Configuration of Cisco 2911 for Asterisk
Hi all
I use Cisco 2911 for Asterisk phone system communicate with external.
However, sometime I can make call in and out. Sometime, just call in or out. Sometime, cannot make any call.
I think it is the NAT, PAT and ACL in Cisco 2911 problem. This Cisco is also a gateway to internet for users.
Please any advice
Thanks a lot
Here is the configuration:
Router#show run
Building configuration...
Current configuration : 1981 bytes
! Last configuration change at 20:06:06 UTC Thu Nov 14 2013
! NVRAM config last updated at 15:04:59 UTC Tue Nov 5 2013
! NVRAM config last updated at 15:04:59 UTC Tue Nov 5 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
enable secret 5 xxxxx
no aaa new-model
memory-size iomem 20
no ipv6 cef
ip source-route
ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
license udi pid CISCO2911/K9 sn FTX1603AH9C
interface Embedded-Service-Engine0/0
no ip address
interface GigabitEthernet0/0
description internal-LAN
ip address 172.x.x.x 255.255.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1.1
encapsulation dot1Q 11
ip address 172.16.x.x 255.255.240.0
interface GigabitEthernet0/2
description internet
ip address 50.240.x.x 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 100 interface GigabitEthernet0/2 overload
ip route profile
ip route 0.0.0.0 0.0.0.0 50.240.x.x
ip route 0.0.0.0 0.0.0.0 172.10.0.30 name ROUTE-VPN-REMOTE
ip route 172.16.240.0 255.255.254.0 172.10.x.x
access-list 100 permit ip 172.10.0.0 0.0.255.255 any
access-list 100 permit ip 172.16.240.0 0.0.0.255 any
access-list 100 permit udp any any range 5004 5090
access-list 100 permit udp any any range 10000 20000
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
There are some VSP where they do the NAT. If your VSP (like mine) do the NAT, then you need to globally disable NAT in your Asterisk.
My VSP also recommends I disable ALG on my router.
So you need to ask you VSP.
Similar Messages
-
How to Configure an Cisco 5505 for PPTP VPN connectivity
I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
*Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.Hi,
Below is the link to the admin guide for the RV042. Chapter 9 covers the configuration of site to site VPN’s and begins on page 123.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
Thank you,
Jason Nickle -
Configuring SYNCE/PTP on Cisco 7600 and Cisco MWR for NSN NodeB
Hi to All,
I would to ask for support on how i can establish the PTP between Cisco MWR 2941-DC and a NSN NodeB. The Cisco MWR is connected to a Cisco 7600 with SPA-2X1GE-SYNCE where the SSU/OSN clock is connected on the BITS ports. Hope you can assist me with the configurations.
Thanks,
EugeneDear Genedeath,
I have noticed that you posted this message since last year ..... have you ever been able to solve the case??
I had a glance to the diagram and it looks quite similar to my case.
I need to configure a Cisco MWR2941 for the very first time in order to support SyncE for packet Abis between a NSN FlexyBSC and a NSN BTS.
BTS---------------Gig x/y MWR Gig x/x-----------------------FlexyBSC
I guess the source clock would be provided by BSC...
Can you support me according to your experience ??
thanks and regards!
Mauro -
Can't establish a Voice gateway (cisco 2911) using SIP with CUCM 9.1
I have configured a Cisco 2911 as a Voice Gateway using SIP (the configuration is attached), but unfortunately can't establish a test call to a phone (CUPC 8.6 SCCP) using csim start. I have done logging the ccsip debug and ccapi debug and attached them. Could anyone help me to solve this problem?
I just did some research on my end and csim is not supported for SIP. The Invite will never be created and sent to the CUCM to initate the call. It disconnects in the router itself with normal cause.
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPIOutgoingCallSDP:
Could not create source SDP for Outgoing Call
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPICreateOutboundSDP:
Error in creating an SDP for the outbound call - Check for supported codecs
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/preprocessSetup:
Error during outbound SDP creation
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Info/sipSPIInitiateDisconnect: Initiate call disconnect(16) for outgoing call
Please use an actual call to test your dial-peer and integration with call manager. csim will not work.
Hantale
Sree -
Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)
OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch?
Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
The ASA is connected to a checkpoint sub interface
Any help would be beneficial as im new to cisco ASAs
Thanks
MarkMark
If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
HTH
Rick -
Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
ipv6 dhcp database disk0://DHCPV6-DB
ipv6 dhcp pool VLAN206IPV6
prefix-delegation pool VLAN206IPV6-POOL
dns-server 2620:B700:0:1001::53
domain-name global.bio.com
ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
interface Vlan206
description *** IPv6 Subnet ***
ip address 10.2.104.2 255.255.255.0
ipv6 address 2620:B700:0:12C7::2/64
ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server VLAN206IPV6
standby version 2
standby 0 ip 10.2.104.1
standby 0 preempt
standby 6 ipv6 2620:B700:0:12C7::1/64
standby 6 preempt
I'm getting a result from my debug as follows:
Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: dst FF02::1:2
Apr 10 16:28:03.861 PDT: type SOLICIT(1), xid 8277025
Apr 10 16:28:03.861 PDT: option ELAPSED-TIME(8), len 2
Apr 10 16:28:03.861 PDT: elapsed-time 101
Apr 10 16:28:03.861 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.861 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.861 PDT: option IA-NA(3), len 12
Apr 10 16:28:03.861 PDT: IAID 0x0FF01FAF, T1 0, T2 0
Apr 10 16:28:03.861 PDT: option UNKNOWN(39), len 32
Apr 10 16:28:03.861 PDT: option VENDOR-CLASS(16), len 14
Apr 10 16:28:03.861 PDT: option ORO(6), len 8
Apr 10 16:28:03.861 PDT: DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::21D:E6FF:FEE4:4400
Apr 10 16:28:03.861 PDT: dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: type ADVERTISE(2), xid 8277025
Apr 10 16:28:03.861 PDT: option SERVERID(2), len 10
Apr 10 16:28:03.865 PDT: 00030001001DE6E44400
Apr 10 16:28:03.865 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.865 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.865 PDT: option STATUS-CODE(13), len 15
Apr 10 16:28:03.865 PDT: status code NOADDRS-AVAIL(2)
Apr 10 16:28:03.865 PDT: status message: NOADDRS-AVAILHello,
maybe hitting the following bug.
Pv6 Address Assignment Support for IPv6 DHCP Server
CSCse81385
Hope this helps -
Configuring Cisco Router for use with Syslog Server
Configuring Cisco Router for use with Syslog Server:
Does anyone know of a good doc for this?
-AshleyStart with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
And if you need more informations, just ask what you want to achieve.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Hardware Needed for Cisco 2911 as a console server
Hi,
We need to setup Cisco 2911 router as a console server for OOB (Out of band) connectivity to console of each DC device (upto 20 devices) Could someone please respond to the following questions we had:
1. What interface module can we install on the 2911 ISR for this purpose?
2. What cable (part number please) will go to the that 2911-ISR interface slot and then we can connect the consoel ports of out network devices to that cable.
It needs to be something similar to the cisco octal cable which I know we used for Cisco 2500 series for console purposes to other devices. But not sure about Cisco 2911.
I would highly appreciate your information and help.
Thanks
LovleenYou would need an interface providing asynchronous serial ports. Something like the HWIC-8A or the HWIC-16A. Needing 20 ports you will most likely use one of each type (having then 24 ports).
The cable to connect to the HWIC is the CAB-HD8-ASYNC. If you attach routers and switches console ports directly to the RJ45 plugs everything is fine. If you have other types of serial ports to serve (DB-9 or DB-25) then you need the according adapters. I don't know if they have product numbers...
Or to have it all on one single PDF follow this link
BR
Björn -
Cisco tool for building router/switch configurations
Is there a tool on Cisco website that lets you build your own configurations of Cisco routers etc prior to you purchasing them? i.e. Giving you a complete list of part IDs ?
Hi
Your question is not clear , if you asked about a tool which can help you to do a configuration for your purchase order for routers , switches , any solution for Cisco . You can configure your chassis , cards , SFPs, Power , and so on. Please use the below link:-
https://cisco-apps.cisco.com/cisco/psn/commerce
Thank you
please rate all useful infomration -
CME B-ACD on Cisco 2911 with IOS 15.2(4)M5 not working
Hi Folks,
I am currently setting up CME version 9.1 with B-ACD (app-b-acd-aa-3.0.0.2.tcl & app-b-acd-3.0.0.2.tcl), running on
Cisco 2911 with IOS ver 15.2(4)M5, this is for lab purposes.
Below is my CME & B-ACD configuration :
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
h323
h225 listen-port 1820
no call service stop
sip
bind control source-interface Vlan400
bind media source-interface Vlan400
registrar server expires max 600 min 60
voice register global
mode cme
source-address 172.25.202.1 port 5060
max-dn 2
max-pool 2
load 9971 sip9971.9-2-2SR1-9
authenticate register
timezone 28
time-format 24
date-format D/M/Y
tftp-path flash:
create profile sync 0004714411607756
voice register dn 1
number 3005
name br2phn2
voice register dn 2
number 3006
name br2phn4
voice register template 1
dialplan 1
voice register dialplan 1
type 7940-7960-others
pattern 1 3...
pattern 2 999
voice register pool 1
id mac 1C1D.86C4.0D6D
type 9971
number 1 dn 1
template 1
dtmf-relay rtp-nte
username 3005 password cisco
description 3214-3005
codec g711ulaw
voice register pool 2
id mac 1C1D.86C4.A574
type 9971
number 1 dn 2
template 1
dtmf-relay rtp-nte
username 3006 password cisco
description 3214-3006
codec g711ulaw
voice hunt-group 1 parallel
list 3002,3006
pilot 3210
application
service aa flash:/app-b-acd-aa-3.0.0.2.tcl
paramspace english index 1
param number-of-hunt-grps 2
param handoff-string aa
paramspace english language en
param max-time-vm-retry 2
param aa-pilot 3500
paramspace english location flash://
param second-greeting-time 60
param welcome-prompt _bacd_welcome.au
param call-retry-timer 15
param voice-mail 3001
param max-time-call-retry 90
param service-name queue
service aa-drop flash:/app-b-acd-aa-3.0.0.2.tcl
paramspace english index 1
param service-name queue
param drop-through-option 2
param second-greeting-time 60
paramspace english language en
param max-time-vm-retry 2
param max-time-call-retry 90
param voice-mail 3001
paramspace english location flash://
param aa-pilot 3501
param number-of-hunt-grps 1
param handoff-string aa-drop
param call-retry-timer 15
service queue flash:/app-b-acd-3.0.0.2.tcl
param queue-len 15
param aa-hunt10 3006
param queue-manager-debugs 1
param number-of-hunt-grps 2
param aa-hunt2 3210
interface Loopback0
ip address 172.25.110.3 255.255.255.255
ip ospf network point-to-point
h323-gateway voip interface
h323-gateway voip id Spain ipaddr 172.25.110.1 1719
h323-gateway voip h323-id BR2-RTR
h323-gateway voip tech-prefix 1#
h323-gateway voip bind srcaddr 172.25.110.3
interface Vlan400
ip address 172.25.202.1 255.255.255.0
ip pim dense-mode
dial-peer voice 3500 voip
service aa
destination-pattern 3500
session target ipv4:172.25.110.3
incoming called-number 3500
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
dial-peer voice 3501 voip
service aa-drop
destination-pattern 3501
session target ipv4:172.25.110.3
incoming called-number 3501
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
telephony-service
no auto-reg-ephone
max-ephones 2
max-dn 2 no-reg both
ip source-address 172.25.110.3 port 2000
cnf-file location flash:
load 7965 term65.default.loads
time-zone 28
time-format 24
date-format dd-mm-yy
max-conferences 8 gain -6
moh "music-on-hold.au"
web admin system name admin password cisco
dn-webedit
transfer-system full-consult
create cnf-files version-stamp 7960 Feb 14 2014 05:54:44
ephone-template 1
softkeys connected Endcall Hold Park Trnsfer Acct Flash
ephone-dn 1 octo-line
number 3001 no-reg both
description 3214-3001
name br2phn1
ephone-dn 2 octo-line
number 3002 no-reg both
description 3214-3002
name br2phn3
ephone 1
device-security-mode none
mac-address 189C.5DB6.D303
ephone-template 1
max-calls-per-button 5
busy-trigger-per-button 3
type 7965
button 1:1
ephone 2
device-security-mode none
description 3214-3002
mac-address 984B.E194.FDDD
ephone-template 1
max-calls-per-button 5
busy-trigger-per-button 3
type 7960
button 1:2
Problem :
1. When I test call from CME Phone both SIP and SCCP Phone by dial 3500 or 3501, I get the busy tone.
2. Debug voip dial-peer, match with dial-peer voice 3500 for (aa service) & 3501 for (aa-drop service).
3. Debug voice application script, show nothing.
Is there something wrong with my configuration ?
Rgds
NovriHi Novriadi,
In your configuration
service aa flash:/app-b-acd-aa-3.0.0.2.tcl
service queue flash:/app-b-acd-3.0.0.2.tcl
paramspace english location flash://
Remove "/" and "//" from the configuration
Then use the call application voice load command in privileged EXEC mode to reload the scripts.
Router# call application voice load aa
Router# call application voice load queue
Router# call application voice load aa-drop
You can refer to following document as well for more info
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/bacd/configuration/guide/cme40tcl/40bacd.html#wp1018270
Please find the sample configuration that is required to configure b-acd in CME for reference.
telephony-service
moh music-on-hold.au
multicast moh 239.1.1.1 port 2000
application
service queue flash:app-b-acd-2.1.0.0.tcl
param number-of-hunt-grps 2
param aa-hunt2 1111
param aa-hunt3 1222
param queue-len 15
param queue-manager-debugs 1
service aa flash:app-b-acd-aa-2.1.0.0.tcl
paramspace english index 1
paramspace english language en
paramspace english location flash:
param service-name queue
param handoff-string aa
param aa-pilot 8005550123
param welcome-prompt _bacd_welcome.au
param number-of-hunt-grps 2
param dial-by-extension-option 1
param second-greeting-time 60
param call-retry-timer 15
param max-time-call-retry 700
param max-time-vm-retry 2
param voice-mail 5003
dial-peer voice 222 voip
service aa
destination-pattern 8005550123
session target ipv4:192.168.1.1
incoming called-number 8005550123
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
Thanks & Regards,
Mudit Mathur -
Dear all,
I have a cisco 2911 router that is located in my head office LAN and I use this router to connect to my branch networks. I want to configure IP SLA Monitor on this router to track my WAN Links but it does not support the command IP SLA Monitor. My IOS VERSION is c2900-universalk9-mz.SPA.151-2.T1.bin. Please help tell me how I can configure IP SLA on my router.
Any assistance will be highly appreciated.The Data Technology Package License part number SL-29-DATA-K9 was changed to the AppX Technology Package License that includes DATA and WAAS features with part number SL-29-APP-K9.
SL-29-APP-K9 (AppX License for Cisco 2900 Series) - USD 1,000.00
Please check the Change in Product Part Number Announcement for the Cisco 2900 Series Integrated Services Routers Data Technology Package Licenses link below for your reference(s):
http://www.cisco.com/c/en/us/products/collateral/routers/2900-series-integrated-services-routers-isr/eos-eol-notice-c51-730946.html -
Cisco 2911 stops responding after a period of time
I have a Cisco 2911 router with 4 T1 connections. Two are set as a multilink and the other two are for two other locations. The router will run fine, but after a month I cannot ping the gigabit ethernet 0/0 interface. I would have to manually reboot the router to get it to respond again. Before I noticed a lot of interface discards which would shutdown the 2911 and a manual reboot would be needed, but for this time it isn't the case. Where would I start with this the memory and cpu usage are fine.
Here is the config:
Current configuration : 2905 bytes
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 2911
boot-start-marker
boot-end-marker
card type t1 0 0
card type t1 0 1
no aaa new-model
clock timezone gmt -5
clock summer-time cdt recurring
no network-clock-participate wic 0
no network-clock-participate wic 1
no ipv6 cef
ip source-route
ip cef
multilink bundle-name authenticated
license udi pid CISCO2911/K9 sn FTX1513ALLS
controller T1 0/0/0 -- Multilink
cablelength long 0db
channel-group 0 timeslots 1-24
controller T1 0/0/1 -- Multilink
clock source internal
cablelength long 0db
channel-group 0 timeslots 1-24
controller T1 0/1/0
clock source internal
cablelength long 0db
channel-group 3 timeslots 1-24
controller T1 0/1/1
clock source internal
cablelength long 0db
channel-group 2 timeslots 1-24
buffers middle permanent 200
buffers middle max-free 230
buffers middle min-free 50
buffers big permanent 75
buffers big max-free 200
buffers big min-free 15
buffers verybig permanent 20
buffers verybig max-free 20
buffers tune automatic
interface Multilink1
ip address 192.168.200.1 255.255.255.252
ip flow ingress
ip flow egress
load-interval 30
ppp multilink
ppp multilink group 1
ppp multilink fragment disable
no cdp enable
hold-queue 4000 out
interface GigabitEthernet0/0
ip address 10.10.99.1 255.255.255.0
ip flow ingress
ip flow egress
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface Serial0/0/0:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
no fair-queue
hold-queue 40 out
interface Serial0/0/1:0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1
no fair-queue
hold-queue 40 out
interface Serial0/1/0:3
ip address 192.168.1.2 255.255.255.0
ip flow ingress
ip flow egress
load-interval 60
no fair-queue
hold-queue 4000 out
interface Serial0/1/1:2
ip address 192.168.8.2 255.255.255.0
ip flow ingress
ip flow egress
load-interval 30
no fair-queue
hold-queue 4000 out
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination 10.10.14.49 2055
ip route 0.0.0.0 0.0.0.0 10.10.99.10
ip route 10.10.17.0 255.255.255.0 192.168.1.1
ip route 10.10.25.0 255.255.255.0 192.168.8.1
ip route 10.10.94.0 255.255.254.0 192.168.200.2
snmp-server community ipBalance RO
snmp-server community SolarWinds RO
control-plane
line con 0
logging synchronous
line aux 0
line vty 0 4
session-timeout 60
privilege level 15
password 7
logging synchronous
login
transport input telnet
scheduler allocate 20000 1000
endKishore,
I just hard coded the gigabit 0/0 to 1000 full duplex. The interface errors were occuring on the serial interfaces due to someone doing videoconferencing and trying to use more than 1.5Mbps over the T1. Once they throttled down the video conferencing equipment, the errors seemed to go away.
IOS is
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M4, RELEASE SOFTWARE (fc1)
For syslogs I enabled:
logging trap notifications
logging IP of syslog server
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone year -
Hi everyone,
I would like to inquire on how to deploy Cisco 2911 ISR routers to act as Firewall to protect segments of my network. We have more than 10 units of the said router on our branch and i would like to ask on how i can make it a Firewall, it is running on IOS with sec/k9 license.
Hope that anyone can help me with my problem.
Thank you very much in advance
Best Regards,
Jayson CruzHi Julio,
A good day its me again. My apologies to bother you again. May i ask for your advice regarding the set-up of my IOS Zone-Based Firewall via 2911 routers.
I have 2 2911 beanch routers with bgp peering on a WAN links to reach the branch. On the LAN interface of the said Branch Routers are the LAN segments configured via subinterface command and running HSRP with the other branch router.
How would i implement Zone-Based Firewall with HA without having drops because of asymetric routing. Im sorry since the configuration guide that you have sent me as so many options and configurations that i tend to be confusing on which one is another option and which one is prt of the previous procedure. I hope you could help me with this one as i need to implement it within this week.
Thanks you very much and I'm sorry for bothering you.
Thank you very much!
Jayson
Sent from Cisco Technical Support Android App -
Cisco 2911 vesio 12,4 , i have some noise when i make call
hi
1: i have cisco 2911 with 2 card 4FXO i can make the call buth i heath some pertubation in the conversation
2 : i can heat th ring when i make a external call
this my configuration
voice call carrier capacity active
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
fax protocol cisco
h323
no call service stop
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class h323 1
h225 timeout tcp establish 3
voice-port 0/0/0
supervisory disconnect anytone
cptone FR
connection plar opx 0
caller-id enable
voice-port 0/0/1
supervisory disconnect anytone
no battery-reversal
input gain -3
output attenuation 4
echo-cancel coverage 24
no comfort-noise
cptone FR
timeouts interdigit 6
timeouts call-disconnect 5
timing hookflash-out 500
connection plar opx 0
impedance complex2
caller-id enable
best regard!Try this:
1 - Use the default configuration for the port. Fw:
voice-port 0/0/0
supervisory disconnect anytone
cptone FR
connection plar opx 0
caller-id enable
voice-port 0/0/1
supervisory disconnect anytone
cptone FR
connection plar opx 0
caller-id enable
2 - Do you hear noise in both ports?
3 - Usually in the case of noise, the problem is not in the router of the beholder. Often the problem is the user of the remote end. The Other End. (Ask for verification on the other side too)
4 - Check the qos is never enough.
I hope I have helped.
Luciane de Medeiros -
Need help with troubleshooting VPN betwen Cisco 2911 and Dell Sonicwall 4060
Hello all,
I am trying to set up a VPN Tunnel between the devices mentioned above. The tunnel appears to be established, but I've encountered some issues along the way. I can ping from the Cisco 2911 to a server behind the Sonicwall, but I cannot ping from that server to the Cisco router unless the router is pinging the server at the same time. What should I do to fix this problem?
UPDATE: The tunnel is no longer working between the two devices. The end result I am looking for is to have a VPN tunnel between these two devices which does NAT and allows me to ping across without having to constantly ping to keep the session open. Before the tunnel went down, I was able to ping that server behind the sonicwall using a port on the inside of the firewall as a source port for the ping, and at one point I was able to ping back to the router from the server, but was unable to ping beyond that interface. I think the problem that I am running into has to do with the zone-based firewall configurations that are already on the router. I don't want to mess with those configurations already in place, but I am not sure how to get this tunnel working. I'm fairly certain I need to start from the beginning in regards to this tunnel, but I cannot figure out how to configure this the right way.
Thanks in advance for any help
Michael
Message was edited by: Michael SotalinFinally the testing is successful on Sonicwall NSA 240 as well with Cisco ASA. Actually somehow Sonicwall firewall was discovering my VPN Box's Public leg (Private IP (10.10.50.10)) as well, which was behind a Live Peer IP (203.124.x.x). As per security policies it shouldnt have been discovered on the remote end. i will bring this in Cisco TAC notice.
Logs of Sonicwall were showing ASA local ike id as "203.124.x.x" & ASA Remote ike id "10.10.50.10".
Sonicwall sets these two parameters with PSK (local ike id & remote ike id). This is other than setting the Peer IP. i asked my client to add my ASA actual and NAT IP in these two parameters and the VPN got UP.
Maybe you are looking for
-
IPHONE 4 Temperature too hot needs to cool down????
I waited 12 hours in line for my iphone 4 and got it today. Got it activated in the store, worked fine. When I got home, it started saying "Temperature too hot, needs to cool down". It wont let me charge or sync. The phone is not even warm, as I had
-
Is there any way to increase DVD player SDK750SU2 output volume level? The television volume control will not raise the volume high enough when using the player.
-
How to pass values from one section to another section in same dashboard..
hi I am in need of designing a dashboard which contains 2 sections.In first section i will include a Dashboard prompt and in the second section, I have to display a jsp page by passing the result of prompt as a parameter. how to pass these values....
-
Top 5 wait events in AWR Repprt
Hi, The following is top 5 wait event in my AWR reports... Whenever I take reports this are always top 5 events Top 5 Timed Events ============================================================================================================= Event
-
Problems after updating to 2.0
We have an original iPhone, purchased on 6/29/2007. We updated iTunes to 7.7 and then updated iPhone to 2.0 on Saturday afternoon. Ever since then the phone just turns itself off. We can usually get it turned back on but as soon as the screen goes to