Configuration of Cisco 2911 for Asterisk

Similar Messages

• How to Configure an Cisco 5505 for PPTP VPN connectivity

  I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
  *Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.

  Hi,
  Below is the link to the admin guide for the RV042.  Chapter 9 covers the configuration of site to site VPN’s and begins on page 123. 
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
  Thank you,
  Jason Nickle

• Configuring SYNCE/PTP on Cisco 7600 and Cisco MWR for NSN NodeB

  Hi to All,
  I would to ask for support on how i can establish the PTP between Cisco MWR 2941-DC and a NSN NodeB. The Cisco MWR is connected to a Cisco 7600 with SPA-2X1GE-SYNCE where the SSU/OSN clock is connected on the BITS ports. Hope you can assist me with the configurations.
  Thanks,
  Eugene

  Dear Genedeath,
    I have noticed that you posted this message since last year ..... have you ever been able to solve the case??
  I had a glance to the diagram and it looks quite similar to my case.
  I need to configure a Cisco MWR2941 for the very first time  in order to support SyncE for packet Abis between a NSN FlexyBSC and a NSN BTS.
  BTS---------------Gig x/y MWR Gig x/x-----------------------FlexyBSC
  I guess the source clock would be provided by BSC...
  Can you support me according to your experience ??
  thanks and regards!
  Mauro

• Can't establish a Voice gateway (cisco 2911) using SIP with CUCM 9.1

  I have configured a Cisco 2911 as a Voice Gateway using SIP (the configuration is attached), but unfortunately can't establish a test call to a phone (CUPC 8.6 SCCP) using csim start. I have done logging the ccsip debug and ccapi debug and attached them. Could anyone help me to solve this problem?

  I just did some research on my end and csim is not supported for SIP. The Invite will never be created and sent to the CUCM to initate the call. It disconnects in the router itself with normal cause.
  *Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPIOutgoingCallSDP: 
   Could not create source SDP for Outgoing Call
  *Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPICreateOutboundSDP: 
   Error in creating an SDP for the outbound call - Check for supported codecs
  *Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/preprocessSetup: 
   Error during outbound SDP creation
  *Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Info/sipSPIInitiateDisconnect: Initiate call disconnect(16) for outgoing call
  Please use an actual call to test your dial-peer and integration with call manager. csim will not work.
  Hantale
  Sree

• Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

  OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
  What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
  Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
  When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
  Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
  The ASA is connected to a checkpoint sub interface
  Any help would be beneficial as im new to cisco ASAs 
  Thanks
  Mark

  Mark
  If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
  HTH
  Rick

• Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

  Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
  Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
  ipv6 dhcp database disk0://DHCPV6-DB
  ipv6 dhcp pool VLAN206IPV6
   prefix-delegation pool VLAN206IPV6-POOL
   dns-server 2620:B700:0:1001::53
   domain-name global.bio.com
  ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
  interface Vlan206
   description *** IPv6 Subnet ***  
   ip address 10.2.104.2 255.255.255.0
   ipv6 address 2620:B700:0:12C7::2/64
   ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
   ipv6 nd managed-config-flag
   ipv6 dhcp server VLAN206IPV6
   standby version 2
   standby 0 ip 10.2.104.1
   standby 0 preempt
   standby 6 ipv6 2620:B700:0:12C7::1/64
   standby 6 preempt
  I'm getting a result from my debug as follows:
  Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   dst FF02::1:2
  Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
  Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
  Apr 10 16:28:03.861 PDT:     elapsed-time 101
  Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
  Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
  Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
  Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
  Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
  Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
  Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
  Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
  Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
  Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
  Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
  Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
  Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
  Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
  Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
  Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
  Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

  Hello,
  maybe hitting the following bug.
  Pv6 Address Assignment Support for IPv6 DHCP Server
  CSCse81385
  Hope this helps

• Configuring Cisco Router for use with Syslog Server

  Configuring Cisco Router for use with Syslog Server:
  Does anyone know of a good doc for this?
  -Ashley

  Start with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
  And if you need more informations, just ask what you want to achieve.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Hardware Needed for Cisco 2911 as a console server

  Hi,
  We need to setup Cisco 2911 router as a console server for OOB (Out of band) connectivity to console of each DC device (upto 20 devices) Could someone please respond to the following questions we had:
  1. What interface module can we install on the 2911 ISR for this purpose?
  2. What cable (part number please) will go to the that 2911-ISR interface slot and then we can connect the consoel ports of out network devices to that cable.
  It needs to be something similar to the cisco octal cable which I know we used for Cisco 2500 series for console purposes to other devices. But not sure about Cisco 2911.
  I would highly appreciate your information and help.
  Thanks
  Lovleen

  You would need an interface providing asynchronous serial ports. Something like the HWIC-8A or the HWIC-16A. Needing 20 ports you will most likely use one of each type (having then 24 ports).
  The cable to connect to the HWIC is the CAB-HD8-ASYNC. If you attach routers and switches console ports directly to the RJ45 plugs everything is fine. If you have other types of serial ports to serve (DB-9 or DB-25) then you need the according adapters. I don't know if they have product numbers...
  Or to have it all on one single PDF follow this link
  BR
  Björn

• Cisco tool for building router/switch configurations

  Is there a tool on Cisco website that lets you build your own configurations of Cisco routers etc prior to you purchasing them? i.e. Giving you a complete list of part IDs ?

  Hi
  Your question is not clear , if you asked about a tool which can help you to do a configuration for your purchase order for routers , switches , any solution for Cisco . You can configure your chassis , cards , SFPs, Power , and so on. Please use the below link:-
  https://cisco-apps.cisco.com/cisco/psn/commerce
  Thank you
  please rate all useful infomration

• CME B-ACD on Cisco 2911 with IOS 15.2(4)M5 not working

  Hi Folks,
  I am currently setting up CME version 9.1 with B-ACD (app-b-acd-aa-3.0.0.2.tcl & app-b-acd-3.0.0.2.tcl), running on
  Cisco 2911 with IOS ver 15.2(4)M5, this is for lab purposes.
  Below is my CME & B-ACD configuration :
  voice service voip
  ip address trusted list
    ipv4 0.0.0.0 0.0.0.0
  allow-connections h323 to h323
  allow-connections h323 to sip
  allow-connections sip to h323
  allow-connections sip to sip
  fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
  h323
    h225 listen-port 1820
    no call service stop
  sip
    bind control source-interface Vlan400
    bind media source-interface Vlan400
    registrar server expires max 600 min 60
  voice register global
  mode cme
  source-address 172.25.202.1 port 5060
  max-dn 2
  max-pool 2
  load 9971 sip9971.9-2-2SR1-9
  authenticate register
  timezone 28
  time-format 24
  date-format D/M/Y
  tftp-path flash:
  create profile sync 0004714411607756
  voice register dn  1
  number 3005
  name br2phn2
  voice register dn  2
  number 3006
  name br2phn4
  voice register template  1
  dialplan 1
  voice register dialplan 1
  type 7940-7960-others
  pattern 1 3...
  pattern 2 999
  voice register pool  1
  id mac 1C1D.86C4.0D6D
  type 9971
  number 1 dn 1
  template 1
  dtmf-relay rtp-nte
  username 3005 password cisco
  description 3214-3005
  codec g711ulaw
  voice register pool  2
  id mac 1C1D.86C4.A574
  type 9971
  number 1 dn 2
  template 1
  dtmf-relay rtp-nte
  username 3006 password cisco
  description 3214-3006
  codec g711ulaw
  voice hunt-group 1 parallel
  list 3002,3006
  pilot 3210
  application
  service aa flash:/app-b-acd-aa-3.0.0.2.tcl
    paramspace english index 1
    param number-of-hunt-grps 2
    param handoff-string aa
    paramspace english language en
    param max-time-vm-retry 2
    param aa-pilot 3500
    paramspace english location flash://
    param second-greeting-time 60
    param welcome-prompt _bacd_welcome.au
    param call-retry-timer 15
    param voice-mail 3001
    param max-time-call-retry 90
    param service-name queue
  service aa-drop flash:/app-b-acd-aa-3.0.0.2.tcl
    paramspace english index 1
    param service-name queue
    param drop-through-option 2
    param second-greeting-time 60
    paramspace english language en
    param max-time-vm-retry 2
    param max-time-call-retry 90
    param voice-mail 3001
    paramspace english location flash://
    param aa-pilot 3501
    param number-of-hunt-grps 1
    param handoff-string aa-drop
    param call-retry-timer 15
  service queue flash:/app-b-acd-3.0.0.2.tcl
    param queue-len 15
    param aa-hunt10 3006
    param queue-manager-debugs 1
    param number-of-hunt-grps 2
    param aa-hunt2 3210
  interface Loopback0
  ip address 172.25.110.3 255.255.255.255
  ip ospf network point-to-point
  h323-gateway voip interface
  h323-gateway voip id Spain ipaddr 172.25.110.1 1719
  h323-gateway voip h323-id BR2-RTR
  h323-gateway voip tech-prefix 1#
  h323-gateway voip bind srcaddr 172.25.110.3
  interface Vlan400
  ip address 172.25.202.1 255.255.255.0
  ip pim dense-mode
  dial-peer voice 3500 voip
  service aa
  destination-pattern 3500
  session target ipv4:172.25.110.3
  incoming called-number 3500
  dtmf-relay h245-alphanumeric
  codec g711ulaw
  no vad
  dial-peer voice 3501 voip
  service aa-drop
  destination-pattern 3501
  session target ipv4:172.25.110.3
  incoming called-number 3501
  dtmf-relay h245-alphanumeric
  codec g711ulaw
  no vad
  telephony-service
  no auto-reg-ephone
  max-ephones 2
  max-dn 2 no-reg both
  ip source-address 172.25.110.3 port 2000
  cnf-file location flash:
  load 7965 term65.default.loads
  time-zone 28
  time-format 24
  date-format dd-mm-yy
  max-conferences 8 gain -6
  moh "music-on-hold.au"
  web admin system name admin password cisco
  dn-webedit
  transfer-system full-consult
  create cnf-files version-stamp 7960 Feb 14 2014 05:54:44
  ephone-template  1
  softkeys connected  Endcall Hold Park Trnsfer Acct Flash
  ephone-dn  1  octo-line
  number 3001 no-reg both
  description 3214-3001
  name br2phn1
  ephone-dn  2  octo-line
  number 3002 no-reg both
  description 3214-3002
  name br2phn3
  ephone  1
  device-security-mode none
  mac-address 189C.5DB6.D303
  ephone-template 1
  max-calls-per-button 5
  busy-trigger-per-button 3
  type 7965
  button  1:1
  ephone  2
  device-security-mode none
  description 3214-3002
  mac-address 984B.E194.FDDD
  ephone-template 1
  max-calls-per-button 5
  busy-trigger-per-button 3
  type 7960
  button  1:2
  Problem :
  1. When I test call from CME Phone both SIP and SCCP Phone by dial 3500 or 3501, I get the busy tone.
  2. Debug voip dial-peer, match with dial-peer voice 3500 for (aa service) & 3501 for (aa-drop service).
  3. Debug voice application script, show nothing.
  Is there something wrong with my configuration ?
  Rgds
  Novri

  Hi Novriadi,
  In your configuration
  service aa flash:/app-b-acd-aa-3.0.0.2.tcl
  service queue flash:/app-b-acd-3.0.0.2.tcl
  paramspace english location flash://
  Remove "/" and "//" from the configuration
  Then use the call application voice load command in privileged EXEC mode to reload the scripts.
  Router# call application voice load aa
  Router# call application voice load queue
  Router# call application voice load aa-drop
  You can refer to following document as well for more info
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/bacd/configuration/guide/cme40tcl/40bacd.html#wp1018270
  Please find the sample configuration that is required to configure b-acd in CME for reference.
  telephony-service
  moh music-on-hold.au
  multicast moh 239.1.1.1 port 2000
  application
  service queue flash:app-b-acd-2.1.0.0.tcl
    param number-of-hunt-grps 2
    param aa-hunt2 1111
    param aa-hunt3 1222
    param queue-len 15
    param queue-manager-debugs 1
  service aa flash:app-b-acd-aa-2.1.0.0.tcl
    paramspace english index 1
    paramspace english language en
    paramspace english location flash:
    param service-name queue
    param handoff-string aa
    param aa-pilot 8005550123
    param welcome-prompt _bacd_welcome.au
    param number-of-hunt-grps 2
    param dial-by-extension-option 1
    param second-greeting-time 60
    param call-retry-timer 15
    param max-time-call-retry 700
    param max-time-vm-retry 2
    param voice-mail 5003
  dial-peer voice 222 voip
  service aa
  destination-pattern 8005550123
  session target ipv4:192.168.1.1
  incoming called-number 8005550123
  dtmf-relay h245-alphanumeric
  codec g711ulaw
  no vad
  Thanks & Regards,
  Mudit Mathur

• IP SLA Monitor on Cisco 2911

  Dear all,
  I have a cisco 2911 router that is located in my head office LAN and I use this router to connect to my branch networks. I want to configure IP SLA Monitor on this router to track my WAN Links but it does not support the command IP SLA Monitor. My IOS VERSION is  c2900-universalk9-mz.SPA.151-2.T1.bin. Please help tell me how I can configure IP SLA on my router.
  Any assistance will be highly appreciated.

  The Data Technology Package License part number SL-29-DATA-K9 was changed to the AppX Technology Package License that includes DATA and WAAS features with part number SL-29-APP-K9.
  SL-29-APP-K9 (AppX License for Cisco 2900 Series) - USD 1,000.00
  Please check the Change in Product Part Number Announcement for the Cisco 2900 Series Integrated Services Routers Data Technology Package Licenses link below for your reference(s): 
  http://www.cisco.com/c/en/us/products/collateral/routers/2900-series-integrated-services-routers-isr/eos-eol-notice-c51-730946.html

• Cisco 2911 stops responding after a period of time

  I have a Cisco 2911 router with 4 T1 connections.  Two are set as a multilink and the other two are for two other locations.  The router will run fine, but after a month I cannot ping the gigabit ethernet 0/0 interface.  I would have to manually reboot the router to get it to respond again.  Before I noticed a lot of interface discards which would shutdown the 2911 and a manual reboot would be needed, but for this time it isn't the case.  Where would I start with this the memory and cpu usage are fine.
  Here is the config:
  Current configuration : 2905 bytes
  version 15.0
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname 2911
  boot-start-marker
  boot-end-marker
  card type t1 0 0
  card type t1 0 1
  no aaa new-model
  clock timezone gmt -5
  clock summer-time cdt recurring
  no network-clock-participate wic 0
  no network-clock-participate wic 1
  no ipv6 cef
  ip source-route
  ip cef
  multilink bundle-name authenticated
  license udi pid CISCO2911/K9 sn FTX1513ALLS
  controller T1 0/0/0 -- Multilink
  cablelength long 0db
  channel-group 0 timeslots 1-24
  controller T1 0/0/1 -- Multilink
  clock source internal
  cablelength long 0db
  channel-group 0 timeslots 1-24
  controller T1 0/1/0
  clock source internal
  cablelength long 0db
  channel-group 3 timeslots 1-24
  controller T1 0/1/1
  clock source internal
  cablelength long 0db
  channel-group 2 timeslots 1-24
  buffers middle permanent 200
  buffers middle max-free 230
  buffers middle min-free 50
  buffers big permanent 75
  buffers big max-free 200
  buffers big min-free 15
  buffers verybig permanent 20
  buffers verybig max-free 20
  buffers tune automatic
  interface Multilink1
  ip address 192.168.200.1 255.255.255.252
  ip flow ingress
  ip flow egress
  load-interval 30
  ppp multilink
  ppp multilink group 1
  ppp multilink fragment disable
  no cdp enable
  hold-queue 4000 out
  interface GigabitEthernet0/0
  ip address 10.10.99.1 255.255.255.0
  ip flow ingress
  ip flow egress
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  shutdown
  duplex auto
  speed auto
  interface GigabitEthernet0/2
  no ip address
  shutdown
  duplex auto
  speed auto
  interface Serial0/0/0:0
  no ip address
  encapsulation ppp
  ppp multilink
  ppp multilink group 1
  no fair-queue
  hold-queue 40 out
  interface Serial0/0/1:0
  no ip address
  encapsulation ppp
  ppp multilink
  ppp multilink group 1
  no fair-queue
  hold-queue 40 out
  interface Serial0/1/0:3
  ip address 192.168.1.2 255.255.255.0
  ip flow ingress
  ip flow egress
  load-interval 60
  no fair-queue
  hold-queue 4000 out
  interface Serial0/1/1:2
  ip address 192.168.8.2 255.255.255.0
  ip flow ingress
  ip flow egress
  load-interval 30
  no fair-queue
  hold-queue 4000 out
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip flow-cache timeout active 1
  ip flow-export source GigabitEthernet0/0
  ip flow-export version 5
  ip flow-export destination 10.10.14.49 2055
  ip route 0.0.0.0 0.0.0.0 10.10.99.10
  ip route 10.10.17.0 255.255.255.0 192.168.1.1
  ip route 10.10.25.0 255.255.255.0 192.168.8.1
  ip route 10.10.94.0 255.255.254.0 192.168.200.2
  snmp-server community ipBalance RO
  snmp-server community SolarWinds RO
  control-plane
  line con 0
  logging synchronous
  line aux 0
  line vty 0 4
  session-timeout 60
  privilege level 15
  password 7
  logging synchronous
  login
  transport input telnet
  scheduler allocate 20000 1000
  end

  Kishore,
  I just hard coded the gigabit 0/0 to 1000 full duplex.  The interface errors were occuring on the serial interfaces due to someone doing videoconferencing and trying to use more than 1.5Mbps over the T1.  Once they throttled down the video conferencing equipment, the errors seemed to go away. 
  IOS is
  Cisco IOS Software, C2900 Software (C2900-UNI​VERSALK9-M​), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
  For syslogs I enabled:
  logging trap notifications
  logging IP of syslog server
  service timestamps debug datetime msec
  service timestamps log datetime msec localtime show-timezone year

• Cisco 2911 ISR Firewall

  Hi everyone,
  I would like to inquire on how to deploy Cisco 2911 ISR routers to act as Firewall to protect segments of my network. We have more than 10 units of the said router on our branch and i would like to ask on how i can make it a Firewall, it is running on IOS with sec/k9 license.
  Hope that anyone can help me with my problem.
  Thank you very much in advance
  Best Regards,
  Jayson Cruz

  Hi Julio,
  A good day its me again. My apologies to bother you again. May i ask for your advice regarding the set-up of my IOS Zone-Based Firewall via 2911 routers.
  I have 2 2911 beanch routers with bgp peering on a WAN links to reach the branch. On the LAN interface of the said Branch Routers are the LAN segments configured via subinterface command and running HSRP with the other branch router.
  How would i implement Zone-Based Firewall with HA without having drops because of asymetric routing. Im sorry since the configuration guide that you have sent me as so many options and configurations that i tend to be confusing on which one is another option and which one is prt of the previous procedure. I hope you could help me with this one as i need to implement it within this week.
  Thanks you very much and I'm sorry for bothering you.
  Thank you very much!
  Jayson
  Sent from Cisco Technical Support Android App

• Cisco 2911 vesio 12,4 , i have some noise when i make call

  hi
  1: i have cisco  2911 with 2 card 4FXO i can make the call buth i heath some pertubation in the conversation
  2 : i can heat th ring when i make a external call
  this my configuration
  voice call carrier capacity active
  voice rtp send-recv
  voice service voip
  allow-connections h323 to h323
  allow-connections h323 to sip
  allow-connections sip to h323
  allow-connections sip to sip
  supplementary-service h450.12
  fax protocol cisco
  h323
    no call service stop
  voice class codec 1
  codec preference 1 g711ulaw
  codec preference 2 g729r8
  voice class h323 1
    h225 timeout tcp establish 3
  voice-port 0/0/0
  supervisory disconnect anytone
  cptone FR
  connection plar opx 0
  caller-id enable
  voice-port 0/0/1
  supervisory disconnect anytone
  no battery-reversal
  input gain -3
  output attenuation 4
  echo-cancel coverage 24
  no comfort-noise
  cptone FR
  timeouts interdigit 6
  timeouts call-disconnect 5
  timing hookflash-out 500
  connection plar opx 0
  impedance complex2
  caller-id enable
  best regard!

  Try this:
  1 - Use the default configuration for the port. Fw:
  voice-port 0/0/0
  supervisory disconnect anytone
  cptone FR
  connection plar opx 0
  caller-id enable
  voice-port 0/0/1
  supervisory disconnect anytone
  cptone FR
  connection plar opx 0
  caller-id enable
  2 - Do you hear noise in both ports?
  3 - Usually in the case of noise, the problem is not in the router of the beholder. Often the problem is the user of the remote end. The Other End. (Ask for verification on the other side too)
  4 - Check the qos is never enough.
  I hope I have helped.
  Luciane de Medeiros

• Need help with troubleshooting VPN betwen Cisco 2911 and Dell Sonicwall 4060

  Hello all,
  I am trying to set up a VPN Tunnel between the devices mentioned above.  The tunnel appears to be established, but I've encountered some issues along the way.  I can ping from the Cisco 2911 to a server behind the Sonicwall, but I cannot ping from that server to the Cisco router unless the router is pinging the server at the same time.  What should I do to fix this problem?
  UPDATE:  The tunnel is no longer working between the two devices.  The end result I am looking for is to have a VPN tunnel between these two devices which does NAT and allows me to ping across without having to constantly ping to keep the session open.  Before the tunnel went down, I was able to ping that server behind the sonicwall using a port on the inside of the firewall as a source port for the ping, and at one point I was able to ping back to the router from the server, but was unable to ping beyond that interface.  I think the problem that I am running into has to do with the zone-based firewall configurations that are already on the router.  I don't want to mess with those configurations already in place, but I am not sure how to get this tunnel working.  I'm fairly certain I need to start from the beginning in regards to this tunnel, but I cannot figure out how to configure this the right way. 
  Thanks in advance for any help
  Michael
  Message was edited by: Michael Sotalin

  Finally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.
  Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".
  Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.