Connectivity Issue between ASA 5520 firewall and Cisco Call Manager
Recently i have installed ASA 5520 firewall, Below is the detail for my network
ASA 5520 inside ip: 10.12.10.2/24
Cisco Switch 3560 IP: 10.12.10.1/24 for Data and 10.12.110.2/24 for Voice
Cisco Call Manager 3825 IP: 10.12.110.2/24
The users and the IP phone are getting IP from the DHCP server which configured on cisco 3560 Switch.
the Default Gateway for Data user is 10.12.10.2/24 and
for the voice users is 10.12.110.2/24
now the problem is that the users is not able to ping 10.12.110.2 call manager. please if somebody can help in this regard. i will appreciate the prompt response against this issues.
Actually i don't wana to insert new subnet and complicate the nework. i need a simple way to solve the problem. below is the details for the asa 5520 config.
ASA Version 8.2(1)
name x.x.x.x Mobily
interface GigabitEthernet0/0
nameif inside
security-level 99
ip address 10.12.10.2 255.255.255.0
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.252
object-group service DM_INLINE_SERVICE_1
service-object tcp-udp
service-object ip
service-object icmp
service-object udp
service-object tcp eq ftp
service-object tcp eq www
service-object tcp eq https
service-object tcp eq ssh
service-object tcp eq telnet
access-list RA_VPN_splitTunnelAcl_1 standard permit Inside-Network 255.255.255.0
access-list RA_VPN_splitTunnelAcl standard permit Inside-Network 255.255.255.0
access-list inside_nat0_outbound extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
access-list inside_nat0_outbound extended permit object-group DM_INLINE_SERVICE_1 10.12.10.16 255.255.255.240 Inside-Network 255.255.255.0
access-list inside_nat0_outbound_1 extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
ip local pool VPN-Pool 172.16.1.1-172.16.1.30 mask 255.255.255.0
ip local pool VPN-Users 10.12.10.21-10.12.10.30 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-641.bin
asdm history enable
arp timeout 14400
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_1
nat (inside) 1 Inside-Network 255.255.255.0
route outside 0.0.0.0 0.0.0.0 Mobily 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http Mgmt-Network 255.255.255.0 mgmt
http Inside-Network 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet Inside-Network 255.255.255.0 inside
telnet timeout 5
ssh Inside-Network 255.255.255.255 inside
<--- More ---> ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy RA_VPN internal
group-policy RA_VPN attributes
dns-server value 86.51.34.17 8.8.8.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RA_VPN_splitTunnelAcl
username admin password LPtK/u1LnvHTA2vO encrypted privilege 15
tunnel-group RA_VPN type remote-access
tunnel-group RA_VPN general-attributes
address-pool VPN-Users
default-group-policy RA_VPN
tunnel-group RA_VPN ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:e5a64fa92ae465cd7dabd01ce605307d
: end
Similar Messages
-
How can I resolve bluetooth connectivity issues between my iPhone 4S and my car?
My iPhone contantly unpairs from my car's bluetooth while I'm on a call. The phone is still working and I can continue the conversation if I hold it, but that is illegal in New Jersey. I have tried re-setting the iPhone, and re-pairing it with the car's bluetooth, but nothing has worked. My car (Lexus 350RX, 2012) is up to date with firmware. My daughter has the same issue with her iPhone 4S and her Honda Pilot. I may have to get a Samsum Galaxy if this issue is not resolved.
either export it as a pdf if you dont need to work in it or if you do use an app called numbers from apple it supports excel as far as i know
-
Connection issues between 64 bit SSIS and Oracle in 64bit
I've got a Win2K3 Std Ed server (x64) running 64-bit SQL Server 2005 Enterprise Edition. I've installed the Oracle 10g 64 bit and and installed ODAC 64 bit then oracle patch to take care of () issue, i managed to create a link server on management studio and connect to oracle a 64 bit server
Now... when I try to create a new connection manager in SQL Server 2005 Integration Services i got the following error, the OLEDB provider for Oracle can't be found, and when I try to manually add an underlying OLEDB connection to the database, SQL Server reports: i got the following error....
Test connection failed because of an error in initializing provider. The 'OraOLEDB.Oracle.1' provider is not registered on the local machine.
Note: my sql server agent is not running on this server, let me know if this is an issue.I think I resolved this issue by installing Oracle 11g 32bit & 64bit clients in the 64bit SQL Server machine.
Please refer to the detail:
http://knol.google.com/k/jeyong-park/accessing-oracle-data-source-from-64bit/3vywlm4f31xae/12# -
Wireless connectivity issue between MacBook Pro/ iTouch and Airport Express
I'm creating a wireless network at home using my airport express and depending on the configuration settings I set in the airport utility, I will face the following issues:
1- To connect my MacBook Pro to the wireless network created, I have to set the radio mode to 802.11n only (5 GHz). Any other radio mode (a/b/g compatible or n only (2.4 GHz)) will not work ("Couldn't find the network")
2- Conversely, the use of the radio mode 802.11n only (5 GHz) with my iTouch doesn't work ("Couldn't find the network"). To connect my iTouch to the wireless network created, I have to set the radio mode to 802.11a/b/g compatible or to n only (2.4 GHz)
As a result, I manage to 1) either connect to a wireless network created with my airport express with my MacBook Pro only 2) or with my iTouch only, depending on the configuration setup.
I'm using the latest updates for the airport utility (7.4.2), iTouch (3.1.3) and Mac OSX (10.6.4).
Any help on this?if you set it to the most compatible with the least common denominator you should be able to connect with both. (If that's what I understand you are trying to achieve).
-
Connectivity Issues Between my AirPort Express and Dell Inspiron
I have an Airport Extreme set up in my home office, and then two AirPort Expresses set up around the house, but if my Dell Inspiron is anywhere in the building other than in the home office room it will barely connect to the network. My Macbook pro has no issues roaming about the house, but for some reason the dell does, even if it is parked right next to one of the airport express range extenders... Any thoughts?
". . . but a WIFI signal is a WIFI signal right?"
I think so, but what do I know. I also saw where another person suggested checking the "Linksys WPA" settings. Might work, but I have absolutely no idea what they are or where I'd find them (although I did write and ask). Here's a link to that thread, maybe it will help:
http://discussions.apple.com/thread.jspa?messageID=11571231#11571231
Good luck.
jim -
Connectivity issues between Cisco 2901 and Cisco SG300-52
Hello,
I am having some serious connectivity issues between the hosts in my LAN.
My LAN is based on a Cisco 2901 router and a Cisco SG300-52 port switch.
The issue that has been happening is that connections between hosts on the LAN (remote desktop, extended ping, etc) is very unstable, at some point I can see a 35% lost packets on an extended ping. This happens at any time of the day and from any host.
All hosts are on the same Vlan(default Vlan) and on the same subnet. Some hosts have fixed IP addresses (servers and network equipment) and others obtain their IP address trough a DHCP reservation established on the router (reserved with the MAC address of every host).
I can provide further details if needed, because this issue is very serious and I would really appreciate any insight or support.
Many thanks in advanced.
Sair Amer
EDIT: After doing every test we could think of, we finally found the reason behind this problem.
It turns out that the switch has problems handling communications between clients at different speeds, because most of the hosts connected were working at 100 Mbps but the servers were working at 1000 Mbps (and the communication between host and servers wasn't stable).
After manually setting the speed on all ports to 100 Mbps the problems have stopped.
Many thanks for you help on this issue.Building configuration...
Current configuration : 4123 bytes
! Last configuration change at 12:06:16 PCTime Sat Jul 19 2014 by ccp
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Foninsa
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 $1$BDbJ$HN3VP8nmywrGB55RCxPd30
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone PCTime -4 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
no ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.151 192.168.1.255
ip dhcp pool FONINSA
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool Laptop-Sporta-Wifi
host 192.168.1.10 255.255.255.0
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-213585710
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-213585710
revocation-check none
rsakeypair TP-self-signed-213585710
crypto pki certificate chain TP-self-signed-213585710
certificate self-signed 01
30820229 30820192
quit
license udi pid CISCO2901/K9 sn
license boot module c2900 technology-package securityk9
username ccp privilege 15 password
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 190.196.21.98 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.3 21 190.196.21.98 21 extendable
ip nat inside source static tcp 192.168.1.3 80 190.196.21.98 80 extendable
ip nat inside source static udp 192.168.1.8 1194 190.196.21.98 1194 extendable
ip nat inside source static tcp 192.168.1.4 3389 190.196.21.98 3389 extendable
ip nat inside source static tcp 192.168.1.9 3389 190.196.21.98 10000 extendable
ip nat inside source static tcp 192.168.1.3 3389 190.196.21.98 20000 extendable
ip route 0.0.0.0 0.0.0.0 190.196.21.97
access-list 1 permit 192.168.1.0 0.0.0.255
control-plane
line con 0
password $
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 5
access-class 23 in
privilege level 15
password #
transport input telnet ssh
no scheduler allocate
end -
Updating to iOS 8.3 has caused a connectivity issue between my iPad and my Dual150 external GPS. Can I revert to a previous version of iOS?
The only way to get this working again is to downgrade to 8.2
Seems Apple does not have this on a high priority list and am not willing to buy something that works for a lot of money. The flying community who uses this for navigation is having a lot of problems with this issue. The position awareness is compromised. Hope they fix this quickly -
Dear All,
I'm using Cisco ASA 5505 Firewall and I want the email alert from my Firewall if the CPU increase more than 70 %. Is it possible, Please help me.
Thanks
VijayHi Vijay,
If can be done but you need any network management software. I personally dont think you can ask your ask to send mails. ASA can trigger alert to a SNMP configured server which will intern send mail to you
HTH, -
I have connection problems between the mini ipad and my powerbook g4, you are not allowed to see or share applications.
That is not possible.
-
How to configure array for UAG 2010 with topology Between a frontend firewall and a backend firewall
Hi,
We want to publish exchange 2013 through UAG 2010. What is the best topology for UAG 2010?
Can we configure UAG 2010 arrawy with topology "Between a frontend firewall and a backend firewall" ?
Can we configure UAG 2010 array in workgroup?
What is the drawback to use ARR to publish exchange 2013?
Thanks
Jitender
jitenderHi Jitender - I have doen quite a few UAG deployments like this and is fully supported sitting in a DMZ between Firewalls. However, for an array the UAG Servers muts be domain joined. In these deployments the question is whether to place a Domain In the
DMZ (locked down of course) or allow traffic through to a domain controller via the backend firewall.
The link you require is here -
http://technet.microsoft.com/en-gb/library/ee428826.aspx
Kr
John Davies -
I cannot connect bluetooth between an iPhone 3GS and iPhone 4.
I cannot connect bluetooth between an iPhone 3GS and iPhone 4S. Any reasons this might be happening? Any suggestions on how to fix it? Thank you.
To access iCloud all your iPhone needs is iOS 5 or later and an Internet connection, either via cell service or WiFi. Then just set up iCloud with the same Apple ID and password you've been using on your iPhone 4.
You might want to consider just getting your iPhone 4 replaced by Apple. Based on the prices I've seen for iPhone 3GS units, Apple's replacement price isn't that much more, and you'll be certain of getting a working, non-hacked iPhone. Apple's replacement price for the iPhone 4 is US $149.
http://www.apple.com/support/iphone/service/faq/
Regards. -
Difference between Cisco DCNM and CISCO Fabric Manager
Hello Everyone,
I am new to Cisco SAN and just would like to know the differences between cisco DCNM and Cisco Fabric manager and which one is latest as of now.
regards
VINAYHi Viany,
Fabric Manager was renamed DCNM starting at 5.2.
Fabric Manager only monitors SAN Fabrics, while DCNM 5.2 and above can monitor both SAN Fabrics and Ethernet LANs.
Regards,
David -
Difference between ASA 8.3 and 8.4 IOS VERSION?
What are major differences between ASA 8.3 and 8.4 IOS VERSION?
Also data flow?The release notes outline the differences in each version of ASA software. You can find the ASA 8.4 Release Notes here.
I don't understand what you're asking about data flow. -
Cisco Call Manager 8.5 and Lync 2013
Dear all,
Our customer wants to integrate their Lync 2013 to the Cisco Call Manager 8.5.
Out of some not so recent information i thought that if u want to use the enterprise voice of lync you'll have to make a sip trunk between Cisco Call Manager & Lync 2013.
I think that this still counts, i've also heard that there have been a moderate amount of changes between cucm 8.5 and cucm 8.6 on matters of sip.
I'm unable to find them though, also what does CUCI - Lync do?
Kr,
Yannick VranckxHi Yannick,
There can be three types of integrations between Lync and Cisco Systems
1) Direct SIP Trunk between Lync Server and Call Manager - In this, we can setup shared line between Cisco extensions and Lync extensions, and Sip trunk between the servers. Any Cisco phone / Lync client can call each other vice-versa. Initial setup needs planning, but later it does not need much configurations in client side. The following document explains the configurations needed.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucilync/9/CUCI_BK_C0B36AC1_00_cisco-uc-integration-for-microsoft.pdf
2) CUCILYNC, which is like Cisco Jabber client but connects with Lync and Call Manager: Lync Client <----> CUCILYNC <-----> CUCM
In this option, a plug-in is installed in each client side. Although initial configurations is easier, each user needs to install the client and operate it. The below document explains the configuration and setup.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucilync/9/CUCI_BK_C0545A41_00_cisco-uc-integration-for-microsoft.html
3) RCC (Remote Call Plugin) which just provides basic call control feature but for that you need Cisco Unified Presence Server: Lync Client <----> CUPS <-----> CUCM
HTH
Manish -
Cisco Call Manager replication issue
Hello
We are running a cluster of 3 servers with Cisco Call Manager version 6
I have noticed that the replication status is 3 on all servers and from the CM Database Status I can see queue of updates are stuck
I have restarted Pub and one Sub but the status is still 3 and queue status is still the same
Is there anything I can do to make it work?
Thank youThank you,
I will try them tomorrow, but I thought restarting the servers will also reset the replication
Btw, there was a time difference on the servers due to NTP failure and I have just noticed that Pub can not see one of the Subs, the replication status is 0 and
g_cucs01_ccm6_1_2_1000_13 2 Active Connected 0 Sep 15 10:21:37
g_cucs02_ccm6_1_2_1000_13 11 Active Connected 0 Sep 15 10:35:19
g_cucs03_ccm6_1_2_1000_13 19 Active Dropped 92939 Aug 20 07:51:14
g_cucs08_ccm6_1_2_1000_13 18 Active Local 0
Maybe you are looking for
-
Need to get the overtime hours worked for Report
Dear Experts, We have configured Overtime for client and it is working fine. But for custom report development we need to get the overtime hours worked. We have searched in B2 cluster and not able to identify exact overtime table. Request your sugges
-
How to add a new SIT in HRMS?
How to add a new SIT in HRMS? Can I do it using Other Definitions?[i] What is the navigation for it?
-
Excuse me for asking a question about photo printers here, but I could not find a place in the Apple Discussions form for printers. I'm thinking about buying an Epson R1900 printer since my primary selection criteria is the quality of glossy photogra
-
Changing the datasource of LO cockpit inR/3..need a backup plan
Hi gurus, i am going to change the datasource in production system i have done everything in Dev and QAs but my client is asking for a backup plan if something goes wrong. like if the transport fails he want everthing to normal without effecting the
-
String szUsrName="venkat & ashique"; <a href="javascript : window.open(../jsp/Customer.jsp?cust_name=<%=szUsrName%">)"> </a> Request URL:=> Customer.jsp?cust_name=venkat & ashique --I think from ashique it is taking as another req parameter. but in C