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 75 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 76 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 77 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 78 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 79 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 80 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 81 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 82 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 83 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 3150 voip
description INTERSITE CALLS TO IOM
translation-profile incoming IOM
destination-pattern 09..
session target ipv4:172.16.105.3
incoming called-number .T
dtmf-relay h245-alphanumeric
codec g729br8
dial-peer voice 3151 voip
destination-pattern 0977
session target ipv4:172.16.105.3
max-redirects 10
dtmf-relay h245-alphanumeric
codec g729br8
no dial-peer outbound status-check pots
sip-ua
telephony-service
video
fxo hook-flash
max-ephones 138
max-dn 600
ip source-address 172.16.100.1 port 2000
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message Seaboard
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
load 7914 S00105000400
load 7915-12 B015-1-0-4
load 7915-24 B015-1-0-4
load 7916-12 B016-1-0-4
load 7916-24 B016-1-0-4
load 7906 SCCP11.9-2-1S
load 7911 SCCP11.9-2-1S
load 7921 CP7921G-1.4.1SR1
load 7925 CP7925G-1.4.1SR1
load 7931 SCCP31.9-1-1SR1S
load 7936 cmterm_7936.3-3-21-0
load 7937 apps37sccp.1-4-4-0
load 7960-7940 P00308010200
load 7941 SCCP41.9-1-1SR1S
load 7941GE SCCP41.9-1-1SR1S
load 7942 SCCP42.9-1-1SR1S
load 7945 SCCP45.9-1-1SR1S
load 7961 SCCP41.9-1-1SR1S
load 7961GE SCCP41.9-1-1SR1S
load 7962 SCCP42.9-1-1SR1S
load 7965 SCCP45.9-1-1SR1S
load 7970 SCCP70.9-1-1SR1S
load 7971 SCCP70.9-1-1SR1S
load 7975 SCCP75.9-1-1SR1S
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-4-9c
load 501G spa50x-30x-7-4-9c
load 502G spa50x-30x-7-4-9c
load 504G spa50x-30x-7-4-9c
load 508G spa50x-30x-7-4-9c
load 509G spa50x-30x-7-4-9c
load 525G2 spa525g-7-4-9c
load 301 spa50x-30x-7-4-9c
load 303 spa50x-30x-7-4-9c
load 6921 SCCP69xx.9-1-1-2-sr
load 6941 SCCP69xx.9-1-1-2-sr
load 6961 SCCP69xx.9-1-1-2-sr
load 6901 SCCP6901.9-1-1-0
load 6911 SCCP6911.9-1-1-0
time-zone 42
date-format dd-mm-yy
keepalive 30 auxiliary 4
voicemail 399
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
multicast moh 239.10.16.16 port 2000
web admin system name admin secret 5 $1$.BzE$MaR5EV3sF7La6S4Mpk02w1
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
transfer-pattern 6... blind
secondary-dialtone 9
night-service day Sun 17:00 09:00
night-service day Mon 17:00 09:00
night-service day Tue 17:00 09:00
night-service day Wed 17:00 09:00
night-service day Thu 17:00 09:00
night-service day Fri 17:00 09:00
night-service day Sat 17:00 09:00
fac standard
create cnf-files version-stamp 7960 Sep 27 2013 16:58:13
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 593 dual-line
ring internal
number 123 no-reg primary
pickup-group 1
label 123
description Sandra Lee
name Sandra Lee
huntstop channel
ephone-dn 594 dual-line
ring internal
number 122 no-reg primary
pickup-group 1
label 122
description JuatFong Kien
name JuatFong Kien
huntstop channel
ephone-dn 595 dual-line
ring internal
number 121 no-reg primary
pickup-group 1
label 121
description Brian Wittenborn
name Brian Wittenborn
huntstop channel
ephone-dn 596 dual-line
ring internal
number 120 no-reg primary
pickup-group 1
label 120
description Spare Phone
name Spare Phone
huntstop channel
ephone-dn 597 dual-line
ring internal
number 119 no-reg primary
pickup-group 1
label 119
description Brian Whilock
name Brian Whilock
huntstop channel
ephone-dn 598
number 6... no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 399
ephone-dn 599
number A801... no-reg primary
mwi off
ephone-dn 600
number A800... no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address 20BB.C092.04C1
ephone-template 16
username "119" password 123456
type 7945
no missed-calls
button 1:597
ephone 2
device-security-mode none
mac-address F029.29E3.1D6E
ephone-template 16
username "120" password 123456
type 7945
no missed-calls
button 1:596
ephone 3
device-security-mode none
mac-address F029.29E3.15E8
ephone-template 16
username "121" password 123456
type 7945
no missed-calls
button 1:595
ephone 4
device-security-mode none
mac-address C8F9.F9D7.1489
ephone-template 16
username "122" password 123456
type 7945
no missed-calls
button 1:594
ephone 5
device-security-mode none
mac-address 20BB.C092.0871
ephone-template 16
username "123" password 123456
type 7945
no missed-calls
button 1:593
alias exec cca_voice_mode PBX
banner login ^Cbanner login ^Cisco Configuration Assistant. Version: 3.2 (2). Thu Jul 25 15:13:05 SGT 2013^^C
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
speed 115200
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
ntp server sg.pool.ntp.org prefer
webvpn gateway SDM_WEBVPN_GATEWAY_1
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.04063-k9.pkg sequence 1
webvpn context SDM_WEBVPN_CONTEXT_1
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group SDM_WEBVPN_POLICY_1
functions svc-enabled
svc address-pool "SDM_WEBVPN_POOL_1" netmask 255.255.255.0
svc keep-client-installed
svc split include 172.16.100.0 255.255.255.0
svc split include 192.168.138.0 255.255.255.0
svc split include 192.168.104.0 255.255.255.0
svc split include 172.16.105.0 255.255.255.0
virtual-template 1
default-group-policy SDM_WEBVPN_POLICY_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway SDM_WEBVPN_GATEWAY_1
max-users 20
inservice
endMost of the time this type of symptom is related to a routing issue or ACL.
I am thinking more codec.
your dial-peer 3150 with incoming called number .T will negotiate the codec betweeen IOM and Singapore (g729br8),
can you paste a show call active voice so we
this way we can at least ascertain what codec is used from IOM to singapore e2e
and what are the phones in singaport using internally?
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
CME - Shared line status indicator
Ive seen several different installs of CCME at different retail stores that I visit. Both stores use CCME (which I am sure of). Both installs (seperate and unrelated to each other) have a key-system structure where there are 7960Gs that have their buttons mapped to a unique extension as well as 4 shared DNs that allow any phone to pickup any line. The interesting part, however is that at one store when a line is in use, all of the other phones show the line icon for the shared DN as a phone with the handset on-hook and a flashing "X". However, at another location, also Running CME, with a very similar setup, the shared lines show the remote-in-use icon (dual handsets) for lines in use. Is this just a matter of the version of CCME that they are running?
I was just curious as to whether this has something to do with the configuration or simply the version of CME that is used. Ive looked around the cisco site and have found very little information regarding line status icons and cisco CME. There is a brief mention in the guide for the 7914.
Just wondering
barskyYup, you were definitely correct with the firmware being the culprit! the systems vary quite a bit in age. One one the phones are running load 3.5 and on the other they are running 8.5.
Either way, thanks a lot for the suggestion and helping me deal with my curiosity!
best regards,
barsky -
Remote site to site VPN user cannot access LAN resources
Users in remote site can get ping response but no http service from local web server where the local web server also has NAT rule allowing access from WAN. In the below config, users in remote 10.10.10.160/27 can ping 10.10.10.30 and 10.10.10.95, but http packets are not returned.
What do I need to do to fix this?
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SFGallery
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone PCTime -7 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 172.16.0.1 172.16.3.99
ip dhcp excluded-address 172.16.3.200 172.16.3.254
ip dhcp pool SFGallery172
import all
network 172.16.0.0 255.255.252.0
domain-name xxxxxxxxxxxx
dns-server 10.10.10.10
default-router 10.10.10.94
netbios-name-server 10.10.10.10
ip domain name gpgallery.com
ip name-server 10.10.10.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 10.10.10.80
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki trustpoint SFGallery_Certificate
enrollment selfsigned
serial-number none
ip-address none
revocation-check crl
rsakeypair SFGallery_Certificate_RSAKey 512
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain SFGallery_Certificate
certificate self-signed 01
xxxxxx
quit
license udi pid CISCO2911/K9 sn FTX1542AKJ3
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
hw-module sm 1
object-group network Corp
172.16.4.0 255.255.252.0
10.10.10.128 255.255.255.224
object-group network SFGallery
172.16.0.0 255.255.252.0
10.10.10.0 255.255.255.128
object-group network NY
10.10.10.160 255.255.255.224
172.16.16.0 255.255.252.0
object-group network GPAll
group-object SFGallery
group-object NY
group-object Corp
username xxx
username xxx
username xxx
username xxx
redundancy
no ip ftp passive
ip ssh version 1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key TempVPN1# address xx.xx.xx.xx
crypto isakmp client configuration group SFGallery
key Peters2011
dns 10.10.10.10 10.10.10.80
wins 10.10.10.10 10.10.10.80
domain gpgallery.com
pool SDM_POOL_1
acl 111
save-password
split-dns gpgallery.com
max-users 25
max-logins 3
netmask 255.255.252.0
banner ^CYou are now connected to the Santa Fe Gallery and Corp. ^C
crypto isakmp profile ciscocp-ike-profile-1
match identity group SFGallery
client authentication list ciscocp_vpn_xauth_ml_3
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 3
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xx.xx.xx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA1
match address 107
reverse-route
interface Loopback1
ip address 192.168.5.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description T1 Cybermesa$ETH-WAN$
ip address xx.xx.xx.xx 255.255.255.240
ip access-group 105 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
interface GigabitEthernet0/1
description LANOverloadNet$ETH-WAN$
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN$ETH-LAN$
ip address 10.10.10.2 255.255.255.128
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
ip access-group ReplicationIN out
duplex auto
speed auto
interface GigabitEthernet1/0
description $ETH-LAN$
ip address 172.16.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet1/1
description Internal switch interface connected to EtherSwitch Service Module
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
interface Virtual-Template2
ip unnumbered Loopback1
zone-member security sslvpn-zone
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
no ip address
ip local pool SDM_POOL_1 172.16.3.200 172.16.3.254
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 60000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static tcp 10.10.10.95 25 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 25 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static udp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static udp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.30 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.104 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.115 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.115 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.80 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent
ip route 10.10.10.0 255.255.255.128 GigabitEthernet0/2 10 permanent
ip route 10.10.10.44 255.255.255.255 10.10.10.1 permanent
ip route 10.10.10.128 255.255.255.224 10.10.10.126 permanent
ip route 10.10.10.172 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.175 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.177 255.255.255.255 10.10.10.3 permanent
ip route 172.16.4.0 255.255.252.0 10.10.10.126 permanent
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/0 permanent
ip route 192.168.101.0 255.255.255.0 10.10.10.126 permanent
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended ReplicationIN
remark CCP_ACL Category=1
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
deny ip any any
ip access-list extended ReplicationOUT
remark CCP_ACL Category=1
deny ip any any
no logging trap
logging 10.10.10.107
access-list 1 permit 192.168.1.2
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 72.216.51.56 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.3.255
access-list 1 permit 172.16.4.0 0.0.3.255
access-list 1 permit 10.10.10.128 0.0.0.31
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 permit xx.xx.xx.xx 0.0.0.15
access-list 1 permit 10.10.10.0 0.0.0.127
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp object-group GPAll object-group NY eq www
access-list 100 permit udp host 10.10.10.10 eq 1645 host 10.10.10.2
access-list 100 permit udp host 10.10.10.10 eq 1646 host 10.10.10.2
access-list 100 permit ip any host 10.10.10.2
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq telnet
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq telnet
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 22
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 22
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq www
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq www
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 443
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 443
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq cmd
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq cmd
access-list 100 deny tcp any host 10.10.10.2 eq telnet
access-list 100 deny tcp any host 10.10.10.2 eq 22
access-list 100 deny tcp any host 10.10.10.2 eq www
access-list 100 deny tcp any host 10.10.10.2 eq 443
access-list 100 deny tcp any host 10.10.10.2 eq cmd
access-list 100 deny udp any host 10.10.10.2 eq snmp
access-list 100 permit udp any eq domain host 10.10.10.2
access-list 100 permit udp host 10.10.10.80 eq domain any
access-list 100 permit udp host 10.10.10.10 eq domain any
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 72.216.51.56 0.0.0.7 any
access-list 101 permit ip 172.16.0.0 0.0.3.255 any
access-list 101 permit ip 172.16.4.0 0.0.3.255 any
access-list 101 permit ip 10.10.10.128 0.0.0.31 any
access-list 101 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip 10.10.10.0 0.0.0.127 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 72.216.51.56 0.0.0.7 any
access-list 102 permit ip 172.16.0.0 0.0.3.255 any
access-list 102 permit ip 172.16.4.0 0.0.3.255 any
access-list 102 permit ip 10.10.10.128 0.0.0.31 any
access-list 102 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 102 permit ip host 192.168.1.2 any
access-list 102 permit ip 10.10.10.0 0.0.0.127 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq telnet
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 22
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq www
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 443
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq cmd
access-list 103 deny tcp any host 172.16.0.1 eq telnet
access-list 103 deny tcp any host 172.16.0.1 eq 22
access-list 103 deny tcp any host 172.16.0.1 eq www
access-list 103 deny tcp any host 172.16.0.1 eq 443
access-list 103 deny tcp any host 172.16.0.1 eq cmd
access-list 103 deny udp any host 172.16.0.1 eq snmp
access-list 103 permit ip any any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 105 remark Auto generated by SDM Management Access feature
access-list 105 remark CCP_ACL Category=1
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.128 0.0.0.31
access-list 105 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 22
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq www
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq www
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq www
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 443
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq cmd
access-list 105 deny tcp any host xx.xx.xx.xx eq telnet
access-list 105 deny tcp any host xx.xx.xx.xx eq 22
access-list 105 deny tcp any host xx.xx.xx.xx eq www
access-list 105 deny tcp any host xx.xx.xx.xx eq 443
access-list 105 deny tcp any host xx.xx.xx.xx eq cmd
access-list 105 deny udp any host xx.xx.xx.xx eq snmp
access-list 105 permit tcp any host xx.xx.xx.xx eq 443
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.0 0.0.0.127
access-list 105 permit udp any eq domain host xx.xx.xx.xx
access-list 105 permit ahp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit esp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq isakmp
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq non500-isakmp
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 105 permit ip any any
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 106 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 106 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 106 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 107 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 107 remark IPSec Rule
access-list 107 deny ip 172.16.0.0 0.0.255.255 host 10.10.10.177
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 108 permit ip 70.56.215.0 0.0.0.255 any
access-list 109 remark CCP_ACL Category=2
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 109 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 109 remark IPSec Rule
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 109 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 109 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 109 permit ip 172.16.0.0 0.0.255.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.10.10.0 0.0.0.127 any
access-list 111 permit ip 10.10.10.128 0.0.0.31 any
access-list 111 permit ip 172.16.0.0 0.0.3.255 any
access-list 111 permit ip 172.16.4.0 0.0.3.255 any
access-list 111 permit ip 10.10.10.160 0.0.0.31 any
route-map SDM_RMAP_4 permit 1
match ip address 109
route-map SDM_RMAP_1 permit 1
match ip address 106
route-map SDM_RMAP_2 permit 1
match ip address 108
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.10.10.107 public
radius-server host 10.10.10.10 key HelloSFGal1#
control-plane
banner login ^CCCWelcome to Santa Fe Gallery Cisco 2911 router 10.10.10.1.^C
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
access-class 102 in
transport input telnet
line vty 5 15
access-class 101 in
transport input telnet
scheduler allocate 20000 1000
endThanks so much, Herbert.
As an alternative to what you suggest, what do you think of this? I got it from Cisco's support document, http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
I would delete these lines:
no ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 extendable
and replace with these
ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 route-map nonat extendable
Then add:
access-list 150 deny ip host 10.10.10.95 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.95 172.16.8.0 0.0.3.255
access-list 150 deny ip host 10.10.10.130 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.130 172.16.8.0 0.0.3.255
access-list 150 permit ip host 10.10.10.95 any
access-list 150 permit ip host 10.10.10.130 any
route-map nonat permit 10
match ip address 150 -
The WSDL data cannot be retrieve from remote site
I am a new guy learning web services with NetBeans 5.5 and meet some problem in retrieving wsdl data from remote site.
I create a web service "WSTestServer" at Sun Application Server PE8.2 with real IP, say 111.110.11.10:8888, and there's a class "TestWS" with a method "getWS" to return a String. The server (or machine) name is ultra20. So, by following steps in NetBeans, I can get a wsdl file after generating the web service and it can be viewed at
http://111.110.11.10:8888/WSTestServer/TestWS?WSDL
Then, I create a web service client at the same machine, it is available to test this method by clicking Web Service Reference item in NetBeans and select "getWS" method to get that String.
However, when I create a web service client at remote site, it doesn't work and show exception message like
cannot find domain http://ultra20:8888/WSTestServer/TestWS....
I go back to check wsdl file, at the last line, it prints like
<soap:address location="http://ultra20:8888/WSTestServer/TestWS".....
If I test this case in LAN, e.g., the server IP becomes 192.168.1.2 and client IP is 192.168.1.3, then it works since machine name can be recognized within the same local area network. I try to revise the wsdl file above to replace machine name as real IP, but it is automatically changed back with machine name while deploying and copy the revised one as xxx.wsdl__orig.
Should I do additional configuration setup for server site? Such as, registering a domain name like aaa.bbb.edu instead of 111.110.11.10?
Any comment and help for this subject is appreciated!!
Thank you so much!Works as designed,from documentation:
The database also retrieves all triggers and constraints defined on the table except for referential integrity constraints that reference other tables.
The retrieved indexes, triggers, and constraints have recycle bin names. Therefore it is advisable to query the USER_RECYCLEBIN view before issuing a FLASHBACK TABLE ... TO BEFORE DROP statement so that you can rename the retrieved triggers and constraints to more usable names.
For details see the FLASHBACK TABLE command description for your unknown database version.
Werner -
Internet connexion problem for remote site in Site to site VPN asa 5505
Hi all
I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
Here is my ASA 5505 Configuration :
SITE 1:
ASA Version 8.2(5)
hostname test-malabo
domain-name test.mg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ta.qizy4R//ChqQH encrypted
names
interface Ethernet0/0
description "Sortie Internet"
switchport access vlan 2
interface Ethernet0/1
description "Interconnexion"
switchport access vlan 171
interface Ethernet0/2
description "management"
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 41.79.49.42 255.255.255.192
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.100 255.255.0.0
interface Vlan171
nameif interco
security-level 0
ip address 10.22.19.254 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.mg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
mtu interco 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any interco
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (interco) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map interco_map0 1 match address interco_1_cryptomap
crypto map interco_map0 1 set pfs group1
crypto map interco_map0 1 set peer 10.22.19.5
crypto map interco_map0 1 set transform-set ESP-3DES-SHA
crypto map interco_map0 interface interco
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto isakmp enable interco
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access interco
dhcpd option 3 ip 192.168.1.1
dhcpd address 192.168.1.100-192.168.1.254 inside
dhcpd dns 41.79.48.66 8.8.8.8 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.5 type ipsec-l2l
tunnel-group 10.22.19.5 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect snmp
inspect icmp
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
: end
SITE2:
ASA Version 8.2(5)
hostname test-luba
domain-name test.eg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description "Sortie Interco-Internet"
switchport access vlan 2
interface Ethernet0/1
description "management"
switchport access vlan 10
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.22.19.5 255.255.255.0
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.101 255.255.0.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.eg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set pfs group1
crypto map outside_map0 1 set peer 10.22.19.254
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.3.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.254 type ipsec-l2l
tunnel-group 10.22.19.254 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
Can anybody help why my remote site can't connect to Internet.
REgards,
RaitsarevoHi Carv,
Thanks for your reply. i have done finally
i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
Regards,
Satya.M -
VPN Clients cannot access remote site
Hey there,
I am pretty new in configuring Cisco devices and now I need some help.
I have 2 site here:
site A
Cisco 891
external IP: 195.xxx.yyy.zzz
VPN Gateway for Remote users
local IP: VLAN10 10.133.10.0 /23
site B
Cisco 891
external IP: 62.xxx.yyy.zzz
local IP VLAN10 10.133.34.0 /23
Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
Here is the config of site A
Building configuration...
Current configuration : 24257 bytes
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Englerstrasse
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
aaa new-model
aaa group server radius Radius-AD
server 10.133.10.5 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki trustpoint TP-self-signed-27361994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-27361994
revocation-check none
rsakeypair TP-self-signed-27361994
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-27361994
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
AF3EF676 26AD3F31 D368F5
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM smtp
ip cef
no ipv6 cef
appfw policy-name CCP_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
parameter-map type inspect global
log dropped-packets enable
multilink bundle-name authenticated
redundancy
ip tcp synwait-time 10
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map sdm-qos-test-123
class class-default
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
policy-map CCP-QoS-Policy-1
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto ctcp port 10000
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key REMOVED address 62.20.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 83.140.xxx.yyy
crypto isakmp client configuration group VPN_local
key REMOVED
dns 10.133.10.5 10.133.10.7
wins 10.133.10.7
domain domain.de
pool SDM_POOL_2
acl 115
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_local
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA11
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.20.xxx.xxx
set peer 62.20.xxx.xxx
set transform-set ESP-3DES-SHA
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.243.xxx.xxx
set peer 195.243.xxx.xxx
set transform-set ESP-3DES-SHA4
match address 107
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to83.140.xxx.xxx
set peer 83.140.xxx.xxx
set transform-set ESP-DES-SHA1
match address 118
interface Loopback2
ip address 192.168.10.1 255.255.254.0
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
no ip address
spanning-tree portfast
interface FastEthernet3
no ip address
spanning-tree portfast
interface FastEthernet4
description Internal LAN
switchport access vlan 10
switchport trunk native vlan 10
no ip address
spanning-tree portfast
interface FastEthernet5
no ip address
spanning-tree portfast
interface FastEthernet6
no ip address
spanning-tree portfast
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
description $FW_OUTSIDE$$ETH-WAN$
ip address 62.153.xxx.xxx 255.255.255.248
ip access-group 113 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect CCP_MEDIUM out
no ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output CCP-QoS-Policy-1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet8
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description $FW_INSIDE$
ip address 10.133.10.1 255.255.254.0
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
ip local pool VPN_Pool 192.168.20.2 192.168.20.100
ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
ip access-list extended VPN1
remark VPN_Haberstrasse
remark CCP_ACL Category=4
permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
ip radius source-interface Vlan10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 195.243.xxx.xxx
access-list 23 permit 10.133.10.0 0.0.1.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.133.10.0 0.0.1.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp any host 62.153.xxx.xxx
access-list 103 permit ahp any host 62.153.xxx.xxx
access-list 103 permit udp host 194.25.0.60 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 103 deny ip 10.10.10.0 0.0.0.7 any
access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 10.133.10.0 0.0.1.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 permit ip 10.10.10.0 0.0.0.7 any
access-list 106 permit ip 10.133.10.0 0.0.1.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
access-list 108 deny tcp any host 10.133.10.1 eq telnet
access-list 108 deny tcp any host 10.133.10.1 eq 22
access-list 108 deny tcp any host 10.133.10.1 eq www
access-list 108 deny tcp any host 10.133.10.1 eq 443
access-list 108 deny tcp any host 10.133.10.1 eq cmd
access-list 108 deny udp any host 10.133.10.1 eq snmp
access-list 108 permit ip any any
access-list 109 remark CCP_ACL Category=1
access-list 109 permit ip 10.133.10.0 0.0.1.255 any
access-list 109 permit ip 10.10.10.0 0.0.0.7 any
access-list 109 permit ip 192.168.10.0 0.0.1.255 any
access-list 110 remark CCP_ACL Category=1
access-list 110 permit ip host 195.243.xxx.xxx any
access-list 110 permit ip host 84.44.xxx.xxx any
access-list 110 permit ip 10.133.10.0 0.0.1.255 any
access-list 110 permit ip 10.10.10.0 0.0.0.7 any
access-list 110 permit ip 192.168.10.0 0.0.1.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.133.10.0 0.0.1.255 any
access-list 112 remark CCP_ACL Category=1
access-list 112 permit udp host 10.133.10.5 eq 1812 any
access-list 112 permit udp host 10.133.10.5 eq 1813 any
access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
access-list 112 permit udp any host 10.133.10.1 eq isakmp
access-list 112 permit esp any host 10.133.10.1
access-list 112 permit ahp any host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
access-list 112 remark auto generated by CCP firewall configuration
access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
access-list 112 permit udp host 10.133.10.7 eq domain any
access-list 112 permit udp host 10.133.10.5 eq domain any
access-list 112 deny ip 62.153.xxx.xxx 0.0.0.7 any
access-list 112 deny ip 10.10.10.0 0.0.0.7 any
access-list 112 deny ip host 255.255.255.255 any
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark CCP_ACL Category=1
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark auto generated by CCP firewall configuration
access-list 113 permit udp host 194.25.0.60 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp any host 62.153.xxx.xxx
access-list 113 permit ahp any host 62.153.xxx.xxx
access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 remark Pop3
access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
access-list 113 remark Pop3
access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
access-list 113 remark SMTP
access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
access-list 113 remark IMAP
access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
access-list 113 deny ip 10.133.10.0 0.0.1.255 any
access-list 113 deny ip 10.10.10.0 0.0.0.7 any
access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
access-list 113 deny ip 10.0.0.0 0.255.255.255 any
access-list 113 deny ip 172.16.0.0 0.15.255.255 any
access-list 113 deny ip 192.168.0.0 0.0.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip host 0.0.0.0 any
access-list 113 deny ip any any log
access-list 114 remark auto generated by CCP firewall configuration
access-list 114 remark CCP_ACL Category=1
access-list 114 deny ip 10.133.10.0 0.0.1.255 any
access-list 114 deny ip 10.10.10.0 0.0.0.7 any
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any time-exceeded
access-list 114 permit icmp any any unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark VPN_Sub
access-list 115 remark CCP_ACL Category=5
access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.20.0 0.0.0.255 any
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark CCP_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
mgcp profile default
line con 0
transport output telnet
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
session-timeout 45
access-class 110 in
transport input telnet ssh
line vty 5 15
access-class 109 in
transport input telnet ssh
scheduler interval 500
endThe crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
On Site A:
should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
You should also remove the following line as the pool is incorrect:
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
On Site B:
should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
NAT exemption on site B should also be configured with deny on the above ACL. -
Hello every one,
I tried to load the data from remote site to stagging area with DB link, i used append hint and it gave this error, I was just wondering?
ERROR at line 1:
ORA-12840: cannot access a remote table after parallel/insert direct load txnORA-06512: at "JAMES.PKGCONVERSION", line 464
any help please thank you
i am not using all the columns, i am using selec in the insert. Thank you in advance
Message was edited by:
user553284I had commit after three inserts, I changed commit after each insert, it is working now,
Does that really matter?
Any idea please.
Thank you -
ASA firewall wont ping remote site
We have remote office which I can ping while at the main office, but when I am connected to VPN from office or home, I cant ping the remote office.
VPN gives me an ip 10.21.18.x
remote site's IP is: 172.29.x.x
i have the access-list information for the ASA firewall and router below:
below is the multilayer:
OFFICE-CORE-01#show ip access-lists
Extended IP access list verizon-INTERNET-TRAFFIC
10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
40 permit ip 10.23.20.0 0.0.0.255 any
50 permit ip 10.23.21.0 0.0.0.255 any
60 permit ip 10.23.22.0 0.0.0.255 any
70 permit ip 10.23.23.0 0.0.0.255 any
80 permit ip 10.23.24.0 0.0.0.255 any
90 permit ip 10.23.25.0 0.0.0.255 any
100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list PAETEC-INTERNET-TRAFFIC
10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
40 permit ip 10.23.20.0 0.0.0.255 any
50 permit ip 10.23.21.0 0.0.0.255 any
60 permit ip 10.23.22.0 0.0.0.255 any
70 permit ip 10.23.23.0 0.0.0.255 any
80 permit ip 10.23.24.0 0.0.0.255 any
90 permit ip 10.23.25.0 0.0.0.255 any
100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-energywise-disc
10 permit udp any eq any eq 0
Extended IP access list system-cpp-hsrpv2
10 permit udp any host 224.0.0.102
Extended IP access list system-cpp-igmp
10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-pim
10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 224.0.0.9
----------------------------------ASA ACCESS-LIST is below the brief version-------
access-list CompanyName-vpn-maint_splitTunnelAcl line 10 standard permit 172.29.0.0 255.255.0.0 (hitcnt=0) 0x52bc4d4c
-----------------------below is the ASA routes-----------------------
Gateway of last resort is 53.138.58.129 to network 0.0.0.0
S 192.168.10.0 255.255.255.0 [1/0] via 10.21.0.1, inside
C 172.17.21.0 255.255.255.0 is directly connected, dmz_tier2
S 172.16.142.0 255.255.254.0 [1/0] via 53.138.58.129, outside
C 172.16.21.0 255.255.255.0 is directly connected, dmz_tier1
C 172.19.21.0 255.255.255.0 is directly connected, dmz_tier4
S 172.23.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S 172.25.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.25.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.24.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 172.26.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.26.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.29.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S 172.29.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.28.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.28.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 192.168.20.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.11.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.13.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.10.21.1 255.255.255.255 [1/0] via 10.21.0.1, inside
S 10.10.21.2 255.255.255.255 [1/0] via 10.21.0.1, inside
S 10.22.0.0 255.255.0.0 [1/0] via 53.138.58.129, outside
S 10.23.3.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.23.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.21.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.10.21.10 255.255.255.255 [1/0] via 10.21.0.1, inside
C 10.21.0.0 255.255.255.0 is directly connected, inside
S 10.22.3.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 10.10.41.0 255.255.255.0 [1/0] via 53.138.58.129, outside
C 53.138.58.128 255.255.255.128 is directly connected, outside
S 192.168.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 53.138.58.129, outside
S 0.0.0.0 0.0.0.0 [255/0] via 10.21.0.1, inside tunneled
------------------------------------below is the router's routes----------
Gateway of last resort is 10.21.0.11 to network 0.0.0.0
205.232.16.0/32 is subnetted, 1 subnets
S 205.232.16.25 [1/0] via 10.21.0.11
62.0.0.0/32 is subnetted, 1 subnets
S 62.100.0.146 [1/0] via 10.21.0.12
178.78.0.0/32 is subnetted, 1 subnets
S 178.78.147.193 [1/0] via 10.21.0.12
C 192.168.10.0/24 is directly connected, Vlan29
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
S 172.16.141.0/24 [1/0] via 10.21.0.11
S 172.16.142.0/23 [1/0] via 10.21.0.11
S 172.16.40.1/32 [1/0] via 10.21.2.12
S 172.16.40.10/32 [1/0] via 10.21.2.12
S 172.16.21.0/24 [1/0] via 10.21.0.11
172.19.0.0/24 is subnetted, 1 subnets
S 172.19.21.0 [1/0] via 10.21.0.11
172.18.0.0/24 is subnetted, 1 subnets
S 172.18.21.0 [1/0] via 10.21.0.12
172.23.0.0/24 is subnetted, 3 subnets
S 172.23.186.0 [1/0] via 10.21.0.6
S 172.23.184.0 [1/0] via 10.21.0.6
S 172.23.181.0 [1/0] via 10.21.0.6
S 172.25.0.0/16 [1/0] via 10.21.0.11
172.24.0.0/24 is subnetted, 3 subnets
C 172.24.181.0 is directly connected, Vlan31
C 172.24.186.0 is directly connected, Vlan32
C 172.24.187.0 is directly connected, Vlan33
S 172.26.0.0/16 [1/0] via 10.21.0.11
172.29.0.0/24 is subnetted, 3 subnets
S 172.29.181.0 [1/0] via 10.21.0.6
S 172.29.184.0 [1/0] via 10.21.0.6
S 172.29.190.0 [1/0] via 10.21.0.6
S 172.28.0.0/16 [1/0] via 10.21.0.11
C 192.168.20.0/24 is directly connected, Vlan30
10.0.0.0/8 is variably subnetted, 35 subnets, 4 masks
S 10.11.0.0/16 [1/0] via 10.21.0.6
C 10.21.28.0/24 is directly connected, Vlan28
C 10.21.26.0/24 is directly connected, Vlan26
C 10.21.25.0/24 is directly connected, Vlan25
S 10.12.0.0/16 [1/0] via 10.21.0.6
C 10.21.24.0/24 is directly connected, Vlan24
S 10.13.0.0/16 [1/0] via 10.21.0.6
C 10.21.23.0/24 is directly connected, Vlan23
C 10.21.22.0/24 is directly connected, Vlan22
C 10.21.21.0/24 is directly connected, Vlan21
C 10.21.20.0/24 is directly connected, Vlan20
C 10.21.19.0/24 is directly connected, Vlan19
S 10.21.18.0/24 [1/0] via 10.21.0.12
S 10.21.17.0/24 [1/0] via 10.21.0.11
C 10.21.16.0/24 is directly connected, Vlan16
C 10.21.15.0/24 is directly connected, Vlan15
C 10.21.14.0/24 is directly connected, Vlan14
C 10.21.13.0/24 is directly connected, Vlan13
C 10.21.12.0/24 is directly connected, Vlan12
C 10.21.11.0/24 is directly connected, Vlan11
C 10.10.21.1/32 is directly connected, Loopback0
S 10.31.0.0/16 [1/0] via 10.21.0.6
D 10.10.21.2/32 [90/130816] via 10.21.252.10, 7w0d, Vlan999
C 10.21.5.0/24 is directly connected, Vlan5
C 10.21.4.0/24 is directly connected, Vlan4
S 10.22.0.0/16 [1/0] via 10.21.0.11
C 10.21.3.0/24 is directly connected, Vlan3
C 10.21.2.0/24 is directly connected, Vlan2
C 10.23.2.0/24 is directly connected, Vlan900
S 10.22.3.0/24 [1/0] via 10.21.0.11
C 10.21.0.0/24 is directly connected, Vlan1000
S 10.41.0.0/16 [1/0] via 10.21.0.11
S 10.10.41.0/24 [1/0] via 10.21.0.11
S 10.51.0.0/16 [1/0] via 10.21.0.6
C 10.21.252.8/30 is directly connected, Vlan999
62.0.0.0/32 is subnetted, 1 subnets
S 62.138.58.129 [1/0] via 10.21.0.11
S 192.168.2.0/24 [1/0] via 10.21.0.12
S* 0.0.0.0/0 [1/0] via 10.21.0.11We have remote office which I can ping while at the main office, but when I am connected to VPN from office or home, I cant ping the remote office.
VPN gives me an ip 10.21.18.x
remote site's IP is: 172.29.x.x
i have the access-list information for the ASA firewall and router below:
below is the multilayer:
OFFICE-CORE-01#show ip access-lists
Extended IP access list verizon-INTERNET-TRAFFIC
10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
40 permit ip 10.23.20.0 0.0.0.255 any
50 permit ip 10.23.21.0 0.0.0.255 any
60 permit ip 10.23.22.0 0.0.0.255 any
70 permit ip 10.23.23.0 0.0.0.255 any
80 permit ip 10.23.24.0 0.0.0.255 any
90 permit ip 10.23.25.0 0.0.0.255 any
100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list PAETEC-INTERNET-TRAFFIC
10 deny ip 10.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
20 deny ip 10.21.0.0 0.0.255.255 172.16.0.0 0.15.255.255
30 deny ip 10.21.0.0 0.0.255.255 192.168.0.0 0.0.255.255
40 permit ip 10.23.20.0 0.0.0.255 any
50 permit ip 10.23.21.0 0.0.0.255 any
60 permit ip 10.23.22.0 0.0.0.255 any
70 permit ip 10.23.23.0 0.0.0.255 any
80 permit ip 10.23.24.0 0.0.0.255 any
90 permit ip 10.23.25.0 0.0.0.255 any
100 permit ip 10.23.26.0 0.0.0.255 any
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-energywise-disc
10 permit udp any eq any eq 0
Extended IP access list system-cpp-hsrpv2
10 permit udp any host 224.0.0.102
Extended IP access list system-cpp-igmp
10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-pim
10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 224.0.0.9
----------------------------------ASA ACCESS-LIST is below the brief version-------
access-list CompanyName-vpn-maint_splitTunnelAcl line 10 standard permit 172.29.0.0 255.255.0.0 (hitcnt=0) 0x52bc4d4c
-----------------------below is the ASA routes-----------------------
Gateway of last resort is 53.138.58.129 to network 0.0.0.0
S 192.168.10.0 255.255.255.0 [1/0] via 10.21.0.1, inside
C 172.17.21.0 255.255.255.0 is directly connected, dmz_tier2
S 172.16.142.0 255.255.254.0 [1/0] via 53.138.58.129, outside
C 172.16.21.0 255.255.255.0 is directly connected, dmz_tier1
C 172.19.21.0 255.255.255.0 is directly connected, dmz_tier4
S 172.23.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S 172.25.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.25.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.24.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 172.26.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.26.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.29.181.0 255.255.255.0 [1/0] via 10.21.0.1, outside
S 172.29.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.28.181.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 172.28.184.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 192.168.20.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.11.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.13.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.10.21.1 255.255.255.255 [1/0] via 10.21.0.1, inside
S 10.10.21.2 255.255.255.255 [1/0] via 10.21.0.1, inside
S 10.22.0.0 255.255.0.0 [1/0] via 53.138.58.129, outside
S 10.23.3.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.23.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S 10.21.0.0 255.255.0.0 [1/0] via 10.21.0.1, inside
S 10.10.21.10 255.255.255.255 [1/0] via 10.21.0.1, inside
C 10.21.0.0 255.255.255.0 is directly connected, inside
S 10.22.3.0 255.255.255.0 [1/0] via 53.138.58.129, outside
S 10.10.41.0 255.255.255.0 [1/0] via 53.138.58.129, outside
C 53.138.58.128 255.255.255.128 is directly connected, outside
S 192.168.2.0 255.255.255.0 [1/0] via 10.21.0.1, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 53.138.58.129, outside
S 0.0.0.0 0.0.0.0 [255/0] via 10.21.0.1, inside tunneled
------------------------------------below is the router's routes----------
Gateway of last resort is 10.21.0.11 to network 0.0.0.0
205.232.16.0/32 is subnetted, 1 subnets
S 205.232.16.25 [1/0] via 10.21.0.11
62.0.0.0/32 is subnetted, 1 subnets
S 62.100.0.146 [1/0] via 10.21.0.12
178.78.0.0/32 is subnetted, 1 subnets
S 178.78.147.193 [1/0] via 10.21.0.12
C 192.168.10.0/24 is directly connected, Vlan29
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
S 172.16.141.0/24 [1/0] via 10.21.0.11
S 172.16.142.0/23 [1/0] via 10.21.0.11
S 172.16.40.1/32 [1/0] via 10.21.2.12
S 172.16.40.10/32 [1/0] via 10.21.2.12
S 172.16.21.0/24 [1/0] via 10.21.0.11
172.19.0.0/24 is subnetted, 1 subnets
S 172.19.21.0 [1/0] via 10.21.0.11
172.18.0.0/24 is subnetted, 1 subnets
S 172.18.21.0 [1/0] via 10.21.0.12
172.23.0.0/24 is subnetted, 3 subnets
S 172.23.186.0 [1/0] via 10.21.0.6
S 172.23.184.0 [1/0] via 10.21.0.6
S 172.23.181.0 [1/0] via 10.21.0.6
S 172.25.0.0/16 [1/0] via 10.21.0.11
172.24.0.0/24 is subnetted, 3 subnets
C 172.24.181.0 is directly connected, Vlan31
C 172.24.186.0 is directly connected, Vlan32
C 172.24.187.0 is directly connected, Vlan33
S 172.26.0.0/16 [1/0] via 10.21.0.11
172.29.0.0/24 is subnetted, 3 subnets
S 172.29.181.0 [1/0] via 10.21.0.6
S 172.29.184.0 [1/0] via 10.21.0.6
S 172.29.190.0 [1/0] via 10.21.0.6
S 172.28.0.0/16 [1/0] via 10.21.0.11
C 192.168.20.0/24 is directly connected, Vlan30
10.0.0.0/8 is variably subnetted, 35 subnets, 4 masks
S 10.11.0.0/16 [1/0] via 10.21.0.6
C 10.21.28.0/24 is directly connected, Vlan28
C 10.21.26.0/24 is directly connected, Vlan26
C 10.21.25.0/24 is directly connected, Vlan25
S 10.12.0.0/16 [1/0] via 10.21.0.6
C 10.21.24.0/24 is directly connected, Vlan24
S 10.13.0.0/16 [1/0] via 10.21.0.6
C 10.21.23.0/24 is directly connected, Vlan23
C 10.21.22.0/24 is directly connected, Vlan22
C 10.21.21.0/24 is directly connected, Vlan21
C 10.21.20.0/24 is directly connected, Vlan20
C 10.21.19.0/24 is directly connected, Vlan19
S 10.21.18.0/24 [1/0] via 10.21.0.12
S 10.21.17.0/24 [1/0] via 10.21.0.11
C 10.21.16.0/24 is directly connected, Vlan16
C 10.21.15.0/24 is directly connected, Vlan15
C 10.21.14.0/24 is directly connected, Vlan14
C 10.21.13.0/24 is directly connected, Vlan13
C 10.21.12.0/24 is directly connected, Vlan12
C 10.21.11.0/24 is directly connected, Vlan11
C 10.10.21.1/32 is directly connected, Loopback0
S 10.31.0.0/16 [1/0] via 10.21.0.6
D 10.10.21.2/32 [90/130816] via 10.21.252.10, 7w0d, Vlan999
C 10.21.5.0/24 is directly connected, Vlan5
C 10.21.4.0/24 is directly connected, Vlan4
S 10.22.0.0/16 [1/0] via 10.21.0.11
C 10.21.3.0/24 is directly connected, Vlan3
C 10.21.2.0/24 is directly connected, Vlan2
C 10.23.2.0/24 is directly connected, Vlan900
S 10.22.3.0/24 [1/0] via 10.21.0.11
C 10.21.0.0/24 is directly connected, Vlan1000
S 10.41.0.0/16 [1/0] via 10.21.0.11
S 10.10.41.0/24 [1/0] via 10.21.0.11
S 10.51.0.0/16 [1/0] via 10.21.0.6
C 10.21.252.8/30 is directly connected, Vlan999
62.0.0.0/32 is subnetted, 1 subnets
S 62.138.58.129 [1/0] via 10.21.0.11
S 192.168.2.0/24 [1/0] via 10.21.0.12
S* 0.0.0.0/0 [1/0] via 10.21.0.11 -
Remote site can call but home base cant
Hello all,
This going to be a bit of a long post, so I'll ask forgiveness at the beginning and at the end.
Recently we upgraded a few remote sites form a 64 k connection up to t1's.. At the remote sites we had single line phones plugged into a vwic and at the home base we have a line going to our PBX. So far so good. the configuration allows the remote sites to dial 888 to reach the pbx and then they dial and extension to reach whoever they are trying to talk to at the home base. I added a router to the network to accomadate the new t1 wics as our home base router a 3640 was full. Since adding that router we can no longer call that remote site via the "bat phones" the odd thing is they can still call us. I am assuming that I need to add a dialer list to the new router but if i do what interface does that need to be applied to?
the remote site routers are cisco 1750's
with vwics.
12.x ios.
below is the dialer list as it appears in the home base router:
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server engineID local xxx
snmp-server community moraine RO
snmp-server community MMaterials RW
voice-port 1/0:0
dial-peer voice 888 pots
destination-pattern 888
no digit-strip
port 1/0:0
forward-digits 0
dial-peer voice 207 voip
destination-pattern 207
session target ipv4:172.16.17.2
ip precedence 5
no vad
dial-peer voice 209 voip
destination-pattern 209
session target ipv4:172.16.23.2
ip precedence 5
no vad
dial-peer voice 140 voip
destination-pattern 140
session target ipv4:192.168.14.1
no vad
dial-peer voice 141 voip
destination-pattern 141
session target ipv4:192.168.14.1
no vad
dial-peer voice 150 voip
destination-pattern 150
session target ipv4:192.168.15.1
no vad
dial-peer voice 151 voip
destination-pattern 151
session target ipv4:192.168.15.1
no vad
This is not the complete list but hopefully is enough to get the idea.
Any thoughts would be greatly appreciated. Again sorry for the lengthy post...
ThanksI am not sure a dilaer list is going to fix your problem.
Did the new router replace your old router? Or are they both operating at the same time?
If you could post the working config and the new config along with the type of the new router that would help. -
I have a Pub and 2 Sub's. Sub #1 is with the Pub, at the main site it is our TFTP server, Sub #2 is at a remote site with about 100 users along with a router and 2 PRI's for outbound calls. We had a network failure between the main site and the remote site and all phone lost their registration with the system until we were able to get the network back up. Currently the network is up in a crippled state on a 1 T-1 link while we troubleshoot the bigger issue with our 6mb pipe, however Sub #2 and its associated router arent talking with the PUB or other Sub. I'm still getting alerts every 30 minutes stating they are the server is down. I'm sure once the network is corrected this will bring everything back on line. My question is how can I prevent in this in the future. I need this site to be stand alone if the network goes down again. I was told by our vendor that if we had a subscriber at each site then we would need SRST licensing. I know something needs to be configured to make it all work, I'm just not sure what.
I already have a group at the site but it includes both the Pub and Sub from the main site as well as the Sub from the remote site. I would only have to remove the Sub from the main site, problem is I currently only have 1 TFTP server it runs on SUB #1, should I make SUB#2 a TFTP server as well and the phones are setup for DHCP at the main site, I'm going to need to have a DHCP server setup at the remote site as well. Correct?
Maybe you are looking for
-
ITunes store won't recognize my new imac?
iTunes store recognizes my new iMac as MacBook pro (2). I got rid of the MacBook. Also won't do auto sync with my ipad2. I have updated all store info on all devices. What can I do?
-
Never Get Buddy's Video in Window for iChat AV
Here's something basic that's got me stymied - I'm trying to set up a video chat with my daughter at school, both on iSight-equipped MacBooks. We tested the capability when she was home, and it worked great. Now, we get the chat set up, and she can s
-
Large PSD file overwritten with a PDF file
Hi everyone, I've been searching google for this for a while but I can't find an answer. Ok, so I'm working with a large PSD (100+ layers, over 170MB). I wan't to preview it as a PDF. I click Save As ... and I make a new file on the desktop. I minimi
-
How do i sync up my iphone to my car
how do i sync up my iphone to my car
-
How to put dynamic search help in web dynpro ABAP.
Hi, I have a table element with two columns in my web dynpro ABAP.Both the columns are F4 helps. Based on the value of the first column,the F4 help of second column must change dynamically.Kindly tell me how to do this. Thanks & Regards, Raji.