GW / GK On 2811
Hi,
We have 30 Branches, in HO we have one 2811 Router with 4 FXS & FXO. FXO is connected to the PBX (1..) & FXS is connected to FAX. this router is acting as the gatekeeper for other branch Routers. When I call on the FXS Port it rings & I can speak but when I call on the PBX Extension it gives a busy tone. If somebody has GK/GW Scenario in one router pl help.
Hi,
On FXS Fax is connected & it works.
From the other branche somebody calls on our fax it works but PBX extension doesnot work.
The Scenario which is not working it
GW----GK----FXO
In my case at HO GW/GK is one 2811 router only.
I have attached the diagram for better understanding.
Similar Messages
-
Cisco 2811 SIP-to-SIP GW T.38 does not work!
Hello!
Diagram is something like this: Softswitch(MERA) -->>-- Cisco2811 -->>-- Softswitch(MERA) It's needed to limit traffic if one of SSWs is hacked. But it is not a subject. We just need such "construction".
Previously there was Cisco 1760 instead of 2811, result was the same. So I exclude platform and IOS.
1. Voice calls are sent and received fine in diagram above.
2. Fax are passed good between two Softswitches if I exclude Cisco2811.
3. Faxes are stopped immediately when I re-route voice traffic through Cisco2811 (in the same conditions on both Softswitches as in above paragraph 2. That is, Faxes are passed between Softswitches directly, I don't change anything on Softswitches, and I just re-route Voice from both Softswitches on C2811 - Faxes stop immediately).
4. Relevant configuraion:
voice service voip allow-connections sip to sip!!voice class uri Centrex sip host ^10\.0\.99\.111$!voice class uri RTU1 sip host ^10\.0\.99\.121$!voice class uri RTU2 sip host ^10\.0\.99\.221$!!voice class codec 1 codec preference 1 g711alaw bytes 80 codec preference 2 clear-channel!!voice translation-rule 112 rule 1 /^000112\(.*\)$/ /\1/!voice translation-rule 999 rule 1 /^999\(.*\)$/ /000\1/!voice translation-rule 999112 rule 1 /^\(.*\)$/ /999112\1/!voice translation-profile 112 translate called 112!voice translation-profile 999 translate called 999!voice translation-profile 999112 translate called 999112!!interface FastEthernet0/0.18 encapsulation dot1Q 18 ip address 10.0.99.29 255.255.255.0 no snmp trap link-status!!dial-peer voice 999112 voip translation-profile incoming 999112 voice-class codec 1 session protocol sipv2 incoming uri from Centrex dtmf-relay rtp-nte fax-relay ecm disable fax rate 9600 fax nsf 000000 fax protocol t38 ls-redundancy 3 hs-redundancy 0 fallback pass-through g711alaw no vad!dial-peer voice 999 voip translation-profile outgoing 999 destination-pattern 999.+ voice-class codec 1 session protocol sipv2 session target ipv4:10.0.99.99 session transport udp dtmf-relay rtp-nte fax-relay ecm disable fax rate 9600 fax nsf 000000 fax protocol t38 ls-redundancy 3 hs-redundancy 0 fallback pass-through g711alaw no vad!dial-peer voice 112 voip translation-profile outgoing 112 destination-pattern 000112.+ voice-class codec 1 session protocol sipv2 session target ipv4:10.0.99.100 session transport udp dtmf-relay rtp-nte fax-relay ecm disable fax rate 9600 fax nsf 000000 fax protocol t38 ls-redundancy 3 hs-redundancy 0 fallback pass-through g711alaw no vad!dial-peer voice 901 voip voice-class codec 1 session protocol sipv2 incoming uri from RTU1 dtmf-relay rtp-nte fax-relay ecm disable fax rate 9600 fax nsf 000000 fax protocol t38 ls-redundancy 3 hs-redundancy 0 fallback pass-through g711alaw no vad!dial-peer voice 902 voip voice-class codec 1 session protocol sipv2 incoming uri from RTU2 dtmf-relay rtp-nte fax-relay ecm disable fax rate 9600 fax nsf 000000 fax protocol t38 ls-redundancy 3 hs-redundancy 0 fallback pass-through g711alaw no vad!
5. TSHARK from left-side Softswitch:
16:10:51.680764 10.0.99.221 -> 10.0.99.29 SIP/SDP Request: INVITE sip:[email protected];user=phone, with session description16:10:51.721616 10.0.99.29 -> 10.0.99.221 SIP Status: 100 Trying16:10:55.413288 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 183 Session Progress, with session description16:10:55.418718 10.0.99.29 -> 10.0.99.221 SIP Status: 180 Ringing16:10:59.090481 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:10:59.091451 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:04.296532 10.0.99.29 -> 10.0.99.221 SIP Status: 488 Not Acceptable Media16:11:04.296708 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:04.793058 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:04.793262 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:05.793043 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:05.793261 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:07.793042 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:07.793300 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:11.793077 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:11.793264 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:15.793316 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:15.793541 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:19.793289 10.0.99.29 -> 10.0.99.221 SIP/SDP Status: 200 OK, with session description16:11:19.793538 10.0.99.221 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:11:23.794963 10.0.99.29 -> 10.0.99.221 SIP Request: BYE sip:[email protected]:5061;user=phone16:11:23.795650 10.0.99.221 -> 10.0.99.29 SIP Status: 200 OK
6. TSHARK from right-side Softswitch:
16:10:12.071247 10.0.99.111 -> 10.0.99.29 SIP/SDP Request: INVITE sip:[email protected];user=phone, with session description16:10:12.113708 10.0.99.29 -> 10.0.99.111 SIP Status: 100 Trying16:10:12.843352 10.0.99.29 -> 10.0.99.111 SIP/SDP Status: 183 Session Progress, with session description16:10:16.328955 10.0.99.29 -> 10.0.99.111 SIP/SDP Status: 200 OK, with session description16:10:16.329808 10.0.99.111 -> 10.0.99.29 SIP Request: ACK sip:[email protected]:506016:10:51.721600 10.0.99.29 -> 10.0.99.100 SIP/SDP Request: INVITE sip:[email protected]:5060, with session description16:10:51.723145 10.0.99.100 -> 10.0.99.29 SIP Status: 100 Trying16:10:55.384493 10.0.99.100 -> 10.0.99.29 SIP/SDP Status: 183 Progress, with session description16:10:55.392178 10.0.99.100 -> 10.0.99.29 SIP Status: 180 Ringing16:10:59.069771 10.0.99.100 -> 10.0.99.29 SIP/SDP Status: 200 OK, with session description16:10:59.088587 10.0.99.29 -> 10.0.99.100 SIP Request: ACK sip:[email protected]:5060
7. Debug output for "debug ccsip all" and "debug voice dialpeer all"
Router#*Sep 19 12:27:55.107: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportSetAgeingTimer: Aging timer initiated for holder=0x4654DA30,addr=10.0.99.111*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpSocketReads: Msg enqueued for SPI with IP addr: 10.0.99.221:5061*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x00000000*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 10.0.99.221,Port 5061, Transport 1, SentBy Port 5061*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:INVITE sip:[email protected];user=phone SIP/2.0Via: SIP/2.0/UDP 10.0.99.221:5061;rport;branch=z9hG4bK-3628481038-3792786178-436258467-408012644From: <sip:[email protected]:5061;user=phone>;tag=4095425038-3792786178-436258467-408012644To: <sip:[email protected];user=phone>Call-ID: [email protected]: 1 INVITEContact: <sip:[email protected]:5061;user=phone>Content-Type: application/sdpAllow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, REFER, REGISTER, UPDATEMax-Forwards: 70User-Agent: MERA MVTS3G v.4.4.0-15Cisco-Guid: 237931618-38998498-2747662362-1690784024Category: 10Content-Length: 313v=0o=- 1348056651 1348056651 IN IP4 10.0.99.221s=-c=IN IP4 10.0.99.221t=0 0m=audio 17294 RTP/AVP 8 0 18 4 96a=rtpmap:8 PCMA/8000a=rtpmap:0 PCMU/8000a=rtpmap:18 G729/8000a=fmtp:18 annexb=noa=rtpmap:4 G723/8000a=fmtp:4 annexa=yesa=rtpmap:96 telephone-event/8000a=fmtp:96 0-15a=sendrecv*Sep 19 12:27:55.267: //-1/0E2E8C62A3C6/SIP/State/sipSPIChangeState: 0x4627A3B8 : State change from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 10.0.99.221,Port 5061, Transport 1, SentBy Port 5060*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Clock Time Zone is UTC, same as GMT: Using GMT*Sep 19 12:27:55.267: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 10.0.99.221,Port 5061, Transport 1, SentBy Port 5061*Sep 19 12:27:55.271: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetGtdBody: No valid GTD body found.*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/sipSPIUaddCcbToUASReqTable: ****Adding to UAS Request table.*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x4627A3B8 [email protected]*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/sipSPIMatchSrcIpGroup: Match not found on carrier id*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/sipSPIMatchSrcIpGroup: Match not found on Incoming called number: 0001124957887603*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/sipSPIMatchSrcIpGroup: Match not found on destination pattern: 4991589848*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/SIP/Info/ccsipUpdateIncomingCallParams: ccCallInfo: Calling name , number 4991589848, Calling oct3 0x00, oct_3a 0x80, Called number 0001124957887603*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerCore: Calling Number=4991589848, Called Number=0001124957887603, Voice-Interface=0x0, Timeout=TRUE, Peer Encap Type=ENCAP_VOIP, Peer Search Type=PEER_TYPE_VOICE, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerCore: Match Rule=DP_MATCH_REQUEST_URI; URI=sip:[email protected];user=phone*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype: Is Incoming=TRUE, Number Expansion=FALSE*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Dial String=, Expanded String=, Calling Number= Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Result=-1*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype:exit@5392*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerCore: Match Rule=DP_MATCH_TO_URI; URI=sip:[email protected];user=phone*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype: Is Incoming=TRUE, Number Expansion=FALSE*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Dial String=, Expanded String=, Calling Number= Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Result=-1*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype:exit@5392*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerCore: Match Rule=DP_MATCH_FROM_URI; URI=sip:[email protected]:5061;user=phone*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype: Is Incoming=TRUE, Number Expansion=FALSE*Sep 19 12:27:55.271: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Dial String=, Expanded String=, Calling Number= Timeout=TRUE, Is Incoming=TRUE, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/DPM/MatchNextPeer: Result=Success(0); Incoming Dial-peer=902 Is Matched*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/DPM/dpMatchPeertype:exit@5392*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerCore: Result=Success(0) after DP_MATCH_FROM_URI; Incoming Dial-peer=902*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/DPM/dpAssociateIncomingPeerSPI:exit@5926*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/SIP/Info/sipSPIGetCallConfig: Peer tag 902 matched for incoming call*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/SIP/Info/sipSPIGetCallConfig: Using Voice Class Codec, tag = 1*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/SIP/Info/sipSPICopyPeerDataToCCB:From CLI: Modem NSE payload = 100, Passthrough = 0, Modem relay = 0, Gw-Xid = 1SPRT latency 200, SPRT Retries = 12, Dict Size = 1024 String Len = 32, Compress dir = 3*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/SIP/Info/sipSPIContinueNewMsgInvite: Calling name , number 4991589848, Calling oct3 0x00, oct_3a 0x80, ext_priv 0x00, Called number 0001124957887603, oct3 0x00*Sep 19 12:27:55.275: //-1/0E2E8C62A3C6/SIP/Info/sipSPIContinueNewMsgInvite: Carrier id code , prev_cid NONE, next_cid NONE, prev_tgrp NONE, next_tgrp NONE*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoMediaNegotiation: Number of m-lines = 1*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoAudioNegotiation: Codec (g711alaw) Negotiation Successful on Static Payload for m-line 1*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoPtimeNegotiation: No ptime present or multiple ptime attributes that can't be handled*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoDTMFRelayNegotiation: m-line index 1*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(96) could not be reserved.*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoDTMFRelayNegotiation: Requested DTMF-RELAY payload (96) is reserved by another application.*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoDTMFRelayNegotiation: Requested DTMF-RELAY option(s) not found in Preferred DTMF-RELAY option list!*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIStreamTypeAndDtmfRelay: DTMF Relay mode: Inband Voice*Sep 19 12:27:55.275: //-1/xxxxxxxxxxxx/SIP/Info/sip_sdp_get_modem_relay_cap_params: NSE payload from X-cap = 0*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sip_select_modem_relay_params: X-tmr not present in SDP. Disable modem relay*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIGetSDPDirectionAttribute: No direction attribute present or multiple direction attributes that can't be handled for m-line:1 and num-a-lines:0*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoAudioNegotiation: Codec negotiation successful for media line 1 payload_type=8, codec_bytes=80, codec=g711alaw, dtmf_relay=inband-voice stream_type=voice-only (0), dest_ip_address=10.0.99.221, dest_port=17294*Sep 19 12:27:55.275: //19/0E2E8C62A3C6/SIP/Media/sipSPIUpdCallWithSdpInfo: Preferred Codec : g711alaw, bytes :80 Preferred DTMF relay : rtp-nte Preferred NTE payload : 101 Early Media : No Delayed Media : No Bridge Done : No New Media : No DSP DNLD Reqd : No*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_report_media_to_peer: callId 19 peer 0 flags 0x201*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:CallID 19, sdp 0x45A61FCC channels 0x4627BC80SIP: (19) Attribute ptime, level 1 instance 1 not found.*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 8 mline 1*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711alaw*Sep 19 12:27:55.279: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation done: stream->negotiated_ptime=0,stream->negotiated_codec_bytes=80, coverted ptime=10 stream->mline_index=1, media_ndx=1*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 6 ptype 8 time 10, bytes 80 as channel 0 mline 1 ss 0 10.0.99.221:17294*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 0 mline 1*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711ulawSIP: (19) Attribute ptime, level 1 instance 1 not found.*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation NOT done, get ptime from sdp: ptime=0, media_ndx=1*Sep 19 12:27:55.279: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g711ulaw ptime :0, codecbytes: 0*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Codec bytes 0, use default packet rate 160*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 5 ptype 0 time 0, bytes 160 as channel 1 mline 1 ss 0 10.0.99.221:17294*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 18 mline 1*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPISelectCodecVersion: Codec (g729r8) is not in preferred list*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIRouter#P/Info/sipSPI_ipip_copy_sdp_to_channelInfo: An exact codec match not configured, using interoperable codec g729r8 pre-ietf*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g729r8 pre-ietfSIP: (19) Attribute ptime, level 1 instance 1 not found.*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation NOT done, get ptime from sdp: ptime=0, media_ndx=1*Sep 19 12:27:55.279: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g729r8 pre-ietf ptime :0, codecbytes: 0*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Codec bytes 0, use default packet rate 20*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 0 ptype 18 time 0, bytes 20 as channel 2 mline 1 ss 0 10.0.99.221:17294*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 4 mline 1*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPISelectCodecVersion: Codec (g723ar63) is not in preferred list*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: An exact codec match not configured, using interoperable codec g729r8 pre-ietf*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g729r8 pre-ietfSIP: (19) Attribute ptime, level 1 instance 1 not found.*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation NOT done, get ptime from sdp: ptime=0, media_ndx=1*Sep 19 12:27:55.279: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g729r8 pre-ietf ptime :0, codecbytes: 0*Sep 19 12:27:55.279: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Codec bytes 0, use default packet rate 20*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 0 ptype 4 time 0, bytes 20 as channel 3 mline 1 ss 0 10.0.99.221:17294*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 96 mline 1*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_report_media_to_peer:Report initial call media*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/copy_channels: callId 19 size 296 ptr 0x46646D94)*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_report_media_to_peer:CCSIP: Unable to report channel ind*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Media/sipSPIUpdCallWithSdpInfo: Stream type : voice-only Media line : 1 State : STREAM_ADDING (2) Callid : -1 Negotiated Codec : g711alaw, bytes :80 Negotiated DTMF relay : inband-voice Negotiated NTE payload : 0 Negotiated CN payload : 0 Media Srce Addr/Port : 10.0.99.29:0 Media Dest Addr/Port : 10.0.99.221:17294*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIHandleInviteMedia:Negotiated Codec : g711alaw, bytes :80Preferred Codec : g711alaw, bytes :80Preferred DTMF relay 1 : 6Preferred DTMF relay 2 : 0Negotiated DTMF relay : 0Preferred and Negotiated NTE payloads: 101 0Preferred and Negotiated NSE payloads: 100 0Preferred and Negotiated Modem Relay: 0 0Preferred and Negotiated Modem Relay GwXid: 1 0*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIDoQoSNegotiation: SDP body with media description*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPICanSetFallbackFlag: Local Fallback is not active*Sep 19 12:27:55.283: //-1/xxxxxxxxxxxx/SIP/Media/sipSPIReserveRtpPort: reserved port 19570 for stream 1*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIUpdateSrcSdpFixedPart: Reserving rtp port for stream 1, src_port=19570*Sep 19 12:27:55.283: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetMediaDirectionForStream: Setting Media direction SENDRECV for stream 1*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Setting stream 1 portnum to 19570*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIAddBillingInfoToCcb: sipCallId for billing records = [email protected]*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_store_channel_info: Store channelInfo in CallInfo*Sep 19 12:27:55.283: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICreateRawMsg: No GTD passed.*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIContinueNewMsgInvite: ccsip_api_call_setup_ind returned: SIP_SUCCESS*Sep 19 12:27:55.283: //19/0E2E8C62A3C6/SIP/Info/sipSPIUaddCcbToUASRespTable: ****Adding to UAS Response table.*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x4627A3B8 [email protected]*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Info/sipSPIUaddccCallIdToTable: Adding call id 13 to table*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: msg=0x4654E450, addr=10.0.99.221, port=5061, sentBy_port=5061, is_req=0, transport=1, switch=0, callBack=0x00000000*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0*Sep 19 12:27:55.287: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4654E450, addr=10.0.99.221, port=5061, connId=0 for UDP*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/State/sipSPIChangeState: 0x4627A3B8 : State change from (STATE_IDLE, SUBSTATE_NONE) to (STATE_RECD_INVITE, SUBSTATE_NONE)*Sep 19 12:27:55.287: //19/0E2E8C62A3C6/SIP/Info/sipSPIProcessContactInfo: Previous Hop 10.0.99.221:5061*Sep 19 12:27:55.287: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_PROCEEDING*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/dpMatchPeersCore: Calling Number=, Called Number=0001124957887603, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/dpMatchPeersCore: Match Rule=DP_MATCH_DEST; Called Number=0001124957887603*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/dpMatchCore: Dial String=0001124957887603, Expanded String=0001124957887603, Calling Number= Timeout=TRUE, Is Incoming=FALSE, Peer Info Type=DIALPEER_INFO_SPEECH*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/MatchNextPeer: Result=Success(0); Outgoing Dial-peer=112 Is Matched*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/dpMatchPeersCore: Result=Success(0) after DP_MATCH_DEST*Sep 19 12:27:55.291: //-1/0E2E8C62A3C6/DPM/dpMatchPeersMoreArg: Result=SUCCESS(0) List of Matched Outgoing Dial-peer(s): 1: Dial-peer Tag=112*Sep 19 12:27:55.291: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : State change from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)*Sep 19 12:27:55.291: //20/000000000000/SIP/Info/ccsip_call_setup_request: This a IPIP call: Chan 0, codec 6 channel 17294, ip A0063DD:17294 params 0x465F9EF4 caps 0x44ED30C8*Sep 19 12:27:55.291: //20/000000000000/SIP/Info/ccsip_call_setup_request: This a IPIP call: Chan 1, codec 5 channel 17294, ip A0063DD:17294 params 0x465F9EF4 caps 0x44ED30C8*Sep 19 12:27:55.291: //20/000000000000/SIP/Info/ccsip_call_setup_request: This a IPIP call: Chan 2, codec 0 channel 17294, ip A0063DD:17294 params 0x465F9EF4 caps 0x44ED30C8*Sep 19 12:27:55.291: //20/000000000000/SIP/Info/ccsip_call_setup_request: This a IPIP call: Chan 3, codec 0 channel 17294, ip A0063DD:17294 params 0x465F9EF4 caps 0x44ED30C8*Sep 19 12:27:55.291: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_SETUP*Sep 19 12:27:55.291: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler:*Sep 19 12:27:55.291: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: switch(ev.ev_id: 137)*Sep 19 12:27:55.291: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: peer ID 20 chans 0x44EE3BB0 event 137 flags 0x10020038 0x601 data 0x44EE3BB0*Sep 19 12:27:55.291: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: CC_EV_H245_SET_MODE: peer ID 20 chans 0x44EE3BB0 event 137 flags 0x10020038 0x601 data 0x44EE3BB0*Sep 19 12:27:55.295: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: CC_EV_H245_SET_MODE: peer ID 20 chans 0x44EE3BB0 event 137 flags 0x10020038 0x601 data 0x44EE3BB0, type = 3*Sep 19 12:27:55.295: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: CC_R_SUCCESS_WITH_CONFIRMED*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIUaddccCallIdToTable: Adding call id 14 to table*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/act_idle_continue_call_setup:*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIGetCallConfig: preferred_codec set[0] type :No Codec bytes: 0*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPICanSetFallbackFlag: Local Fallback is not active*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIGetCallConfig: Using Voice Class Codec, tag = 1*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPICopyPeerDataToCCB:From CLI: Modem NSE payload = 100, Passthrough = 0, Modem relay = 0, Gw-Xid = 1SPRT latency 200, SPRT Retries = 12, Dict Size = 1024 String Len = 32, Compress dir = 3*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp:callid 20, channels 0x44E96BE0 caps 0x44ED30C8*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp:pref dtmf 96*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIValidateGtd: No rawMsg from CCAPI*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIUaddCcbToUACTable: ****Adding to UAC table.*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x4627C64C [email protected]*Sep 19 12:27:55.295: //20/000000000000/SIP/Info/sipSPIUsetBillingProfile: sipCallId for billing records = [email protected]*Sep 19 12:27:55.295: //20/000000000000/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:55.295: //-1/xxxxxxxxxxxx/SIP/Media/sipSPIReserveRtpPort: reserved port 16926 for stream 1*Sep 19 12:27:55.299: //20/000000000000/SIP/Media/sipSPIAddSDPMediaPayload: Preferred method of dtmf relay is: 6, with payload: 101*Sep 19 12:27:55.299: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:27:55.299: //20/000000000000/SIP/Info/sip_generate_sdp_xcapsRouter#_list: Modem Relay and T38 disabled. X-cap not needed*Sep 19 12:27:55.299: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 10.0.99.100,Port 5060, Transport 1, SentBy Port 5060*Sep 19 12:27:55.299: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Clock Time Zone is UTC, same as GMT: Using GMT*Sep 19 12:27:55.299: //20/000000000000/SIP/Event/sipSPICreateRpid: Received Octet3A=0x80 -> Setting ;screen=no ;privacy=off*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipSPISendInvite: Sending Invite to the transport layer*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4654D520, addr=10.0.99.100, port=5060, sentBy_port=0, is_req=1, transport=1, switch=0, callBack=0x41086470*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0*Sep 19 12:27:55.299: //20/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4654D520*Sep 19 12:27:55.299: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4654D520, addr=10.0.99.100, port=5060, connId=3 for UDP*Sep 19 12:27:55.299: //20/000000000000/SIP/Info/sentInviteRequest: Sent Invite in state STATE_IDLE*Sep 19 12:27:55.303: //-1/xxxxxxxxxxxx/SIP/Info/sentInviteRequest: Transaction active. Facilities will be queued.*Sep 19 12:27:55.303: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : State change from (STATE_IDLE, SUBSTATE_NONE) to (STATE_SENT_INVITE, SUBSTATE_NONE)*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPIProcessRtpSessions: sipSPIProcessRtpSessions*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPIAddStream: Adding stream 1 of type voice+dtmf (callid 20) to the VOIP RTP library*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: sipSPIUpdateRtcpSession for m-line 1*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: rtcp_session info laddr = 10.0.99.29, lport = 16926, raddr = 0.0.0.0, rport=0, do_rtcp=FALSE src_callid = 20, dest_callid = -1, stream type = voice+dtmf, stream direction = RECVONLY media_ip_addr = 0.0.0.0*Sep 19 12:27:55.303: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: No rtp session, creating a new one*Sep 19 12:27:55.303: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:SIP/2.0 100 TryingVia: SIP/2.0/UDP 10.0.99.221:5061;rport;branch=z9hG4bK-3628481038-3792786178-436258467-408012644From: <sip:[email protected]:5061;user=phone>;tag=4095425038-3792786178-436258467-408012644To: <sip:[email protected];user=phone>;tag=114FC0-1F24Date: Wed, 19 Sep 2012 12:27:55 GMTCall-ID: [email protected]: Cisco-SIPGateway/IOS-12.xCSeq: 1 INVITEAllow-Events: telephone-eventContent-Length: 0*Sep 19 12:27:55.307: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:INVITE sip:[email protected]:5060 SIP/2.0Via: SIP/2.0/UDP 10.0.99.29:5060;branch=z9hG4bK1C14C0From: <sip:[email protected]>;tag=114FE0-26C0To: <sip:[email protected]>Date: Wed, 19 Sep 2012 12:27:55 GMTCall-ID: [email protected]: 100rel,timer,replacesMin-SE: 1800Cisco-Guid: 237931618-38998498-2747662362-1690784024User-Agent: Cisco-SIPGateway/IOS-12.xAllow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTERCSeq: 101 INVITEMax-Forwards: 70Remote-Party-ID: <sip:[email protected]>;party=calling;screen=no;privacy=offTimestamp: 1348057675Contact: <sip:[email protected]:5060>Expires: 180Allow-Events: telephone-eventContent-Type: application/sdpContent-Length: 241v=0o=CiscoSystemsSIP-GW-UserAgent 3284 8564 IN IP4 10.0.99.29s=SIP Callc=IN IP4 10.0.99.29t=0 0m=audio 16926 RTP/AVP 8 101c=IN IP4 10.0.99.29a=rtpmap:8 PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=ptime:10*Sep 19 12:27:55.307: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpSocketReads: Msg enqueued for SPI with IP addr: 10.0.99.100:5060*Sep 19 12:27:55.307: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x00000000*Sep 19 12:27:55.311: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 100 TryingVia: SIP/2.0/UDP 10.0.99.29:5060;branch=z9hG4bK1C14C0From: <sip:[email protected]>;tag=114FE0-26C0To: <sip:[email protected]>Call-ID: [email protected]: 101 INVITEContact: <sip:[email protected]:5060>Server: MERA MVTS3G v.4.4.0-15Timestamp: 1348057675Content-Length: 0*Sep 19 12:27:55.311: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : State change from (STATE_SENT_INVITE, SUBSTATE_NONE) to (STATE_RECD_PROCEEDING, SUBSTATE_PROCEEDING_PROCEEDING)Router#*Sep 19 12:27:58.971: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpSocketReads: Msg enqueued for SPI with IP addr: 10.0.99.100:5060*Sep 19 12:27:58.971: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x00000000*Sep 19 12:27:58.971: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 183 ProgressVia: SIP/2.0/UDP 10.0.99.29:5060;branch=z9hG4bK1C14C0From: <sip:[email protected]>;tag=114FE0-26C0To: <sip:[email protected]>;tag=2318849048-3792786178-436251047-2287060836Call-ID: [email protected]: 101 INVITEContact: <sip:[email protected]:5060>Content-Type: application/sdpServer: MERA MVTS3G v.4.4.0-15Content-Length: 239v=0o=- 1348056655 1348056655 IN IP4 10.0.99.111s=-c=IN IP4 10.0.99.111t=0 0m=audio 21550 RTP/AVP 8 101a=rtpmap:8 PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-15a=ptime:10a=sendrecva=silenceSupp:off - - - -*Sep 19 12:27:58.971: //20/000000000000/SIP/Info/HandleSIP1xxSessionProgress: Content-Disposition NOT received in 18x response - using default Content-Disposition values*Sep 19 12:27:58.971: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetGtdBody: No valid GTD body found.*Sep 19 12:27:58.971: //20/000000000000/SIP/Info/sipSPIDoMediaNegotiation: Number of m-lines = 1*Sep 19 12:27:58.971: //20/000000000000/SIP/Info/sipSPIDoAudioNegotiation: Codec (g711alaw) Negotiation Successful on Static Payload for m-line 1*Sep 19 12:27:58.971: //20/000000000000/SIP/Info/sipSPIDoPtimeNegotiation: One ptime attribute found - value:10*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g711alaw ptime :10, codecbytes: 80*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPIDoDTMFRelayNegotiation: m-line index 1*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) could not be reserved.*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPIDoDTMFRelayNegotiation: Payload type (101) is reserved for requested dtmf relay mode.*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPIDoDTMFRelayNegotiation: Case of partial named event(NE) match in fmtp list of events.*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/sip_sdp_get_modem_relay_cap_params: NSE payload from X-cap = 0*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sip_select_modem_relay_params: X-tmr not present in SDP. Disable modem relay*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPIGetSDPDirectionAttribute: No direction attribute present or multiple direction attributes that can't be handled for m-line:1 and num-a-lines:0*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPIDoAudioNegotiation: Codec negotiation successful for media line 1 payload_type=8, codec_bytes=80, codec=g711alaw, dtmf_relay=rtp-nte stream_type=voice+dtmf (1), dest_ip_address=10.0.99.111, dest_port=21550*Sep 19 12:27:58.975: //20/000000000000/SIP/Media/sipSPIUpdCallWithSdpInfo: Preferred Codec : g711alaw, bytes :80 Preferred DTMF relay : rtp-nte Preferred NTE payload : 101 Early Media : No Delayed Media : No Bridge Done : No New Media : No DSP DNLD Reqd : No*Sep 19 12:27:58.975: //20/000000000000/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_report_media_to_peer: callId 20 peer 19 flags 0x7*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:CallID 20, sdp 0x45C92F44 channels 0x4627DF14*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 8 mline 1*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711alaw*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation done: stream->negotiated_ptime=10,stream->negotiated_codec_bytes=80, coverted ptime=10 stream->mline_index=1, media_ndx=1*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 6 ptype 8 time 10, bytes 80 as channel 0 mline 1 ss 1 10.0.99.111:21550*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 101 mline 1*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/sipSPI_ipip_report_media_to_peer:Report initial call media*Sep 19 12:27:58.975: //20/000000000000/SIP/Info/copy_channels: callId 20 size 80 ptr 0x46655B7C)*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler:*Sep 19 12:27:58.975: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: switch(ev.ev_id: 131)*Sep 19 12:27:58.975: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: peer ID 20 chans 0x46655B7C event 131 flags 0x10020038 0x403 data 0x46655B7C*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: CC_EV_H245_OPEN_CHANNEL_IND: peer ID 20 chans 0x46655B7C event 131 flags 0x10020038 0x403 data 0x46655B7C*Sep 19 12:27:58.979: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_NEW_MEDIA*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_event_handler: ccsip_event_handler: set event->type = SIPSPI_EV_CC_NEW_MEDIA!: peer ID 20 chans 0x46655B7C event 131 flags 0x10020038 0x403 data 0x46655B7C*Sep 19 12:27:58.979: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: CC_R_SUCCESS_WITH_CONFIRMED*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_get_rtcp_session_parameters: CURRENT VALUES: stream_callid=-1, current_seq_num=0x1A8*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_get_rtcp_session_parameters: NEW VALUES: stream_callid=-1, current_seq_num=0x0*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_caps_ind: Load DSP with negotiated codec: g711alaw, Bytes=80*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_caps_ind: Set forking flag to 0x0*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sipSPISetDTMFRelayMode: Set DSP for dtmf-relay = CC_CAP_DTMF_RELAY_INBAND_VOICE_AND_OOB*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_set_modem_caps: Preferred (or the one that came from DSM) modem relay=1161273728, from CLI config=0*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_set_modem_caps: Disabling Modem Relay...*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_generate_sdp_xcaps_list: Modem Relay and T38 disabled. X-cap not needed*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_set_modem_caps: Negotiation already Done. Set negotiated Modem caps and generate SDP Xcap list*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_set_modem_caps: Modem Relay & Passthru both disabled*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sip_set_modem_caps: nse payload = 0, ptru mode = 0, ptru-codec=0, redundancy=0, xid=0, relay=0, sprt-retry=12, latecncy=200, compres-dir=3, dict=1024, strnlen=32*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Media/sipSPISetStreamInfo: 0 Active Streams*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Error/sipSPISetStreamInfo: Number of active streams is zero (0)!*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Media/sipSPISetStreamInfo:caps.stream_count=0,caps.stream[0].stream_type=0xFFFF, caps.stream_list.xmitFunc=*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Media/sipSPISetStreamInfo: ??unknown??, caps.stream_list.context=*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Media/sipSPISetStreamInfo: 0x0 (gccb)*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_caps_ind: Load DSP with codec : g711alaw, Bytes=80*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/ccsip_caps_ind: ccsip_caps_ind: ccb->flags_ipip = 0x403*Sep 19 12:27:58.979: //20/000000000000/SIP/Info/ccsip_caps_ack: Set forking flag to 0x0*Sep 19 12:27:58.979: //20/000000000000/SIP/Media/sipSPIUpdCallWithSdpInfo: Stream type : voice+dtmf Media line : 1 State : STREAM_ADDING (2) Callid : 20 Negotiated Codec : g711alaw, bytes :80 Negotiated DTMF relay : rtp-nte Negotiated NTE payload : 101 Negotiated CN payload : 0 Media Srce Addr/Port : 10.0.99.29:16926 Media Dest Addr/Port : 10.0.99.111:21550*Sep 19 12:27:58.979: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICreateRawMsg: No GTD passed.*Sep 19 12:27:58.979: //20/000000000000/SIP/Info/HandleSIP1xxSessionProgress: ccsip_api_call_cut_progress returned: SIP_SUCCESS*Sep 19 12:27:58.979: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : State change from (STATE_RECD_PROCEEDING, SUBSTATE_PROCEEDING_PROCEEDING) to (STATE_RECD_PROCEEDING, SUBSTATE_NONE)*Sep 19 12:27:58.979: //20/000000000000/SIP/Info/HandleSIP1xxSessionProgress: Transaction Complete. Lock on Facilities released.*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_handle_channel_info:CCSIP:callID 19 ft: 1, inc 8, 10.0.99.111:21550, codec 6*Sep 19 12:27:58.979: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp:callid 19, channels 0x46655B7C caps 0x44E8F284*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp:pref dtmf 101*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp: nego mline 1 dtmf 101 ss 1 ret 0*Sep 19 12:27:58.983: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPI_ipip_copy_channelInfo_to_sdp: retreive codec 6 ptype 8 time 10 bytes 80*Sep 19 12:27:58.983: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetMediaDirectionForStream: Setting Media direction SENDRECV for stream 1*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Setting stream 1 portnum to 19570*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Negotiated method of dtmf relayand pyld: 6 101*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPIProcessMediaChanges: sipSPIProcessMediaChanges*Sep 19 12:27:58.983: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_PROGRESS*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/ccsip_bridge: confID = 10, srcCallID = 19, dstCallID = 20*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/InfRouter#o/sipSPIUupdateCcCallIds: Old src/dest ccCallids: -1/-1, new src/dest ccCallids: 19/20*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Info/sipSPIUupdateCcCallIds: Old streamcallid=-1, new streamcallid=19*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Media/sipSPIProcessRtpSessions: sipSPIProcessRtpSessions*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Media/sipSPIAddStream: Adding stream 1 of type voice+dtmf (callid 19) to the VOIP RTP library*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Media/sipSPIUpdateRtcpSession: sipSPIUpdateRtcpSession for m-line 1*Sep 19 12:27:58.983: //19/0E2E8C62A3C6/SIP/Media/sipSPIUpdateRtcpSession: rtcp_session info laddr = 10.0.99.29, lport = 19570, raddr = 10.0.99.221, rport=17294, do_rtcp=TRUE src_callid = 19, dest_callid = 20, stream type = voice+dtmf, stream direction = SENDRECV media_ip_addr = 10.0.99.221*Sep 19 12:27:58.987: //19/0E2E8C62A3C6/SIP/Media/sipSPIUpdateRtcpSession: No rtp session, creating a new one*Sep 19 12:27:58.987: //19/0E2E8C62A3C6/SIP/Info/sipSPIUpdateRtcpSession: Process Media changes is still pending.*Sep 19 12:27:58.987: //19/0E2E8C62A3C6/SIP/Media/sipSPIGetNewLocalMediaDirection: New Remote Media Direction = SENDRECV Present Local Media Direction = SENDRECV New Local Media Direction = SENDRECV retVal = 0*Sep 19 12:27:58.987: //20/000000000000/SIP/Info/ccsip_bridge: confID = 10, srcCallID = 20, dstCallID = 19*Sep 19 12:27:58.987: //20/000000000000/SIP/Info/sipSPIUupdateCcCallIds: Old src/dest ccCallids: -1/-1, new src/dest ccCallids: 20/19*Sep 19 12:27:58.987: //20/000000000000/SIP/Info/sipSPIUupdateCcCallIds: Old streamcallid=20, new streamcallid=20*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIProcessRtpSessions: sipSPIProcessRtpSessions*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIAddStream: Adding stream 1 of type voice+dtmf (callid 20) to the VOIP RTP library*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: sipSPIUpdateRtcpSession for m-line 1*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: rtcp_session info laddr = 10.0.99.29, lport = 16926, raddr = 10.0.99.111, rport=21550, do_rtcp=TRUE src_callid = 20, dest_callid = 19, stream type = voice+dtmf, stream direction = SENDRECV media_ip_addr = 10.0.99.111*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIUpdateRtcpSession: RTP session already created - update*Sep 19 12:27:58.987: //20/000000000000/SIP/Media/sipSPIGetNewLocalMediaDirection: New Remote Media Direction = SENDRECV Present Local Media Direction = SENDRECV New Local Media Direction = SENDRECV retVal = 0*Sep 19 12:27:58.991: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpSocketReads: Msg enqueued for SPI with IP addr: 10.0.99.100:5060*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Info/sipSPIValidateGtd: No rawMsg from CCAPI*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Info/sipSPISendInviteResponse183: Session Type is Media/Qos/Security/RTR SDP body is attached*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Transport/sipSPISendInviteResponse: Sending 183 Response to the Transport Layer*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: msg=0x4654DFD0, addr=10.0.99.221, port=5061, sentBy_port=5061, is_req=0, transport=1, switch=0, callBack=0x41086D90*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0*Sep 19 12:27:58.991: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4654DFD0, addr=10.0.99.221, port=5061, connId=0 for UDP*Sep 19 12:27:58.991: //19/0E2E8C62A3C6/SIP/Info/sentInviteResponse18x: Sent a 18x Response*Sep 19 12:27:58.991: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x00000000*Sep 19 12:27:58.991: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 180 RingingVia: SIP/2.0/UDP 10.0.99.29:5060;branch=z9hG4bK1C14C0From: <sip:[email protected]>;tag=114FE0-26C0To: <sip:[email protected]>;tag=2318849048-3792786178-436251047-2287060836Call-ID: [email protected]: 101 INVITEContact: <sip:[email protected]:5060>Server: MERA MVTS3G v.4.4.0-15Content-Length: 0*Sep 19 12:27:58.995: //20/000000000000/SIP/Info/ccsip_api_call_alert: SDP Body either absent or ignored in 180 RINGING:- will wait for 200 OK to do negotiation.*Sep 19 12:27:58.995: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICreateRawMsg: No GTD passed.*Sep 19 12:27:58.995: //20/000000000000/SIP/Info/HandleSIP1xxRinging: ccsip_api_call_alert returned: SIP_SUCCESS*Sep 19 12:27:58.995: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : State change from (STATE_RECD_PROCEEDING, SUBSTATE_NONE) to (STATE_RECD_PROCEEDING, SUBSTATE_NONE)*Sep 19 12:27:58.995: //20/000000000000/SIP/Info/HandleSIP1xxRinging: Transaction Complete. Lock on Facilities released.*Sep 19 12:27:58.995: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:SIP/2.0 183 Session ProgressVia: SIP/2.0/UDP 10.0.99.221:5061;rport;branch=z9hG4bK-3628481038-3792786178-436258467-408012644From: <sip:[email protected]:5061;user=phone>;tag=4095425038-3792786178-436258467-408012644To: <sip:[email protected];user=phone>;tag=114FC0-1F24Date: Wed, 19 Sep 2012 12:27:55 GMTCall-ID: [email protected]: Cisco-SIPGateway/IOS-12.xCSeq: 1 INVITEAllow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTERAllow-Events: telephone-eventContact: <sip:[email protected]:5060>Content-Disposition: session;handling=requiredContent-Type: application/sdpContent-Length: 268v=0o=CiscoSystemsSIP-GW-UserAgent 4191 6681 IN IP4 10.0.99.29s=SIP Callc=IN IP4 10.0.99.29t=0 0m=audio 19570 RTP/AVP 8 101c=IN IP4 10.0.99.29a=rtpmap:8 PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-15a=ptime:10a=silenceSupp:off - - - -*Sep 19 12:27:58.999: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_ALERTING*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Info/sipSPIValidateGtd: No rawMsg from CCAPI*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Transport/sipSPISendInviteResponse: Sending 180 Response to the Transport Layer*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: msg=0x4654DFD0, addr=10.0.99.221, port=5061, sentBy_port=5061, is_req=0, transport=1, switch=0, callBack=0x41086D90*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0*Sep 19 12:27:58.999: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4654DFD0, addr=10.0.99.221, port=5061, connId=0 for UDP*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/Info/sentInviteResponse18x: Sent a 18x Response*Sep 19 12:27:58.999: //19/0E2E8C62A3C6/SIP/State/sipSPIChangeState: 0x4627A3B8 : State change from (STATE_RECD_INVITE, SUBSTATE_NONE) to (STATE_SENT_ALERTING, SUBSTATE_NONE)*Sep 19 12:27:59.003: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Sent:SIP/2.0 180 RingingVia: SIP/2.0/UDP 10.0.99.221:5061;rport;branch=z9hG4bK-3628481038-3792786178-436258467-408012644From: <sip:[email protected]:5061;user=phone>;tag=4095425038-3792786178-436258467-408012644To: <sip:[email protected];user=phone>;tag=114FC0-1F24Date: Wed, 19 Sep 2012 12:27:55 GMTCall-ID: [email protected]: Cisco-SIPGateway/IOS-12.xCSeq: 1 INVITEAllow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTERAllow-Events: telephone-eventContact: <sip:[email protected]:5060>Content-Length: 0Router#*Sep 19 12:28:02.655: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpSocketReads: Msg enqueued for SPI with IP addr: 10.0.99.100:5060*Sep 19 12:28:02.655: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x00000000*Sep 19 12:28:02.655: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:Received:SIP/2.0 200 OKVia: SIP/2.0/UDP 10.0.99.29:5060;branch=z9hG4bK1C14C0From: <sip:[email protected]>;tag=114FE0-26C0To: <sip:[email protected]>;tag=2318849048-3792786178-436251047-2287060836Call-ID: [email protected]: 101 INVITEContact: <sip:[email protected]:5060>Content-Type: application/sdpAllow: ACK, BYE, CANCEL, INFO, INVITE, OPTIONS, REFER, REGISTER, SUBSCRIBE, UPDATEServer: MERA MVTS3G v.4.4.0-15X-mera-expires: 86460Content-Length: 239v=0o=- 1348056655 1348056655 IN IP4 10.0.99.111s=-c=IN IP4 10.0.99.111t=0 0m=audio 21550 RTP/AVP 8 101a=rtpmap:8 PCMA/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-15a=ptime:10a=sendrecva=silenceSupp:off - - - -*Sep 19 12:28:02.659: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetGtdBody: No valid GTD body found.*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIhandle200OKInvite: Transaction active. Facilities will be queued.*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIhandle200OKInvite: *** This ccb is the parent*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoMediaNegotiation: Number of m-lines = 1*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoAudioNegotiation: Codec (g711alaw) Negotiation Successful on Static Payload for m-line 1*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoPtimeNegotiation: One ptime attribute found - value:10*Sep 19 12:28:02.659: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g711alaw ptime :10, codecbytes: 80*Sep 19 12:28:02.659: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoDTMFRelayNegotiation: m-line index 1*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoDTMFRelayNegotiation: Case of partial named event(NE) match in fmtp list of events.*Sep 19 12:28:02.659: //-1/xxxxxxxxxxxx/SIP/Info/sip_sdp_get_modem_relay_cap_params: NSE payload from X-cap = 0*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sip_do_nse_negotiation: Remote NSE payload = local one = 0, Use it*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sip_select_modem_relay_params: X-tmr not present in SDP. Disable modem relay*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIGetSDPDirectionAttribute: No direction attribute present or multiple direction attributes that can't be handled for m-line:1 and num-a-lines:0*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPIDoAudioNegotiation: Codec negotiation successful for media line 1 payload_type=8, codec_bytes=80, codec=g711alaw, dtmf_relay=rtp-nte stream_type=voice+dtmf (1), dest_ip_address=10.0.99.111, dest_port=21550*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPICompareStreams: stream 1 dest_port: old=21550 new=21550*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPIGetNewLocalMediaDirection: New Remote Media Direction = SENDRECV Present Local Media Direction = SENDRECV New Local Media Direction = SENDRECV retVal = 0*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPICompareStreams: Flags set for stream 1: RTP_CHANGE=No CAPS_CHANGE=No*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPICompareSDP: Flags set for call: NEW_MEDIA=No DSPDNLD_REQD=No IPIP_MEDIA=No*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPIUpdCallWithSdpInfo: Preferred Codec : g711alaw, bytes :80 Preferred DTMF relay : rtp-nte Preferred NTE payload : 101 Early Media : No Delayed Media : No Bridge Done : Yes New Media : No DSP DNLD Reqd : No*Sep 19 12:28:02.659: //20/000000000000/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.0.99.29*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPI_ipip_report_media_to_peer: callId 20 peer 19 flags 0x407*Sep 19 12:28:02.659: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:CallID 20, sdp 0x45CB1F40 channels 0x4627DF14*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 8 mline 1*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711alaw*Sep 19 12:28:02.663: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711alaw codecbytes :80, ptime: 10*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation done: stream->negotiated_ptime=10,stream->negotiated_codec_bytes=80, coverted ptime=10 stream->mline_index=1, media_ndx=1*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Adding codec 6 ptype 8 time 10, bytes 80 as channel 0 mline 1 ss 1 10.0.99.111:21550*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:Hndl ptype 101 mline 1*Sep 19 12:28:02.663: //20/000000000000/SIP/Media/sipSPIUpdCallWithSdpInfo: Stream type : voice+dtmf Media line : 1 State : STREAM_ACTIVE (5) Callid : 20 Negotiated Codec : g711alaw, bytes :80 Negotiated DTMF relay : rtp-nte Negotiated NTE payload : 101 Negotiated CN payload : 0 Media Srce Addr/Port : 10.0.99.29:16926 Media Dest Addr/Port : 10.0.99.111:21550*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPIProcessMediaChanges: sipSPIProcessMediaChanges*Sep 19 12:28:02.663: //20/000000000000/SIP/Info/sipSPIhandle200OKInvite: ccsip_api_call_connect_media returned: SIP_SUCCESS*Sep 19 12:28:02.663: //20/000000000000/SIP/State/sipSPIChangeState: 0x4627C64C : SHi Ellad.
Why don't try to use the 2811 as a SIP signalling proxy only?
In this way the media (RTP or T.38) will be handled only from the two MERA SoftSwitch.
To do this you must enable CUBE on your 2811 and use these special commands:
voice service voip
media flow-around
allow-connections sip to sip
signaling forward unconditional
sip
rel1xx disable
header-passing
midcall-signaling passthru
pass-thru headers unsupp
pass-thru content unsupp
pass-thru content sdp
I don't remember if we have already try this solution.
Regards. -
ASA 5510 with Cisco 2811 Router Behind it - Not forwarding traffic
Hi all,
Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it.
Some examples that work.
I can SSH into the ASA.
I can SSH to the Cisco Routers behind the ASA.
I cannot reach items beind the Cisco Routers.
My Configuration is this (I am sure I included a bunch of info I didn't need to, but I am hoping it'll help!):
I have a static Ip assigned to my Ouside Interface Ethernet 0/1
It has an IP address of 199.195.xxx.xxx
I am trying to learn how to shape network traffic (this is all new to me) via the ASA and the Routers to specific devices.
The Inside Interface on the ASA is 10.10.1.1 255.255.255.252
The Outside Interface on the 2811 is 10.10.1.2 255.255.255.252
I can ping the router from the ASA. I can SSH through the ASA to the router.
BUT I CANNOT ACCESS DEVICES BEHIND THE ROUTER.
So, I wanted to BAM that statement above because I just don't kjnow where the issue is. Is the issue on the router or the ASA, my guess is, the router, but I just don't know.
Here are my configs, helpfully someone can help.
ASA errors on the ASDM when I try and hit resources; specifically a web device behind the ASA and the 2811. It's Ip address 192.168.1.5 it's listening on port 80.Static IP, not assigned via DHCP.
6
Feb 14 2014
19:38:56
98.22.121.x
41164
192.168.1.5
80
Built inbound TCP connection 1922859 for Outside:98.22.121.x/41164 (98.22.121.x/41164) to Inside:192.168.1.5/80 (199.195.168.x/8080)
6
Feb 14 2014
19:38:56
10.10.1.2
80
98.22.121.x
41164
Deny TCP (no connection) from 10.10.1.2/80 to 98.22.121.x/41164 flags SYN ACK on interface Inside
ASA5510# sh nat
Auto NAT Policies (Section 2)
1 (DMZ) to (Outside) source static ROUTER-2821 interface service tcp ssh 2222
translate_hits = 1, untranslate_hits = 18
2 (Inside) to (Outside) source static ROUTER-2811 interface service tcp ssh 222
translate_hits = 0, untranslate_hits = 13
3 (VOIP) to (Outside) source static ROUTER-3745 interface service tcp ssh 2223
translate_hits = 0, untranslate_hits = 3
4 (Inside) to (Outside) source static RDP-DC1 interface service tcp 3389 3389
translate_hits = 0, untranslate_hits = 236
5 (Inside) to (Outside) source static WEBCAM-01 interface service tcp www 8080
translate_hits = 0, untranslate_hits = 162
Manual NAT Policies (Section 3)
1 (any) to (Outside) source dynamic PAT-SOURCE interface
translate_hits = 1056862, untranslate_hits = 83506
ASA5510# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list USERS; 1 elements; name hash: 0x50681c1e
access-list USERS line 1 standard permit 10.10.1.0 255.255.255.0 (hitcnt=0) 0xdd6ba495
access-list Outside_access_in; 5 elements; name hash: 0xe796c137
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x host 10.10.1.2 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x host 10.10.0.2 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 3 extended permit tcp host 98.22.121.x interface Outside eq https (hitcnt=0) 0x385488b2
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x object WEBCAM-01 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x host 192.168.1.5 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389 (hitcnt=3) 0x02f13f4e
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x host 192.168.1.2 eq 3389 (hitcnt=3) 0x02f13f4e
access-list dmz-access-vlan1; 1 elements; name hash: 0xc3450860
access-list dmz-access-vlan1 line 1 extended permit ip 128.162.1.0 255.255.255.0 any (hitcnt=0) 0x429fedf1
access-list dmz-access; 3 elements; name hash: 0xf53f5801
access-list dmz-access line 1 remark Permit all traffic to DC1
access-list dmz-access line 2 extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2 (hitcnt=0) 0xd2dced0a
access-list dmz-access line 3 remark Permit only DNS traffic to DNS server
access-list dmz-access line 4 extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain (hitcnt=0) 0xbb21093e
access-list dmz-access line 5 remark Permit ICMP to all devices in DC
access-list dmz-access line 6 extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x71269ef7
CISCO-2811#show access-lists
Standard IP access list 1
10 permit any (1581021 matches)
CISCO-2811#show translate
CISCO-2811#show route
CISCO-2811#show route-map
CISCO-2811#show host
CISCO-2811#show hosts
Default domain is maladomini.int
Name/address lookup uses domain service
Name servers are 192.168.1.2, 199.195.168.4, 205.171.2.65, 205.171.3.65, 8.8.8.8
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
api.mixpanel.com None (temp, OK) 2 IP 198.23.64.21
198.23.64.22
198.23.64.18
198.23.64.19
198.23.64.20
ASA5510:
ASA5510# sh run all
: Saved
ASA Version 9.1(4)
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname ASA5510
domain-name maladomini.int
enable password x encrypted
no fips enable
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
passwd x encrypted
names
dns-guard
lacp system-priority 32768
interface Ethernet0/0
description LAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
delay 10
interface Ethernet0/1
description WAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Outside
security-level 0
ip address 199.195.168.xxx 255.255.255.240
delay 10
interface Ethernet0/2
description DMZ
speed auto
duplex auto
no flowcontrol send on
nameif DMZ
security-level 100
ip address 10.10.0.1 255.255.255.252
delay 10
interface Ethernet0/3
description VOIP
speed auto
duplex auto
no flowcontrol send on
nameif VOIP
security-level 100
ip address 10.10.2.1 255.255.255.252
delay 10
interface Management0/0
speed auto
duplex auto
management-only
shutdown
nameif management
security-level 0
no ip address
delay 10
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[\r\n\t ]+[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[\r\n\t ]+[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_windows-media-player-tunnel "NSPlayer"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_firethru-tunnel_1 "firethru[.]com"
checkheaps check-interval 60
checkheaps validate-checksum 60
boot system disk0:/asa914-k8.bin
ftp mode passive
clock timezone UTC 0
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.195.168.4
name-server 205.171.2.65
name-server 205.171.3.65
domain-name maladomini.int
same-security-traffic permit inter-interface
object service ah pre-defined
service ah
description This is a pre-defined object
object service eigrp pre-defined
service eigrp
description This is a pre-defined object
object service esp pre-defined
service esp
description This is a pre-defined object
object service gre pre-defined
service gre
description This is a pre-defined object
object service icmp pre-defined
service icmp
description This is a pre-defined object
object service icmp6 pre-defined
service icmp6
description This is a pre-defined object
object service igmp pre-defined
service igmp
description This is a pre-defined object
object service igrp pre-defined
service igrp
description This is a pre-defined object
object service ip pre-defined
service ip
description This is a pre-defined object
object service ipinip pre-defined
service ipinip
description This is a pre-defined object
object service ipsec pre-defined
service esp
description This is a pre-defined object
object service nos pre-defined
service nos
description This is a pre-defined object
object service ospf pre-defined
service ospf
description This is a pre-defined object
object service pcp pre-defined
service pcp
description This is a pre-defined object
object service pim pre-defined
service pim
description This is a pre-defined object
object service pptp pre-defined
service gre
description This is a pre-defined object
object service snp pre-defined
service snp
description This is a pre-defined object
object service tcp pre-defined
service tcp
description This is a pre-defined object
object service udp pre-defined
service udp
description This is a pre-defined object
object service tcp-aol pre-defined
service tcp destination eq aol
description This is a pre-defined object
object service tcp-bgp pre-defined
service tcp destination eq bgp
description This is a pre-defined object
object service tcp-chargen pre-defined
service tcp destination eq chargen
description This is a pre-defined object
object service tcp-cifs pre-defined
service tcp destination eq cifs
description This is a pre-defined object
object service tcp-citrix-ica pre-defined
service tcp destination eq citrix-ica
description This is a pre-defined object
object service tcp-ctiqbe pre-defined
service tcp destination eq ctiqbe
description This is a pre-defined object
object service tcp-daytime pre-defined
service tcp destination eq daytime
description This is a pre-defined object
object service tcp-discard pre-defined
service tcp destination eq discard
description This is a pre-defined object
object service tcp-domain pre-defined
service tcp destination eq domain
description This is a pre-defined object
object service tcp-echo pre-defined
service tcp destination eq echo
description This is a pre-defined object
object service tcp-exec pre-defined
service tcp destination eq exec
description This is a pre-defined object
object service tcp-finger pre-defined
service tcp destination eq finger
description This is a pre-defined object
object service tcp-ftp pre-defined
service tcp destination eq ftp
description This is a pre-defined object
object service tcp-ftp-data pre-defined
service tcp destination eq ftp-data
description This is a pre-defined object
object service tcp-gopher pre-defined
service tcp destination eq gopher
description This is a pre-defined object
object service tcp-ident pre-defined
service tcp destination eq ident
description This is a pre-defined object
object service tcp-imap4 pre-defined
service tcp destination eq imap4
description This is a pre-defined object
object service tcp-irc pre-defined
service tcp destination eq irc
description This is a pre-defined object
object service tcp-hostname pre-defined
service tcp destination eq hostname
description This is a pre-defined object
object service tcp-kerberos pre-defined
service tcp destination eq kerberos
description This is a pre-defined object
object service tcp-klogin pre-defined
service tcp destination eq klogin
description This is a pre-defined object
object service tcp-kshell pre-defined
service tcp destination eq kshell
description This is a pre-defined object
object service tcp-ldap pre-defined
service tcp destination eq ldap
description This is a pre-defined object
object service tcp-ldaps pre-defined
service tcp destination eq ldaps
description This is a pre-defined object
object service tcp-login pre-defined
service tcp destination eq login
description This is a pre-defined object
object service tcp-lotusnotes pre-defined
service tcp destination eq lotusnotes
description This is a pre-defined object
object service tcp-nfs pre-defined
service tcp destination eq nfs
description This is a pre-defined object
object service tcp-netbios-ssn pre-defined
service tcp destination eq netbios-ssn
description This is a pre-defined object
object service tcp-whois pre-defined
service tcp destination eq whois
description This is a pre-defined object
object service tcp-nntp pre-defined
service tcp destination eq nntp
description This is a pre-defined object
object service tcp-pcanywhere-data pre-defined
service tcp destination eq pcanywhere-data
description This is a pre-defined object
object service tcp-pim-auto-rp pre-defined
service tcp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-pop2 pre-defined
service tcp destination eq pop2
description This is a pre-defined object
object service tcp-pop3 pre-defined
service tcp destination eq pop3
description This is a pre-defined object
object service tcp-pptp pre-defined
service tcp destination eq pptp
description This is a pre-defined object
object service tcp-lpd pre-defined
service tcp destination eq lpd
description This is a pre-defined object
object service tcp-rsh pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-rtsp pre-defined
service tcp destination eq rtsp
description This is a pre-defined object
object service tcp-sip pre-defined
service tcp destination eq sip
description This is a pre-defined object
object service tcp-smtp pre-defined
service tcp destination eq smtp
description This is a pre-defined object
object service tcp-ssh pre-defined
service tcp destination eq ssh
description This is a pre-defined object
object service tcp-sunrpc pre-defined
service tcp destination eq sunrpc
description This is a pre-defined object
object service tcp-tacacs pre-defined
service tcp destination eq tacacs
description This is a pre-defined object
object service tcp-talk pre-defined
service tcp destination eq talk
description This is a pre-defined object
object service tcp-telnet pre-defined
service tcp destination eq telnet
description This is a pre-defined object
object service tcp-uucp pre-defined
service tcp destination eq uucp
description This is a pre-defined object
object service tcp-www pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-http pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-https pre-defined
service tcp destination eq https
description This is a pre-defined object
object service tcp-cmd pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-sqlnet pre-defined
service tcp destination eq sqlnet
description This is a pre-defined object
object service tcp-h323 pre-defined
service tcp destination eq h323
description This is a pre-defined object
object service tcp-udp-cifs pre-defined
service tcp-udp destination eq cifs
description This is a pre-defined object
object service tcp-udp-discard pre-defined
service tcp-udp destination eq discard
description This is a pre-defined object
object service tcp-udp-domain pre-defined
service tcp-udp destination eq domain
description This is a pre-defined object
object service tcp-udp-echo pre-defined
service tcp-udp destination eq echo
description This is a pre-defined object
object service tcp-udp-kerberos pre-defined
service tcp-udp destination eq kerberos
description This is a pre-defined object
object service tcp-udp-nfs pre-defined
service tcp-udp destination eq nfs
description This is a pre-defined object
object service tcp-udp-pim-auto-rp pre-defined
service tcp-udp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-udp-sip pre-defined
service tcp-udp destination eq sip
description This is a pre-defined object
object service tcp-udp-sunrpc pre-defined
service tcp-udp destination eq sunrpc
description This is a pre-defined object
object service tcp-udp-tacacs pre-defined
service tcp-udp destination eq tacacs
description This is a pre-defined object
object service tcp-udp-www pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-http pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-talk pre-defined
service tcp-udp destination eq talk
description This is a pre-defined object
object service udp-biff pre-defined
service udp destination eq biff
description This is a pre-defined object
object service udp-bootpc pre-defined
service udp destination eq bootpc
description This is a pre-defined object
object service udp-bootps pre-defined
service udp destination eq bootps
description This is a pre-defined object
object service udp-cifs pre-defined
service udp destination eq cifs
description This is a pre-defined object
object service udp-discard pre-defined
service udp destination eq discard
description This is a pre-defined object
object service udp-domain pre-defined
service udp destination eq domain
description This is a pre-defined object
object service udp-dnsix pre-defined
service udp destination eq dnsix
description This is a pre-defined object
object service udp-echo pre-defined
service udp destination eq echo
description This is a pre-defined object
object service udp-www pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-http pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-nameserver pre-defined
service udp destination eq nameserver
description This is a pre-defined object
object service udp-kerberos pre-defined
service udp destination eq kerberos
description This is a pre-defined object
object service udp-mobile-ip pre-defined
service udp destination eq mobile-ip
description This is a pre-defined object
object service udp-nfs pre-defined
service udp destination eq nfs
description This is a pre-defined object
object service udp-netbios-ns pre-defined
service udp destination eq netbios-ns
description This is a pre-defined object
object service udp-netbios-dgm pre-defined
service udp destination eq netbios-dgm
description This is a pre-defined object
object service udp-ntp pre-defined
service udp destination eq ntp
description This is a pre-defined object
object service udp-pcanywhere-status pre-defined
service udp destination eq pcanywhere-status
description This is a pre-defined object
object service udp-pim-auto-rp pre-defined
service udp destination eq pim-auto-rp
description This is a pre-defined object
object service udp-radius pre-defined
service udp destination eq radius
description This is a pre-defined object
object service udp-radius-acct pre-defined
service udp destination eq radius-acct
description This is a pre-defined object
object service udp-rip pre-defined
service udp destination eq rip
description This is a pre-defined object
object service udp-secureid-udp pre-defined
service udp destination eq secureid-udp
description This is a pre-defined object
object service udp-sip pre-defined
service udp destination eq sip
description This is a pre-defined object
object service udp-snmp pre-defined
service udp destination eq snmp
description This is a pre-defined object
object service udp-snmptrap pre-defined
service udp destination eq snmptrap
description This is a pre-defined object
object service udp-sunrpc pre-defined
service udp destination eq sunrpc
description This is a pre-defined object
object service udp-syslog pre-defined
service udp destination eq syslog
description This is a pre-defined object
object service udp-tacacs pre-defined
service udp destination eq tacacs
description This is a pre-defined object
object service udp-talk pre-defined
service udp destination eq talk
description This is a pre-defined object
object service udp-tftp pre-defined
service udp destination eq tftp
description This is a pre-defined object
object service udp-time pre-defined
service udp destination eq time
description This is a pre-defined object
object service udp-who pre-defined
service udp destination eq who
description This is a pre-defined object
object service udp-xdmcp pre-defined
service udp destination eq xdmcp
description This is a pre-defined object
object service udp-isakmp pre-defined
service udp destination eq isakmp
description This is a pre-defined object
object service icmp6-unreachable pre-defined
service icmp6 unreachable
description This is a pre-defined object
object service icmp6-packet-too-big pre-defined
service icmp6 packet-too-big
description This is a pre-defined object
object service icmp6-time-exceeded pre-defined
service icmp6 time-exceeded
description This is a pre-defined object
object service icmp6-parameter-problem pre-defined
service icmp6 parameter-problem
description This is a pre-defined object
object service icmp6-echo pre-defined
service icmp6 echo
description This is a pre-defined object
object service icmp6-echo-reply pre-defined
service icmp6 echo-reply
description This is a pre-defined object
object service icmp6-membership-query pre-defined
service icmp6 membership-query
description This is a pre-defined object
object service icmp6-membership-report pre-defined
service icmp6 membership-report
description This is a pre-defined object
object service icmp6-membership-reduction pre-defined
service icmp6 membership-reduction
description This is a pre-defined object
object service icmp6-router-renumbering pre-defined
service icmp6 router-renumbering
description This is a pre-defined object
object service icmp6-router-solicitation pre-defined
service icmp6 router-solicitation
description This is a pre-defined object
object service icmp6-router-advertisement pre-defined
service icmp6 router-advertisement
description This is a pre-defined object
object service icmp6-neighbor-solicitation pre-defined
service icmp6 neighbor-solicitation
description This is a pre-defined object
object service icmp6-neighbor-advertisement pre-defined
service icmp6 neighbor-advertisement
description This is a pre-defined object
object service icmp6-neighbor-redirect pre-defined
service icmp6 neighbor-redirect
description This is a pre-defined object
object service icmp-echo pre-defined
service icmp echo
description This is a pre-defined object
object service icmp-echo-reply pre-defined
service icmp echo-reply
description This is a pre-defined object
object service icmp-unreachable pre-defined
service icmp unreachable
description This is a pre-defined object
object service icmp-source-quench pre-defined
service icmp source-quench
description This is a pre-defined object
object service icmp-redirect pre-defined
service icmp redirect
description This is a pre-defined object
object service icmp-alternate-address pre-defined
service icmp alternate-address
description This is a pre-defined object
object service icmp-router-advertisement pre-defined
service icmp router-advertisement
description This is a pre-defined object
object service icmp-router-solicitation pre-defined
service icmp router-solicitation
description This is a pre-defined object
object service icmp-time-exceeded pre-defined
service icmp time-exceeded
description This is a pre-defined object
object service icmp-parameter-problem pre-defined
service icmp parameter-problem
description This is a pre-defined object
object service icmp-timestamp-request pre-defined
service icmp timestamp-request
description This is a pre-defined object
object service icmp-timestamp-reply pre-defined
service icmp timestamp-reply
description This is a pre-defined object
object service icmp-information-request pre-defined
service icmp information-request
description This is a pre-defined object
object service icmp-information-reply pre-defined
service icmp information-reply
description This is a pre-defined object
object service icmp-mask-request pre-defined
service icmp mask-request
description This is a pre-defined object
object service icmp-mask-reply pre-defined
service icmp mask-reply
description This is a pre-defined object
object service icmp-traceroute pre-defined
service icmp traceroute
description This is a pre-defined object
object service icmp-conversion-error pre-defined
service icmp conversion-error
description This is a pre-defined object
object service icmp-mobile-redirect pre-defined
service icmp mobile-redirect
description This is a pre-defined object
object network ROUTER-2811
host 10.10.1.2
object network ROUTER-2821
host 10.10.0.2
object network WEBCAM-01
host 192.168.1.5
object network DNS-SERVER
host 192.168.1.2
object network ROUTER-3745
host 10.10.2.2
object network RDP-DC1
host 192.168.1.2
object-group network PAT-SOURCE
network-object 10.10.1.0 255.255.255.252
network-object 10.10.0.0 255.255.255.252
network-object 10.10.2.0 255.255.255.252
network-object 192.168.0.0 255.255.255.0
network-object 172.16.10.0 255.255.255.0
network-object 172.16.20.0 255.255.255.0
network-object 128.162.1.0 255.255.255.0
network-object 128.162.10.0 255.255.255.0
network-object 128.162.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object host 98.22.121.x
object-group network Outside_access_in
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object gre
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x interface Outside eq https
access-list Outside_access_in extended permit tcp host 98.22.121.x object WEBCAM-01 eq www
access-list Outside_access_in extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389
access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
access-list dmz-access remark Permit ICMP to all devices in DC
access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 4096
logging asdm-buffer-size 100
logging asdm informational
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 747001
logging rate-limit 1 1 message 402116
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 1 message 313009
logging rate-limit 100 1 message 750003
logging rate-limit 100 1 message 750002
logging rate-limit 100 1 message 750004
logging rate-limit 1 10 message 419003
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 405003
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 337004
logging rate-limit 1 10 message 337005
logging rate-limit 1 10 message 337001
logging rate-limit 1 10 message 337002
logging rate-limit 1 60 message 199020
logging rate-limit 1 10 message 337003
logging rate-limit 2 5 message 199011
logging rate-limit 1 10 message 199010
logging rate-limit 1 10 message 337009
logging rate-limit 2 5 message 199012
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 1 message 447001
logging rate-limit 1 10 message 110003
logging rate-limit 1 10 message 110002
logging rate-limit 1 10 message 429007
logging rate-limit 1 10 message 216004
logging rate-limit 1 10 message 450001
flow-export template timeout-rate 30
flow-export active refresh-interval 1
mtu Inside 1500
mtu Outside 1500
mtu management 1500
mtu DMZ 1500
mtu VOIP 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Outside
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network ROUTER-2811
nat (Inside,Outside) static interface service tcp ssh 222
object network ROUTER-2821
nat (DMZ,Outside) static interface service tcp ssh 2222
object network WEBCAM-01
nat (Inside,Outside) static interface service tcp www 8080
object network ROUTER-3745
nat (VOIP,Outside) static interface service tcp ssh 2223
object network RDP-DC1
nat (Inside,Outside) static interface service tcp 3389 3389
nat (any,Outside) after-auto source dynamic PAT-SOURCE interface
access-group Outside_access_in in interface Outside
ipv6 dhcprelay timeout 60
router rip
network 10.0.0.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
route Inside 128.162.1.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.10.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.20.0 255.255.255.0 10.10.0.2 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action continue
no cts server-group
no cts sxp enable
no cts sxp default
no cts sxp default source-ip
cts sxp reconciliation period 120
cts sxp retry period 120
user-identity enable
user-identity domain LOCAL
user-identity default-domain LOCAL
user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 60
user-identity poll-import-user-group-timer hours 8
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 30 retry-times 5
no user-identity user-not-found enable
aaa authentication ssh console LOCAL
http server enable 443
http 0.0.0.0 0.0.0.0 Inside
http 98.22.121.x 255.255.255.255 Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no snmp-server enable traps syslog
no snmp-server enable traps ipsec start stop
no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
no snmp-server enable traps memory-threshold
no snmp-server enable traps interface-threshold
no snmp-server enable traps remote-access session-threshold-exceeded
no snmp-server enable traps connection-limit-reached
no snmp-server enable traps cpu threshold rising
no snmp-server enable traps ikev2 start stop
no snmp-server enable traps nat packet-discard
snmp-server enable
snmp-server listen-port 161
fragment size 200 Inside
fragment chain 24 Inside
fragment timeout 5 Inside
no fragment reassembly full Inside
fragment size 200 Outside
fragment chain 24 Outside
fragment timeout 5 Outside
no fragment reassembly full Outside
fragment size 200 management
fragment chain 24 management
fragment timeout 5 management
no fragment reassembly full management
fragment size 200 DMZ
fragment chain 24 DMZ
fragment timeout 5 DMZ
no fragment reassembly full DMZ
fragment size 200 VOIP
fragment chain 24 VOIP
fragment timeout 5 VOIP
no fragment reassembly full VOIP
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp Inside
no sysopt noproxyarp Outside
no sysopt noproxyarp management
no sysopt noproxyarp DMZ
no sysopt noproxyarp VOIP
service password-recovery
no crypto ipsec ikev2 sa-strength-enforcement
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec security-association replay window-size 64
crypto ipsec security-association pmtu-aging infinite
crypto ipsec fragmentation before-encryption Inside
crypto ipsec fragmentation before-encryption Outside
crypto ipsec fragmentation before-encryption management
crypto ipsec fragmentation before-encryption DMZ
crypto ipsec fragmentation before-encryption VOIP
crypto ipsec df-bit copy-df Inside
crypto ipsec df-bit copy-df Outside
crypto ipsec df-bit copy-df management
crypto ipsec df-bit copy-df DMZ
crypto ipsec df-bit copy-df VOIP
crypto ca trustpool policy
revocation-check none
crl cache-time 60
crl enforcenextupdate
crypto isakmp identity auto
crypto isakmp nat-traversal 20
crypto ikev2 cookie-challenge 50
crypto ikev2 limit max-in-negotiation-sa 100
no crypto ikev2 limit max-sa
crypto ikev2 redirect during-auth
crypto ikev1 limit max-in-negotiation-sa 20
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh 98.22.121.x 255.255.255.255 Outside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0
ipv6-vpn-addr-assign aaa
ipv6-vpn-addr-assign local reuse-delay 0
no vpn-sessiondb max-other-vpn-limit
no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
no remote-access threshold
l2tp tunnel hello 60
tls-proxy maximum-session 100
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 24.56.178.140 source Outside prefer
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication fca-timeout 2
webvpn
memory-size percent 50
port 443
dtls port 443
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
portal-access-rule none
no csd enable
no anyconnect enable
no tunnel-group-list enable
no tunnel-group-preference group-url
rewrite order 65535 enable resource-mask *
no internal-password
no onscreen-keyboard
no default-language
no smart-tunnel notification-icon
no keepout
cache
no disable
max-object-size 1000
min-object-size 0
no cache-static-content enable
lmfactor 20
expiry-time 1
no auto-signon
no error-recovery disable
no ssl-server-check
no mus password
mus host mus.cisco.com
no hostscan data-limit
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: # show import webvpn translation-table
: Translation Tables' Templates:
: PortForwarder
: banners
: customization
: url-list
: webvpn
: Translation Tables:
: fr PortForwarder
: fr customization
: fr webvpn
: ja PortForwarder
: ja customization
: ja webvpn
: ru PortForwarder
: ru customization
: ru webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
nac-settings none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
sso-server none
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
password-policy minimum-length 3
password-policy minimum-changes 0
password-policy minimum-lowercase 0
password-policy minimum-uppercase 0
password-policy minimum-numeric 0
password-policy minimum-special 0
password-policy lifetime 0
no password-policy authenticate-enable
quota management-session 0
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultRAGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultRAGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
match any
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
policy-map type inspect rtsp _default_rtsp_map
description Default RTSP policymap
parameters
policy-map type inspect ipv6 _default_ipv6_map
description Default IPV6 policy-map
parameters
verify-header type
verify-header order
match header routing-type range 0 255
drop log
policy-map type inspect h323 _default_h323_map
description Default H.323 policymap
parameters
no rtp-conformance
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no message-length maximum server
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
policy-map type inspect ip-options _default_ip_options_map
description Default IP-OPTIONS policy-map
parameters
router-alert action allow
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect rsh
inspect rtsp
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options _default_ip_options_map
inspect icmp
inspect icmp error
inspect pptp
class class-default
policy-map type inspect sip _default_sip_map
description Default SIP policymap
parameters
im
no ip-address-privacy
traffic-non-sip
no rtp-conformance
policy-map type inspect dns _default_dns_map
description Default DNS policy-map
parameters
no message-length maximum client
no message-leI ran those commands while I had the nat off on the router and here are the results. note, i didn't make any changes to the ASA as you only said to remove the router RIP which I did and reloaded and no change.
As long as the statements ip nat outside on the Fastethernet 0/0 is off and the ip nat inside is off on the vlan and the overload statement is taken out, I cannot hit the internet.
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#int
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#no ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#no ip nat outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#$nside source list 1 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]: y
CISCO-2811(config)#exit
CISCO-2811#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.1.1 202 c47d.4f3b.8ea6 ARPA FastEthernet0/0
Internet 10.10.1.2 - 0019.55a7.2ae8 ARPA FastEthernet0/0
Internet 172.16.10.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.1
Internet 172.16.10.3 238 0011.5c73.28c1 ARPA FastEthernet0/1.1
Internet 172.16.10.50 72 cc2d.8c78.065a ARPA FastEthernet0/1.1
Internet 172.16.20.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.2
Internet 172.16.20.3 196 0011.5c73.28c2 ARPA FastEthernet0/1.2
Internet 192.168.1.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.3
Internet 192.168.1.2 0 0024.e864.01a8 ARPA FastEthernet0/1.3
Internet 192.168.1.3 155 0011.5c73.28c0 ARPA FastEthernet0/1.3
Internet 192.168.1.5 61 4802.2a4c.1c74 ARPA FastEthernet0/1.3
Internet 192.168.1.20 0 5cf9.dd52.5fa9 ARPA FastEthernet0/1.3
Internet 192.168.1.50 0 308c.fb47.f2d9 ARPA FastEthernet0/1.3
Internet 192.168.1.51 1 ec35.8677.4057 ARPA FastEthernet0/1.3
Internet 192.168.1.52 1 b418.d136.ef72 ARPA FastEthernet0/1.3
Internet 192.168.1.53 1 8853.9572.e113 ARPA FastEthernet0/1.3
Internet 192.168.1.54 12 0009.b044.9f23 ARPA FastEthernet0/1.3
Internet 192.168.1.55 0 f47b.5e9a.7ae5 ARPA FastEthernet0/1.3
Internet 192.168.1.149 0 001e.4fc5.a199 ARPA FastEthernet0/1.3
Internet 192.168.1.174 0 b8ac.6fff.af83 ARPA FastEthernet0/1.3
CISCO-2811#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.10.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.10.1.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.1.0/30 is directly connected, FastEthernet0/0
L 10.10.1.2/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.10.0/24 is directly connected, FastEthernet0/1.1
L 172.16.10.1/32 is directly connected, FastEthernet0/1.1
C 172.16.20.0/24 is directly connected, FastEthernet0/1.2
L 172.16.20.1/32 is directly connected, FastEthernet0/1.2
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/1.3
L 192.168.1.1/32 is directly connected, FastEthernet0/1.3
ASA
ASA5510# sh arp
Inside 10.10.1.2 0019.55a7.2ae8 12342
Outside 199.195.168.113 000c.4243.581a 2
Outside 199.195.168.116 e05f.b947.116b 2436
Outside 199.195.168.120 0017.c58a.1123 9192
DMZ 10.10.0.2 0025.849f.63e0 3192
VOIP 10.10.2.2 000d.bcdc.fc40 7754
ASA5510# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 199.195.168.113 to network 0.0.0.0
S 172.16.20.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 172.16.10.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 128.162.1.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.10.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.20.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
C 199.195.168.112 255.255.255.240 is directly connected, Outside
C 10.10.0.0 255.255.255.252 is directly connected, DMZ
C 10.10.1.0 255.255.255.252 is directly connected, Inside
S 192.168.1.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S* 0.0.0.0 0.0.0.0 [1/0] via 199.195.168.113, Outside
ASA5510# show xlate
35 in use, 784 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
TCP PAT from DMZ:10.10.0.2 22-22 to Outside:199.195.168.x 2222-2222
flags sr idle 481:54:14 timeout 0:00:00
TCP PAT from Inside:10.10.1.2 22-22 to Outside:199.195.168.x 222-222
flags sr idle 51:06:46 timeout 0:00:00
TCP PAT from VOIP:10.10.2.2 22-22 to Outside:199.195.168.x 2223-2223
flags sr idle 687:32:27 timeout 0:00:00
TCP PAT from Inside:192.168.1.2 3389-3389 to Outside:199.195.168.x 3389-3389
flags sr idle 457:17:01 timeout 0:00:00
TCP PAT from Inside:192.168.1.5 80-80 to Outside:199.195.168.x 8080-8080
flags sr idle 52:18:58 timeout 0:00:00
NAT from Outside:0.0.0.0/0 to any:0.0.0.0/0
flags sIT idle 353:10:21 timeout 0:00:00
UDP PAT from any:10.10.1.2/52581 to Outside:199.195.168.x/52581 flags ri idle 0:00:00 timeout 0:00:30
UDP PAT from any:10.10.1.2/55389 to Outside:199.195.168.x/55389 flags ri idle 0:00:03 timeout 0:00:30
UDP PAT from any:10.10.1.2/51936 to Outside:199.195.168.x/51936 flags ri idle 0:00:04 timeout 0:00:30
UDP PAT from any:10.10.1.2/51345 to Outside:199.195.168.x/51345 flags ri idle 0:00:09 timeout 0:00:30
UDP PAT from any:10.10.1.2/55985 to Outside:199.195.168.x/55985 flags ri idle 0:00:18 timeout 0:00:30
UDP PAT from any:10.10.1.2/49368 to Outside:199.195.168.x/49368 flags ri idle 0:00:22 timeout 0:00:30
UDP PAT from any:10.10.1.2/52441 to Outside:199.195.168.x/52441 flags ri idle 0:00:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/57908 to Outside:199.195.168.x/57908 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57907 to Outside:199.195.168.x/57907 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57906 to Outside:199.195.168.x/57906 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57896 to Outside:199.195.168.x/57896 flags ri idle 0:09:09 timeout 0:00:30
TCP PAT from any:10.10.1.2/57879 to Outside:199.195.168.x/57879 flags ri idle 0:10:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/49441 to Outside:199.195.168.x/49441 flags ri idle 0:20:52 timeout 0:00:30
TCP PAT from any:10.10.1.2/57868 to Outside:199.195.168.x/57868 flags ri idle 0:25:28 timeout 0:00:30
TCP PAT from any:10.10.1.2/60519 to Outside:199.195.168.x/60519 flags ri idle 0:44:11 timeout 0:00:30
TCP PAT from any:10.10.1.2/60491 to Outside:199.195.168.x/60491 flags ri idle 0:44:20 timeout 0:00:30
TCP PAT from any:10.10.1.2/60484 to Outside:199.195.168.x/60484 flags ri idle 0:44:35 timeout 0:00:30
TCP PAT from any:10.10.1.2/60480 to Outside:199.195.168.x/60480 flags ri idle 0:44:51 timeout 0:00:30
TCP PAT from any:10.10.1.2/53851 to Outside:199.195.168.x/53851 flags ri idle 0:54:14 timeout 0:00:30
TCP PAT from any:10.10.1.2/57812 to Outside:199.195.168.x/57812 flags ri idle 0:58:30 timeout 0:00:30
TCP PAT from any:10.10.1.2/57810 to Outside:199.195.168.x/57810 flags ri idle 0:58:32 timeout 0:00:30
TCP PAT from any:10.10.1.2/53847 to Outside:199.195.168.x/53847 flags ri idle 1:00:18 timeout 0:00:30
TCP PAT from any:10.10.1.2/57808 to Outside:199.195.168.x/57808 flags ri idle 1:07:58 timeout 0:00:30
TCP PAT from any:10.10.1.2/60406 to Outside:199.195.168.x/60406 flags ri idle 1:42:13 timeout 0:00:30
TCP PAT from any:10.10.1.2/49259 to Outside:199.195.168.x/49259 flags ri idle 7:39:44 timeout 0:00:30
TCP PAT from any:10.10.1.2/49191 to Outside:199.195.168.x/49191 flags ri idle 7:42:39 timeout 0:00:30
TCP PAT from any:10.10.1.2/55951 to Outside:199.195.168.x/55951 flags ri idle 23:11:40 timeout 0:00:30
TCP PAT from any:10.10.1.2/55944 to Outside:199.195.168.x/55944 flags ri idle 23:15:19 timeout 0:00:30
TCP PAT from any:10.10.1.2/55942 to Outside:199.195.168.x/55942 flags ri idle 23:15:24 timeout 0:00:30
ASA5510# sh conn all
149 in use, 815 most used
TCP Outside 74.125.193.108:993 Inside 10.10.1.2:57879, idle 0:12:37, bytes 6398, flags UIO
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53879, idle 0:00:01, bytes 0, flags saA
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53878, idle 0:00:01, bytes 0, flags saA
TCP Outside 17.149.36.177:5223 Inside 10.10.1.2:60480, idle 0:16:53, bytes 4539, flags UIO
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53877, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53876, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53875, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53874, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53872, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53871, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53868, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53867, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53860, idle 0:00:17, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53859, idle 0:00:17, bytes 0, flags saA
TCP Outside 17.172.233.95:5223 Inside 10.10.1.2:49191, idle 0:18:48, bytes 7384, flags UIO
TCP Outside 17.178.100.43:443 Inside 10.10.1.2:57810, idle 0:56:21, bytes 5797, flags UFIO
TCP Outside 23.206.216.93:80 Inside 10.10.1.2:53847, idle 0:54:15, bytes 2683, flags UFIO
TCP Outside 143.127.93.90:80 Inside 10.10.1.2:49259, idle 0:12:20, bytes 13315, flags UIO
TCP Outside 74.125.225.53:443 Inside 192.168.1.20:53864, idle 0:00:11, bytes 0, flags saA
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49204, idle 0:00:04, bytes 67, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:50122, idle 0:00:07, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63275, idle 0:00:08, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63306, idle 0:00:18, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65059, idle 0:00:22, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64681, idle 0:00:30, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64661, idle 0:00:30, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:55618, idle 0:00:32, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65056, idle 0:00:33, bytes 48, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:59433, idle 0:00:41, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:52178, idle 0:00:42, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:61414, idle 0:00:43, bytes 34, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65438, idle 0:00:44, bytes 44, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63686, idle 0:00:44, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65416, idle 0:00:45, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:53047, idle 0:00:47, bytes 32, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:62213, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:52347, idle 0:00:46, bytes 92, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:58069, idle 0:00:46, bytes 64, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:50753, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65381, idle 0:00:50, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65082, idle 0:00:50, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64038, idle 0:00:50, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49309, idle 0:00:51, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64034, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49197, idle 0:00:51, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64728, idle 0:00:51, bytes 49, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64309, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63289, idle 0:00:51, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64174, idle 0:00:52, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:39286, idle 0:01:09, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63726, idle 0:01:09, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65482, idle 0:01:12, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65091, idle 0:01:13, bytes 61, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64976, idle 0:01:13, bytes 57, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63749, idle 0:00:51, bytes 103, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64043, idle 0:01:14, bytes 52, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64267, idle 0:01:24, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64467, idle 0:01:26, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65504, idle 0:01:26, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:38946, idle 0:01:35, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63701, idle 0:01:38, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63879, idle 0:01:46, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:58516, idle 0:01:49, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63227, idle 0:01:51, bytes 62, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:65446, idle 0:01:53, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49166, idle 0:01:55, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:56680, idle 0:02:01, bytes 33, flags -
UDP Outside 192.55.83.30:53 Inside 192.168.1.2:65073, idle 0:00:44, bytes 50, flags -
TCP Outside 74.125.193.109:993 Inside 10.10.1.2:57808, idle 0:39:33, bytes 6392, flags UFIO
TCP Outside 74.125.225.54:443 Inside 192.168.1.20:53863, idle 0:00:13, bytes 0, flags saA
TCP Outside 143.127.93.89:80 Inside 10.10.1.2:60519, idle 0:46:30, bytes 346, flags UO
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53881, idle 0:00:01, bytes 0, flags saA
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53880, idle 0:00:01, bytes 0, flags saA
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:60627, idle 0:00:39, bytes 78, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52088, idle 0:00:39, bytes 86, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50533, idle 0:00:39, bytes 76, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:63347, idle 0:00:39, bytes 80, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:62213, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52347, idle 0:00:40, bytes 46, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:58069, idle 0:00:40, bytes 32, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50753, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:50791, idle 0:01:25, bytes 35, flags -
TCP Outside 74.125.225.46:443 Inside 192.168.1.20:53870, idle 0:00:08, bytes 0, flags saA
TCP Outside 17.173.255.101:443 Inside 10.10.1.2:53851, idle 0:56:33, bytes 58, flags UfIO
TCP Outside 64.4.23.147:33033 Inside 10.10.1.2:55944, idle 0:44:45, bytes 558164, flags UFIO
TCP Outside 74.125.225.35:443 Inside 192.168.1.20:53869, idle 0:00:09, bytes 0, flags saA
UDP Outside 64.4.23.175:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 28, flags -
UDP Outside 192.54.112.30:53 Inside 192.168.1.2:65380, idle 0:00:44, bytes 49, flags -
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57908, idle 0:10:47, bytes 7895, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57907, idle 0:10:49, bytes 20323, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57906, idle 0:10:47, bytes 6539, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57868, idle 0:27:44, bytes 6395, flags UIO
TCP Outside 91.190.218.59:443 Inside 10.10.1.2:55942, idle 0:41:39, bytes 2727, flags UFIO
TCP Outside 17.172.233.123:5223 Inside 10.10.1.2:49441, idle 0:23:10, bytes 4409, flags UIO
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53862, idle 0:00:16, bytes 0, flags saA
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53861, idle 0:00:16, bytes 0, flags saA
TCP Outside 143.127.93.115:80 Inside 10.10.1.2:60406, idle 0:42:59, bytes 970, flags UFIO
TCP Outside 143.127.93.118:80 Inside 10.10.1.2:60484, idle 0:46:54, bytes 328, flags UO
TCP Outside 17.172.233.98:5223 Inside 10.10.1.2:57896, idle 0:11:28, bytes 5081, flags UIO
UDP Outside 111.221.74.16:33033 Inside 192.168.1.174:26511, idle 0:01:18, bytes 31, flags -
TCP Outside 17.149.36.103:5223 Inside 192.168.1.174:60729, idle 0:00:04, bytes 0, flags saA
UDP Outside 192.5.6.30:53 Inside 192.168.1.2:65317, idle 0:00:44, bytes 51, flags -
UDP Outside 192.12.94.30:53 Inside 192.168.1.2:65356, idle 0:00:44, bytes 54, flags -
TCP Outside 17.149.36.180:5223 Inside 10.10.1.2:55951, idle 0:46:08, bytes 14059, flags UFIO
UDP Outside 111.221.74.28:33033 Inside 192.168.1.174:26511, idle 0:01:20, bytes 33, flags -
TCP Outside 63.235.20.160:80 Inside 192.168.1.20:53873, idle 0:00:08, bytes 0, flags saA
TCP Outside 50.19.127.112:443 Inside 192.168.1.50:60678, idle 0:00:00, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60728, idle 0:00:14, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60727, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60726, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:443 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
TCP Outside 65.55.122.234:2492 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
UDP Outside 157.55.56.170:33033 Inside 192.168.1.174:26511, idle 0:01:21, bytes 37, flags -
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53866, idle 0:00:11, bytes 0, flags saA
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53865, idle 0:00:11, bytes 0, flags saA
UDP Outside 111.221.74.18:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 29, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55546, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:60277, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55618, idle 0:00:34, bytes 43, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:60627, idle 0:00:36, bytes 78, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:52088, idle 0:00:36, bytes 86, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:50533, idle 0:00:36, bytes 76, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:63347, idle 0:00:36, bytes 80, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:56958, idle 0:01:24, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:51360, idle 0:01:26, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:50791, idle 0:01:27, bytes 35, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:54134, idle 0:01:46, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:58516, idle 0:01:50, bytes 51, flags -
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59350, idle 0:00:02, bytes 0, flags saA
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59349, idle 0:00:16, bytes 0, flags saA
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:50122, idle 0:00:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:48088, idle 0:00:42, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:62213, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:52347, idle 0:00:45, bytes 92, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:58069, idle 0:00:45, bytes 64, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:50753, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:61414, idle 0:00:47, bytes 34, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:54481, idle 0:01:08, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:40285, idle 0:01:34, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:65446, idle 0:01:55, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:46155, idle 0:02:00, bytes 33, flags -
UDP Outside 66.104.81.70:5070 Inside 192.168.1.174:57609, idle 0:00:11, bytes 46, flags -
UDP Outside 64.4.23.156:33033 Inside 192.168.1.174:26511, idle 0:01:14, bytes 38, flags -
TCP Outside 65.54.167.15:12350 Inside 10.10.1.2:60491, idle 0:11:02, bytes 1405, flags UIO
TCP Outside 17.172.192.35:443 Inside 10.10.1.2:57812, idle 0:56:11, bytes 6116, flags UFIO
UDP Outside 157.55.56.176:33033 Inside 192.168.1.174:26511, idle 0:01:16, bytes 32, flags -
TCP Inside 192.168.1.20:53667 NP Identity Ifc 10.10.1.1:22, idle 0:00:00, bytes 37555, flags UOB
TCP Inside 10.10.1.2:53431 NP Identity Ifc 10.10.1.1:22, idle 0:09:03, bytes 20739, flags UOB
Ran on the ASA while overload statements were down on the router:
ASA5510# packet-tracer input Inside tcp 192.168.1.100 12345 8.8.8.8 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 Outside
Phase: 2
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1988699, packet dispatched to next module
Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow
Had to put these back in to get to the internet:
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#ip nat
CISCO-2811(config-if)#ip nat Outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#in
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#$de source list 1 interface FastEthernet0/0 overload
CISCO-2811(config)#
Screenshot of ASDM: -
SSL-VPN Anyconnect fails after rebooting 2811
Hello all,
I have setup an Anyconnect SSL-VPN in my 2811 and it works just great, but then after the reboot it fails. I think it has something to do with the SSL Cert being ereased. Here is my configuration, please let me know if you need anything else:
! Last configuration change at 02:03:27 CDT Thu Sep 27 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
aaa new-model
aaa session-id common
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-XXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXX
revocation-check none
crypto pki certificate chain TP-self-signed-XXXXXXXXXX
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363535 34343437 3534301E 170D3132 30393237 30373033
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36353534
34343735 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
810096FE 9114BCED E2FA2297 CE41A6F5 73078E18 C1109993 48E2629E 78713B48
E6EA7C79 17C8E159 C057A05B F3CAFB4D 36AE9196 AAC4A2BF 586CF144 A81E50FC
5261BFCF 0A11064F C9F19A4C 953DFBF8 65194AD2 73100EE0 FBFE7EB6 0AD16875
7C1C03AE B3A461E2 9837E057 E2A8AE94 F11FDA8A 98AF8107 C0D9FF14 3CF1C62E
BE090203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1425F172 BAFEAA95 A90FA3D7 A3482174 6F951194 52301D06
03551D0E 04160414 25F172BA FEAA95A9 0FA3D7A3 4821746F 95119452 300D0609
2A864886 F70D0101 04050003 81810064 30DCCC2D 0506EDF6 61C37B9E DF5D8F9A
A9FE0646 FC72C3F8 A7E10E55 CE6AA592 7385931A DDFE95B7 47ED3690 2C3F8B43
9A637526 1464D94E 3A71D235 A14C0551 70E3ED2F F51B07E3 4379E2AF CCA03416
10DDF3E1 784D053B A9E4A624 E34BDDFB BA638658 58E30B74 55A62B02 BDC493A8
23191E2E E4BF390B D62DAA2B 351C09
quit
username USERNAME privilege 15 secret 5 $1$Pc/.$y6kJb0xpe.77ciRHZTJ8A.
ip local pool SSL-VPN 192.168.11.5 192.168.11.8
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
bvpn gateway gateway_1
ip interface Dialer1 port 443
ssl trustpoint SSL-VPN
inservice
webvpn install svc flash:/webvpn/anyconnect-win-2.5.2014-k9.pkg sequence 1
webvpn context SSL-VPN
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "SSL-VPN"
svc default-domain "DOMAIN"
svc keep-client-installed
svc split include 192.168.0.0 255.255.0.0
svc dns-server primary DNS-SERVER
default-group-policy policy_1
gateway gateway_1
inserviceHere is the bug description that matches your explaination of the issue:
MF: HTTPS generates a new self-signed cert on reboot even if one exists
Symptom:
With Secure HTTP server enabled, IOS device generates a new self-signed certificate when it reloads even if a valid self-signed certificate already exists.
Conditions:
When there is no CA(Certificate Authority) provided certificate on the device
Workaround:
Use CA provided certificate.
The resolution is to upgrade it to version 15.2(1)T or higher.
Unfortunately you would need to have SmartNet contract to be able to download the software from CCO. -
Site-to-Site VPN btw Pix535 and Router 2811, can't get it work
Hi, every one, I spent couple of days trying to make a site-to-site VPN between PIX535 and router 2811 work but come up empty handed, I followed instructions here:
http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml
#1: PIX config:
: Saved
: Written by enable_15 at 18:05:33.678 EDT Sat Oct 20 2012
PIX Version 8.0(4)
hostname pix535
interface GigabitEthernet0
description to-cable-modem
nameif outside
security-level 0
ip address X.X.138.132 255.255.255.0
ospf cost 10
interface GigabitEthernet1
description inside 10/16
nameif inside
security-level 100
ip address 10.1.1.254 255.255.0.0
ospf cost 10
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_cryptomap_dyn_60 extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
pager lines 24
ip local pool cnf-8-ip 10.1.1.192-10.1.1.199 mask 255.255.0.0
global (outside) 10 interface
global (outside) 15 1.2.4.5
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 15 10.1.0.0 255.255.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.138.1 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
group-policy GroupPolicy1 internal
group-policy cnf-vpn-cls internal
group-policy cnf-vpn-cls attributes
wins-server value 10.1.1.7
dns-server value 10.1.1.7 10.1.1.205
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value x.com
username sean password U/h5bFVjXlIDx8BtqPFrQw== nt-encrypted
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key secret1
radius-sdi-xauth
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cnf-vpn-cls type remote-access
tunnel-group cnf-vpn-cls general-attributes
address-pool cnf-8-ip
default-group-policy cnf-vpn-cls
tunnel-group cnf-vpn-cls ipsec-attributes
pre-shared-key secret2
isakmp ikev1-user-authentication none
tunnel-group cnf-vpn-cls ppp-attributes
authentication ms-chap-v2
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
Cryptochecksum:9780edb09bc7debe147db1e7d52ec39c
: end
#2: Router 2811 config:
! Last configuration change at 09:15:32 PST Fri Oct 19 2012 by cnfla
! NVRAM config last updated at 13:45:03 PST Tue Oct 16 2012
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LA-2800
crypto pki trustpoint TP-self-signed-1411740556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1411740556
revocation-check none
rsakeypair TP-self-signed-1411740556
crypto pki certificate chain TP-self-signed-1411740556
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343131 37343035 3536301E 170D3132 31303136 32303435
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34313137
34303535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F75F F1BDAD9B DE9381FD 165B5188 7EAF9685 CF15A317 1B424825 9C66AA28
C990B2D3 D69A2F0F D745DB0E 2BB4995D 73415AC4 F01B2019 84373199 C4BCF9E0
E599B86C 17DBDCE6 47EBE0E3 8DBC90B2 9B4E217A 87F04BF7 A182501E 24381019
A61D2C05 5404DE88 DA2A1ADC A81B7F65 C318B697 7ED69DF1 2769E4C8 F3449B33
35AF0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 074C412D 32383030 301F0603 551D2304 18301680 14B56EEB
88054CCA BB8CF8E8 F44BFE2C B77954E1 52301D06 03551D0E 04160414 B56EEB88
054CCABB 8CF8E8F4 4BFE2CB7 7954E152 300D0609 2A864886 F70D0101 04050003
81810056 58755C56 331294F8 BEC4FEBC 54879FF5 0FCC73D4 B964BA7A 07D20452
E7F40F42 8B355015 77156C9F AAA45F9F 59CDD27F 89FE7560 F08D953B FC19FD2D
310DA96E A5F3E83B 52D515F8 7B4C99CF 4CECC3F7 1A0D4909 BD08C373 50BB53CC
659C4246 2CB7B79F 43D94D96 586F9103 9B4659B6 5C8DDE4F 7CC5FC68 C4AD197A 4EC322
quit
crypto isakmp policy 1
authentication pre-share
crypto isakmp key SECRET address X.X.138.132 no-xauth
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
interface FastEthernet0/0
description WAN Side
ip address X.X.216.29 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map la-2800-ipsec-policy
interface FastEthernet0/1
description LAN Side
ip address 10.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 10 permit X.X.138.132
access-list 99 permit 64.236.96.53
access-list 99 permit 98.82.1.202
access-list 101 remark vpn tunnerl acl
access-list 101 remark SDM_ACL Category=4
access-list 101 remark tunnel policy
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.20.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
webvpn gateway gateway_1
ip address X.X.216.29 port 443
ssl trustpoint TP-self-signed-1411740556
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context gateway-1
title "b"
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "WebVPN-Pool"
svc keep-client-installed
svc split include 10.20.0.0 255.255.0.0
default-group-policy policy_1
gateway gateway_1
inservice
end
#3: Test from Pix to router:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: X.X.21.29
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
>>DEBUG:
Oct 22 12:07:14 pix535:Oct 22 12:20:28 EDT: %PIX-vpn-3-713902: IP = X.X.21.29, Removing peer from peer table failed, no match!
Oct 22 12:07:14 pix535 :Oct 22 12:20:28 EDT: %PIX-vpn-4-713903: IP = X.X.21.29, Error: Unable to remove PeerTblEntry
#4: test from router to pix:
LA-2800#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
X.X.138.132 X.X.216.29 MM_KEY_EXCH 1017 0 ACTIVE
>>debug
LA-2800#ping 10.1.1.7 source 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
Packet sent with a source address of 10.20.1.1
Oct 22 16:24:33.945: ISAKMP:(0): SA request profile is (NULL)
Oct 22 16:24:33.945: ISAKMP: Created a peer struct for X.X.138.132, peer port 500
Oct 22 16:24:33.945: ISAKMP: New peer created peer = 0x488B25C8 peer_handle = 0x80000013
Oct 22 16:24:33.945: ISAKMP: Locking peer struct 0x488B25C8, refcount 1 for isakmp_initiator
Oct 22 16:24:33.945: ISAKMP: local port 500, remote port 500
Oct 22 16:24:33.945: ISAKMP: set new node 0 to QM_IDLE
Oct 22 16:24:33.945: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 487720A0
Oct 22 16:24:33.945: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Oct 22 16:24:33.945: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-07 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-03 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
Oct 22 16:24:33.945: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Oct 22 16:24:33.945: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Oct 22 16:24:33.945: ISAKMP:(0): beginning Main Mode exchange
Oct 22 16:24:33.945: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_NO_STATE
Oct 22 16:24:33.945: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.049: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_NO_STATE
Oct 22 16:24:34.049: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.049: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Oct 22 16:24:34.049: ISAKMP:(0): processing SA payload. message ID = 0
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:34.053: ISAKMP:(0): local preshared key found
Oct 22 16:24:34.053: ISAKMP : Scanning profiles for xauth ...
Oct 22 16:24:34.053: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Oct 22 16:24:34.053: ISAKMP: encryption DES-CBC
Oct 22 16:24:34.053: ISAKMP: hash SHA
Oct 22 16:24:34.053: ISAKMP: default group 1
Oct 22 16:24:34.053: ISAKMP: auth pre-share
Oct 22 16:24:34.053: ISAKMP: life type in seconds
Oct 22 16:24:34.053: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Oct 22 16:24:34.053: ISAKMP:(0):atts are acceptable. Next payload is 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:actual life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa vpi_length:4
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Oct 22 16:24:34.053: ISAKMP:(0):Returning Actual lifetime: 86400
Oct 22 16:24:34.053: ISAKMP:(0)::Started lifetime timer: 86400.
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.053: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Oct 22 16:24:34.057: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_SA_SETUP
Oct 22 16:24:34.057: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.057: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.057: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Oct 22 16:24:34.181: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_SA_SETUP
Oct 22 16:24:34.181: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.181: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Oct 22 16:24:34.181: ISAKMP:(0): processing KE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0): processing NONCE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0):found peer pre-shared key matching X.X.138.132
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is Unity
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID seems Unity/DPD but major 55 mismatch
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is XAUTH
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): speaking to another IOS box!
Oct 22 16:24:34.221: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.221: ISAKMP:(1018):vendor ID seems Unity/DPD but hash mismatch
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.221: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM4
Oct 22 16:24:34.221: ISAKMP:(1018):Send initial contact
Oct 22 16:24:34.221: ISAKMP:(1018):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Oct 22 16:24:34.221: ISAKMP (0:1018): ID payload
next-payload : 8
type : 1
address : X.X.216.29
protocol : 17
port : 500
length : 12
Oct 22 16:24:34.221: ISAKMP:(1018):Total payload length: 12
Oct 22 16:24:34.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:34.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.225: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.225: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM5
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 198554740
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 812380002
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 773209335..
Success rate is 0 percent (0/5)
LA-2800#
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:44.221: ISAKMP (0:1018): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:44.317: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:44.317: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:44.321: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 96)
Oct 22 16:24:48.849: ISAKMP:(1017):purging SA., sa=469BAD60, delme=469BAD60
Oct 22 16:24:52.313: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:52.313: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.313: ISAKMP:(1018): retransmitting due to retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:52.813: ISAKMP (0:1018): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018): sending packet to X.X138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:52.913: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.913: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 100)
Oct 22 16:25:00.905: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:25:00.905: ISAKMP: set new node 422447177 to QM_IDLE
Oct 22 16:25:03.941: ISAKMP:(1018):SA is still budding. Attached new ipsec request to it. (local 1X.X.216.29, remote X.X.138.132)
Oct 22 16:25:03.941: ISAKMP: Error while processing SA request: Failed to initialize SA
Oct 22 16:25:03.941: ISAKMP: Error while processing KMI message 0, error 2.
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:12.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:22.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:32.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:32.814: ISAKMP:(1018):peer does not do paranoid keepalives.
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP: Unlocking peer struct 0x488B25C8 for isadb_mark_sa_deleted(), count 0
Oct 22 16:25:32.814: ISAKMP: Deleting peer node by peer_reap for X.X.138.132: 488B25C8
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 1112432180 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 422447177 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node -278980615 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 22 16:25:32.814: ISAKMP:(1018):Old State = IKE_I_MM5 New State = IKE_DEST_SA
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 1112432180
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 422447177
Oct 22 16:26:22.816: ISAKMP:(1018):purging node -278980615
Oct 22 16:26:32.816: ISAKMP:(1018):purging SA., sa=487720A0, delme=487720A0
****** The PIX is also used VPN client access , such as Cicso VPN client 5.0, working fine ; Router is used as SSL VPN server, working too
I know there are lots of data here, hopefully these data may be useful for diagnosis purpose.
Any suggestions and advices are greatly appreciated.
SeanHi Sean,
Current configuration:
On the PIX:
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
On the Router:
crypto isakmp policy 1
authentication pre-share
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto isakmp key SECRET address X.X.138.132 no-xauth
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez -
Callcentric SIP Trunk (ITSP -- 2811 CUBE -- CUCM 8.6
I have a SIP trunk from call centric that goes into my lab gear - they appear to be a good sip service due to cost but I'm having some trouble getting calls to route correctly. The call flow is Callcentric.com ITSP (SIP) --> 2811 (acting as cube) -->SIP Trunk --> CUCM 8.6. Phones are registered to CUCM.
I have the sip trunk registered and calls come in to the router (I see them in ccsip message/call debugs) The 2811 running 15.1(4)M7). Callcentric sends the username of the customer in the sip Invite instead of the called number, the called number is in the TO field. I have several DID’s from Callcentric (18452055544, 18452055545, 18452055546) for my lab. There are a few configs on here for CME where the customer number (17772253754) is simply translated to their phone DN - which is fine if you only have 1 DN with callcentric but more than 1 and thats not feasible since every inbound did will be matched to that 17772253754 translation/phone dn.
I’m using the a guide from http://tblog.cisco.be/2011/02/17/cube-conditional-sip-profiles/ using the Copy function as described http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-release-15-1-3-t/product_bulletin_c25-635704.html
I haven’t been able to find anything where they actually explain all the header fields so Its mostly trial and error.. so far mostly error. I think I’m close.. but who knows. Any assistance would be greatly appreciated
voice class sip-profiles 1
request INVITE peer-header sip TO copy ".sip:(.*)@." u01
request INVITE sip-header SIP-Req-URI modify ".*@(.*)" "INVITE sip:\u01@\1"
CUCM (single/pub)- 192.168.1.200
2811 acting as cube - 192.168.1.203
Calling Number - 18165297500
Called Number - 18452055544
vrtr1#show sip register status
Line peer expires(sec) registered P-Associ-URI
================================ ========== ============ ========== ============
17772253754 -1 20 yes
vrtr1#
The Call Setup Information is:
Call Control Block (CCB) : 0x49646C28
State of The Call : STATE_DEAD
TCP Sockets Used : NO
Calling Number : 18165297500
Called Number : 17772253754 (my customer number not called number)
Source IP Address (Sig ): 192.168.1.203 (my 2811 router)
Destn SIP Req Addr:Port : 204.11.192.159:5080
Destn SIP Resp Addr:Port : 204.11.192.159:5080
Destination Name : 204.11.192.159
Feb 14 11:20:53.303: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:[email protected]:5060 SIP/2.0
v: SIP/2.0/UDP 204.11.192.159:5080;branch=z9hG4bK-805ff2443b18502ff96181045b62dd74
f: <sip:[email protected]>;tag=3601387252-874282
t: <sip:[email protected]>
i: [email protected]
CSeq: 1 INVITE
Max-Forwards: 8
m: <sip:[email protected]:5080;transport=udp>
Supported: timer
c: application/sdp
l: 350
v=0
o=NexTone-MSW 2147483647 2147483647 IN IP4 204.11.192.159
s=sip call
c=IN IP4 204.11.192.159
t=0 0
m=audio 61094 RTP/AVP 18 0 8 101
a=fmtp:18 annexb=no
a=fmtp:101 0-15
a=rtpmap:101 telephone-event/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=ptime:20
a=sendrecv
a=silenceSupp:off - - - -
a=setup:actpass
Feb 14 11:20:53.327: //936/310B294680AD/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 204.11.192.159:5080;branch=z9hG4bK-805ff2443b18502ff96181045b62dd74
From: <sip:[email protected]>;tag=3601387252-874282
To: <sip:[email protected]>
Date: Fri, 14 Feb 2014 17:20:53 GMT
Call-ID: [email protected]
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
Feb 14 11:20:53.327: //936/310B294680AD/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 204.11.192.159:5080;branch=z9hG4bK-805ff2443b18502ff96181045b62dd74
From: <sip:[email protected]>;tag=3601387252-874282
To: <sip:[email protected]>;tag=35399D8-63
Date: Fri, 14 Feb 2014 17:20:53 GMT
Call-ID: [email protected]
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Reason: Q.850;cause=1
Content-Length: 0
Feb 14 11:20:53.419: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:[email protected]:5060 SIP/2.0
v: SIP/2.0/UDP 204.11.192.159:5080;branch=z9hG4bK-805ff2443b18502ff96181045b62dd74
f: <sip:[email protected]>;tag=3601387252-874282
t: <sip:[email protected]>;tag=35399D8-63
i: [email protected]
CSeq: 1 ACK
Max-Forwards: 10
l: 0
u all
Feb 14 11:20:57.067: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:18452055544;cic=0288;rn=6465471001;[email protected]:5070 SIP/2.0
v: SIP/2.0/UDP 204.11.192.159:5080;branch=z9hG4bK-6bceae47efe9f53b4234698a32ac8beb
f: <sip:[email protected]>;tag=3601387252-874282
t: <sip:[email protected]>;tag=35399D8-63
i: [email protected]
CSeq: 1 ACK
Max-Forwards: 8
l: 0
************************** Running Config **************************
sh run
vrtr1#sh running-config
Building configuration...
Current configuration : 4189 bytes
! Last configuration change at 00:34:03 CST Fri Feb 14 2014
! NVRAM config last updated at 20:26:58 CST Thu Feb 13 2014
! NVRAM config last updated at 20:26:58 CST Thu Feb 13 2014
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
hostname vrtr1
boot-start-marker
boot system flash:
boot system flash flash:c2800nm-ipvoicek9-mz.151-4.M7.bin
boot-end-marker
card type t1 0 0
logging buffered 4096 notifications
enable password cisco
no aaa new-model
memory-size iomem 5
clock timezone CST -6 0
clock summer-time CST recurring
no network-clock-participate wic 0
dot11 syslog
ip source-route
ip cef
ip name-server 192.168.1.9
no ipv6 cef
multilink bundle-name authenticated
voice service voip
ip address trusted list
ipv4 192.168.1.0 255.255.255.0
ipv4 204.11.192.0 255.255.255.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
sip
bind control source-interface FastEthernet0/0
bind media source-interface FastEthernet0/0
registrar server expires max 1800 min 1800
localhost dns:callcentric.com
outbound-proxy dns:callcentric.com
voice class codec 1
codec preference 1 g729r8
codec preference 2 g711ulaw
voice class sip-profiles 1
request INVITE peer-header sip TO copy ".sip:(.*)@." u01
request INVITE sip-header SIP-Req-URI modify ".*@(.*)" "INVITE sip:\u01@\1"
voice-card 0
crypto pki token default removal timeout 0
license udi pid CISCO2811 sn FTX1133A4QR
controller T1 0/0/0
cablelength long 0db
interface FastEthernet0/0
description ** LAN **
ip address 192.168.1.203 255.255.255.0
duplex auto
speed auto
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.1.203
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
snmp mib persist circuit
control-plane
voice-port 0/1/0
voice-port 0/1/1
voice-port 0/1/2
voice-port 0/1/3
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server 192.168.1.200
ccm-manager config
mgcp
mgcp call-agent 192.168.1.200 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface FastEthernet0/0
mgcp bind media source-interface FastEthernet0/0
mgcp profile default
dial-peer voice 999100 pots
service mgcpapp
port 0/1/0
dial-peer voice 999101 pots
service mgcpapp
port 0/1/1
dial-peer voice 999102 pots
service mgcpapp
port 0/1/2
dial-peer voice 999103 pots
service mgcpapp
port 0/1/3
dial-peer voice 999010 pots
service mgcpapp
port 0/1/0
dial-peer voice 6 voip
description ## INBOUND DID to CUCM ##
session protocol sipv2
session target ipv4:192.168.1.200
incoming called-number 17772253754
voice-class sip profiles 1
dtmf-relay h245-alphanumeric
no vad
dial-peer voice 7 voip
description ## INBOUND DID to CUCM ##
session protocol sipv2
session target ipv4:192.168.1.200
incoming called-number 1845205554[4-5]
voice-class sip profiles 1
dtmf-relay h245-alphanumeric
no vad
sip-ua
credentials username 17772253754 password 7 106C1B49111F17194D realm callcentric.com
authentication username 17772253754 password 7 08035E1E1D11000553 realm callcentric.com
no remote-party-id
retry invite 2
retry register 10
timers connect 100
mwi-server dns:callcentric.com expires 3600 port 5060 transport udp
registrar dns:callcentric.com expires 3600
sip-server dns:callcentric.com
host-registrar
line con 0
line aux 0
line vty 0 4
password cisco
login
transport input all
scheduler allocate 20000 1000
ntp server 199.102.46.72
ntp server 23.227.162.123 prefer
end
exitThank you for the reply. I've updated the dial-peers as sugested. I'm now seeing an invite go out to my CUCM however the call fails with a 403 (forbidden) which appears to come from the ITSP (Callcentric). I've included a new set of ccsip message debugs and the dial-peers as adjusted. Please let me know what you think.
dial-peer voice 6 voip
description ## INBOUND CALL from ITSP ##
session protocol sipv2
session target sip-server
incoming called-number 17772253754
voice-class sip profiles 1
dtmf-relay rtp-nte
no vad
dial-peer voice 100 voip
description ## INBOUND DID to CUCM ##
destination-pattern 17772253754
session protocol sipv2
session target ipv4:192.168.1.200
voice-class sip profiles 1
dtmf-relay rtp-nte
no vad
dial-peer voice 7 voip
description ## INBOUND DID to CUCM ##
session protocol sipv2
session target ipv4:192.168.1.200
incoming called-number 1845205554[4-5]
voice-class sip profiles 1
dtmf-relay rtp-nte
no vad
Feb 15 10:18:11.424: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:[email protected]:5060 SIP/2.0
v: SIP/2.0/UDP 204.11.192.164:5080;branch=z9hG4bK-d78945b444598bc22c8509d069f4789d
f: ;tag=3601469891-655
t: [email protected]>
i: [email protected]
CSeq: 1 INVITE
Max-Forwards: 8
m:
Supported: timer
c: application/sdp
l: 350
v=0
o=NexTone-MSW 2147483647 2147483647 IN IP4 204.11.192.164
s=sip call
c=IN IP4 204.11.192.164
t=0 0
m=audio 61782 RTP/AVP 18 0 8 101
a=fmtp:18 annexb=no
a=fmtp:101 0-15
a=rtpmap:101 telephone-event/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=ptime:20
a=sendrecv
a=silenceSupp:off - - - -
a=setup:actpass
Feb 15 10:18:11.456: //2419/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 204.11.192.164:5080;branch=z9hG4bK-d78945b444598bc22c8509d069f4789d
From: ;tag=3601469891-655
To: [email protected]>
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
Feb 15 10:18:11.460: //2420/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:@192.168.1.200:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9A91F35
From: [email protected]>;tag=8408644-12C8
To:
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2570262061-2509443555-2182021079-2501285341
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1392481091
Contact:
Expires: 180
Allow-Events: telephone-event
Max-Forwards: 7
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 273
v=0
o=CiscoSystemsSIP-GW-UserAgent 2786 1511 IN IP4 192.168.1.203
s=SIP Call
c=IN IP4 192.168.1.203
t=0 0
m=audio 18168 RTP/AVP 18 101
c=IN IP4 192.168.1.203
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
Feb 15 10:18:11.552: //2420/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 407 Proxy Authentication Required
v: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9A91F35;rport=57100;received=24.123.98.94
f: [email protected]>;tag=8408644-12C8
t:
i: [email protected]
CSeq: 101 INVITE
Proxy-Authenticate: Digest realm="callcentric.com", domain="sip:callcentric.com", nonce="8ae6b7b1cea74cf401e8a26fd3c7371b", opaque="", stale=TRUE, algorithm=MD5
l: 0
Feb 15 10:18:11.560: //2420/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Sent:
ACK sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9A91F35
From: [email protected]>;tag=8408644-12C8
To:
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
Max-Forwards: 70
CSeq: 101 ACK
Allow-Events: telephone-event
Content-Length: 0
Feb 15 10:18:11.560: //2420/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:@192.168.1.200:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9AA1BA3
From: [email protected]>;tag=8408644-12C8
To:
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 2570262061-2509443555-2182021079-2501285341
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 102 INVITE
Timestamp: 1392481091
Contact:
Expires: 180
Allow-Events: telephone-event
Proxy-Authorization: Digest username="17772253754",realm="callcentric.com",uri="sip:[email protected]:5060",response="a381f10fbbfbd255b444569fef0dddfe",nonce="8ae6b7b1cea74cf401e8a26fd3c7371b",opaque="",algorithm=MD5
Max-Forwards: 7
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 273
v=0
o=CiscoSystemsSIP-GW-UserAgent 2786 1511 IN IP4 192.168.1.203
s=SIP Call
c=IN IP4 192.168.1.203
t=0 0
m=audio 18168 RTP/AVP 18 101
c=IN IP4 192.168.1.203
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20
Feb 15 10:18:11.648: //2420/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 403 Incorrect Authentication
v: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9AA1BA3;rport=57100;received=24.123.98.94
f: [email protected]>;tag=8408644-12C8
t:
i: [email protected]
CSeq: 102 INVITE
l: 0
Feb 15 10:18:11.660: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
ACK sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.203:5060;branch=z9hG4bK9AA1BA3
From: [email protected]>;tag=8408644-12C8
To:
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
Max-Forwards: 70
CSeq: 102 ACK
Allow-Events: telephone-event
Content-Length: 0
Feb 15 10:18:11.660: //2419/9933162D820E/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 204.11.192.164:5080;branch=z9hG4bK-d78945b444598bc22c8509d069f4789d
From: ;tag=3601469891-655
To: [email protected]>;tag=8408714-B60
Date: Sat, 15 Feb 2014 16:18:11 GMT
Call-ID: [email protected]
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Reason: Q.850;cause=57
Content-Length: 0
Feb 15 10:18:11.752: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
apsc-vrtr1#ACK sip:[email protected]:5060 SIP/2.0
v: SIP/2.0/UDP 204.11.192.164:5080;branch=z9hG4bK-d78945b444598bc22c8509d069f4789d
f: ;tag=3601469891-655
t: [email protected]>;tag=8408714-B60
i: [email protected]
CSeq: 1 ACK
Max-Forwards: 10
l: 0
vrtr1#u al
Feb 15 10:18:14.776: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:18452055544;cic=0288;rn=6465471001;[email protected]:5070 SIP/2.0
v: SIP/2.0/UDP 204.11.192.164:5080;branch=z9hG4bK-e437c2c5cac5f1a6e147c1cd7c98aad7
f: ;tag=3601469891-655
t: [email protected]>;tag=8408714-B60
i: [email protected]
CSeq: 1 ACK
Max-Forwards: 8
l: 0 -
Cisco 2811 - Multiple SIP with CME 8.6
PLAN:
Configure two SIP providers with my Cisco ISR 2811 using CME 8.6
sip.fongo.com
sip.voicediscount.com
All incoming and local outgoing calls using fongo, while long distance & international via voipdiscount.
I have successfully got fongo.com service to work for both incoming and outgoing, however when I try a long distance & international calls I get a busy tone.
Any help will be appreciated since I've had no luck
CONFIG:
BNET01C2811-TOR1807#sh run
Building configuration...
Current configuration : 19512 bytes
! Last configuration change at 21:48:40 EDT Sat Oct 27 2012 by garrett
! NVRAM config last updated at 21:50:55 EDT Sat Oct 27 2012 by garrett
! NVRAM config last updated at 21:50:55 EDT Sat Oct 27 2012 by garrett
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname BNET01C2811-TOR1807
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.m5.bin
boot-end-marker
! card type command needed for slot/vwic-slot 0/0
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$r/t3$A3xgJf.ngqbUq.sDiNC4O0
no aaa new-model
clock timezone EST -4 0
clock summer-time EDT recurring
clock calendar-valid
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.15.0.0 10.15.0.20
ip dhcp pool TOR-1807WEBB
network 10.15.0.0 255.255.255.0
default-router 10.15.0.15
dns-server 64.71.255.198
option 150 ip 10.15.0.15
no ip bootp server
ip domain name bayross.net
ip name-server 64.71.255.198
ip ddns update method sdm_ddns1
HTTP
add http://bayross:******@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://bayross:********@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 1 1 0 0
interval minimum 1 1 0 0
no ipv6 cef
multilink bundle-name authenticated
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
voice service voip
ip address trusted list
ipv4 46.19.209.10
ipv4 46.19.209.11
ipv4 46.19.209.12
ipv4 46.19.209.13
ipv4 46.19.209.14
ipv4 46.19.209.15
ipv4 46.19.209.75
ipv4 46.19.209.76
ipv4 46.19.209.77
ipv4 46.19.209.78
ipv4 46.19.209.79
ipv4 46.19.209.80
ipv4 46.19.210.10
ipv4 46.19.210.11
ipv4 46.19.210.12
ipv4 46.19.210.13
ipv4 46.19.210.14
ipv4 46.19.210.15
ipv4 46.19.210.75
ipv4 46.19.210.76
ipv4 46.19.210.77
ipv4 46.19.210.78
ipv4 46.19.210.79
ipv4 46.19.210.80
ipv4 81.85.224.40
ipv4 81.85.224.41
ipv4 212.150.88.21
ipv4 212.150.88.23
ipv4 212.150.88.24
ipv4 208.65.240.165
ipv4 0.0.0.0 0.0.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
redirect ip2ip
fax protocol pass-through g711ulaw
h323
no h225 timeout keepalive
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
voice register global
mode cme
source-address 10.15.0.15 port 5060
max-dn 100
max-pool 25
tftp-path flash:
create profile sync 0002145265491175
camera
voice translation-rule 2
rule 1 /9905+/ /905/
rule 2 /9416+/ /416/
rule 3 /9647+/ /647/
voice translation-rule 4
rule 1 /91+/ /1/
voice translation-rule 5
rule 1 /9011+/ /011/
voice translation-rule 7
rule 1 /1011/ /16472473297/
voice translation-rule 911
rule 1 /111/ /6473385738/
voice translation-rule 2473297
rule 1 /16472473297/ /1011/
voice translation-profile Caller-ID
translate calling 7
voice translation-profile Emergency
translate called 911
voice translation-profile Incoming
translate called 2473297
voice translation-profile International
translate calling 7
translate called 5
voice translation-profile Local
translate calling 7
translate called 2
voice translation-profile LongDistance
translate calling 7
translate called 4
voice-card 0
dsp services dspfarm
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-21053818
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-21053818
revocation-check none
rsakeypair TP-self-signed-21053818
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-21053818
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32313035 33383138 301E170D 31323130 31373131 33303333
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323130 35333831
3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B080
AD5A9751 C15D5932 0677DBEF A59AF6B0 1EF55BE0 B1DFA4B8 397130B7 90BA221D
5A03F805 DD546B79 D40CD413 3FD7CCFC A2137323 63E26137 8577DD77 C1787B0E
ADC65091 042897A3 2F26DAC0 CCF0E0AC 604AA2B4 48616FE3 976E17B6 53ABC719
16EFA128 8F883BFA 39FA02EF CA820300 4B650412 77418E6D AE45C6A1 0FEB0203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14504E01 C3E57E38 CAB8659D 21D57880 66FE3CDB 83301D06 03551D0E
04160414 504E01C3 E57E38CA B8659D21 D5788066 FE3CDB83 300D0609 2A864886
F70D0101 05050003 81810049 A534494C B6777D5B FCAB252E 8FD03C10 D917714E
3314139B 04FCB2CC 74C06091 D189470E 930CEA8A 393461A7 E505BB0A 59DEDF5C
37711F56 127E22C6 CA9457EC 960A868D 37B24F75 A03B1F8B A611D77F 0E79B2D8
135C57AF B9705B78 BA97BFF3 5967C1D1 6E2B92D3 A8BE055B 10A59F2C 5D28C55B
2164E3C7 7F2380E1 E33AD4
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
license udi pid CISCO2811 sn FHK1041F27M
username garrett privilege 15 password 7 070D000000094C50
redundancy
ip tcp synwait-time 10
no ip ftp passive
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map match-any CCP-Voice-1
match dscp ef
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map match-any CCP-Management-1
match dscp cs2
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-sip-inspect
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map sdm-qos-test-123
class class-default
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class type inspect ccp-sip-inspect
pass
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
interface Null0
no ip unreachables
interface FastEthernet0/0
description $ES_LAN$$FW_INSIDE$
ip address 10.15.0.15 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
duplex full
speed auto
no mop enabled
interface FastEthernet0/1
description $FW_OUTSIDE$$ETH-WAN$
ip dhcp client update dns server none
ip ddns update sdm_ddns1
ip address dhcp client-id FastEthernet0/1 hostname bayross.net
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
no mop enabled
service-policy output CCP-QoS-Policy-1
interface FastEthernet0/2/0
no ip address
shutdown
interface FastEthernet0/2/1
no ip address
shutdown
interface FastEthernet0/2/2
no ip address
shutdown
interface FastEthernet0/2/3
no ip address
shutdown
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
ip forward-protocol nd
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http path flash:
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 60000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.15.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 10.15.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run
tftp-server flash:term41.default.loads alias term41.default.loads
tftp-server flash:term61.default.loads alias term61.default.loads
tftp-server flash:Analog1.raw
tftp-server flash:Analog2.raw
tftp-server flash:AreYouThere.raw
tftp-server flash:AreYouThereF.raw
tftp-server flash:Bass.raw
tftp-server flash:CallBack.raw
tftp-server flash:Chime.raw
tftp-server flash:Classic1.raw
tftp-server flash:Classic2.raw
tftp-server flash:ClockShop.raw
tftp-server flash:DistinctiveRingList.xml
tftp-server flash:Drums1.raw
tftp-server flash:Drums2.raw
tftp-server flash:FilmScore.raw
tftp-server flash:HarpSynth.raw
tftp-server flash:Jamaica.raw
tftp-server flash:KotoEffect.raw
tftp-server flash:MusicBox.raw
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Pop.raw
tftp-server flash:Pulse1.raw
tftp-server flash:Ring1.raw
tftp-server flash:Ring2.raw
tftp-server flash:Ring3.raw
tftp-server flash:Ring4.raw
tftp-server flash:Ring5.raw
tftp-server flash:Ring6.raw
tftp-server flash:Ring7.raw
tftp-server flash:RingList.xml
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw
tftp-server flash:Vibe.raw
tftp-server flash:P00308010200.bin alias P00308010200.bin
control-plane
voice-port 0/1/0
voice-port 0/1/1
voice-port 0/1/2
voice-port 0/1/3
voice-port 0/3/0
caller-id enable
voice-port 0/3/1
caller-id enable
mgcp profile default
sccp local FastEthernet0/0
sccp ccm 10.15.0.15 identifier 1 version 4.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register confprof2
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 20
shutdown
dspfarm profile 2 conference
codec g711ulaw
codec g711alaw
maximum sessions 5
associate application SCCP
dial-peer cor custom
name Main1_10Digit
name Main1_11Digit
dial-peer cor list Main1-11Digit
member Main1_11Digit
dial-peer cor list Main1-Line
member Main1_10Digit
member Main1_11Digit
dial-peer voice 1 voip
description ## INCOMING - DIDWW - 16472584731 ##
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 16472584731
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 2003 pots
description #### INCOMING INTERFACE 0/3/1 ####
destination-pattern 16472584731
incoming called-number 16472584731
port 0/3/1
dial-peer voice 1000 pots
description #### KITCHEN ####
destination-pattern 1000
port 0/3/0
dial-peer voice 1003 pots
description #### MASTER BEDROOM ####
destination-pattern 1003
port 0/3/1
dial-peer voice 10 voip
corlist outgoing Main1-11Digit
description Main1 11-Digit Outgoing
translation-profile outgoing LongDistance
destination-pattern 91..........
session protocol sipv2
session target dns:sip.voipdiscount.com
session transport udp
dtmf-relay rtp-nte sip-notify
codec g711ulaw
no vad
dial-peer voice 11 voip
corlist outgoing Main1-Line
translation-profile incoming Incoming
translation-profile outgoing Local
destination-pattern 9[^1]..[2-9]......
session protocol sipv2
session target dns:sip.fongo.com
incoming called-number .
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 12 voip
translation-profile outgoing International
destination-pattern 9011T
session protocol sipv2
session target dns:sip.voipdiscount.com
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 911 voip
translation-profile outgoing Emergency
destination-pattern 111
session protocol sipv2
session target dns:sip.fongo.com
dtmf-relay rtp-nte
codec g711ulaw
no vad
gateway
timer receive-rtp 1200
sip-ua
credentials username 37373737373 password 7 00000000000000000000 realm sip.fongo.com
credentials username username password 7 00000000000000000000 realm sip.voipdiscount.com
authentication username username password 7 0000000000000000000000000 realm sip.voipdiscount.com
no remote-party-id
srv version 1
retry invite 3
retry register 10
timers register 150
registrar 1 dns:sip.voipdiscount.com expires 3600
registrar 2 dns:sip.fongo.com expires 3600
sip-server dns:sip.voipdiscount.com
host-registrar
telephony-service
sdspfarm units 1
sdspfarm transcode sessions 5
sdspfarm tag 1 confprof2
conference hardware
no auto-reg-ephone
max-ephones 25
max-dn 100
ip source-address 10.15.0.15 port 2000
system message Bayross Residence
cnf-file location flash:
user-locale US load CME-locale-en_US-English-7.0.1.1.tar
load 7960-7940 P00308010200.loads
load 7941 SCCP41.9-1-1SR1S.loads
load 7941GE SCCP41.9-1-1SR1S.loads
load 7961 SCCP41.9-1-1SR1S.loads
load 7961GE SCCP41.9-1-1SR1S.loads
time-zone 12
max-conferences 8 gain -6
moh flash:/music-on-hold.au
web admin system name garrett secret 5 $1$MjiP$KMQoyqL/3mnftN0OLqs8b1
time-webedit
transfer-system full-consult
secondary-dialtone 9
create cnf-files version-stamp 7960 Oct 26 2012 19:53:22
ephone-dn 2 octo-line
number A001
conference ad-hoc
preference 3
ephone-dn 3 octo-line
number A002
conference ad-hoc
preference 3
ephone-dn 4 octo-line
number A003
conference ad-hoc
preference 3
ephone-dn 5 octo-line
number A004
conference ad-hoc
preference 3
ephone-dn 6 octo-line
number A005
conference ad-hoc
preference 3
ephone-dn 11 dual-line
number 1011 secondary 16472473297 no-reg both
corlist incoming Main1-Line
ephone-dn 12 dual-line
number 1012
label Garrett Bayross
name Garrett Bayross
corlist incoming Main1-Line
ephone 1
no multicast-moh
device-security-mode none
mac-address F04D.A28C.CBAC
mtp
type CIPC
button 1:11
ephone 2
device-security-mode none
mac-address 0016.4697.A472
type 7940
button 1:12
banner login ^CBayross.NET Network
^C
banner motd ^C
line con 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input all
transport output all
scheduler allocate 20000 1000
ntp update-calendar
ntp server 128.100.100.128 prefer source FastEthernet0/1
endDEBUG OUTPUT:
login as: garrett
Bayross.NET Network
Using keyboard-interactive authentication.
Password:
------------- LEGAL NOTICE ----------------
-- THIS IS A PRIVATE SYSTEM --
-- UNAUTHORIZED ACCESS IS PROHIBITED --
-- CECI EST UN SYSTEME PRIVE --
-- TOUT ACCES NON AUTORISE EST INTERDIT --
BNET01C2811-TOR1807#deb
BNET01C2811-TOR1807#debug ccsip all
This may severely impact system performance. Continue? [confirm]
All SIP Call tracing is enabled
BNET01C2811-TOR1807#term mon
BNET01C2811-TOR1807#REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:43 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385503
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859402: Oct 27 21:51:47.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859403: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859404: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859405: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859406: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859407: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859408: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859409: Oct 27 21:51:47.834 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.134, rport:5060 with laddr:
1859410: Oct 27 21:51:47.834 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859411: Oct 27 21:51:47.834 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, local_addr=, connId=4 for UDP
1859412: Oct 27 21:51:47.838 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:47 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385507
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859413: Oct 27 21:51:51.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859414: Oct 27 21:51:51.834 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859415: Oct 27 21:51:51.834 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859416: Oct 27 21:51:51.834 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859417: Oct 27 21:51:51.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859418: Oct 27 21:51:51.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859419: Oct 27 21:51:51.838 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859420: Oct 27 21:51:51.838 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.134, rport:5060 with laddr:
1859421: Oct 27 21:51:51.838 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859422: Oct 27 21:51:51.838 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, local_addr=, connId=4 for UDP
1859423: Oct 27 21:51:51.842 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:51 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385511
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859424: Oct 27 21:51:55.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859425: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859426: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859427: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859428: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859429: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859430: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859431: Oct 27 21:51:55.834 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.134, rport:5060 with laddr:
1859432: Oct 27 21:51:55.834 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859433: Oct 27 21:51:55.834 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.134, port=5060, local_addr=, connId=4 for UDP
1859434: Oct 27 21:51:55.838 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:55 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385515
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859435: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
1859436: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
1859437: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 99.230.172.76
1859438: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
1859439: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
1859440: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 99.230.172.76
1859441: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_spi_register_get_rcb: Getting New RCB [0x4C6D2730]
1859442: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/ccsipGetCCBFromRCB: Retrived CCB pointer [0x0]
1859443: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_spi_register_free_rcb: Freeing rcb [0x4C6D1BAC]
1859444: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_register_set_dns_resolved_address: CCSIP_REGISTER:: registrar 0 DNS resolved addr set to 77.72.169.131:5060
1859445: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/ccsipRegisterStartRCBTimer: Starting timer for pattern for 3600 seconds
1859446: Oct 27 21:51:59.834 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859447: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859448: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859449: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859450: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x41C25300
1859451: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859452: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859453: Oct 27 21:51:59.838 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859454: Oct 27 21:51:59.838 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859455: Oct 27 21:51:59.838 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859456: Oct 27 21:51:59.842 EDT: //3542/000000000000/SIP/State/sipSPIChangeState: 0x4B6533C0 : State change from (SIP_STATE_OUTGOING_REGISTER, SUBSTATE_NONE) to (SIP_STATE_OUTGOING_REGISTER, SUBSTATE_NONE)
1859457: Oct 27 21:51:59.846 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:59 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385519
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859458: Oct 27 21:51:59.990 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859459: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859460: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859461: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859462: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859463: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859464: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859465: Oct 27 21:51:59.990 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859466: Oct 27 21:51:59.990 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859467: Oct 27 21:51:59.990 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859468: Oct 27 21:51:59.994 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:51:59 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385519
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859469: Oct 27 21:52:00.290 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859470: Oct 27 21:52:00.290 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859471: Oct 27 21:52:00.290 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859472: Oct 27 21:52:00.290 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859473: Oct 27 21:52:00.290 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859474: Oct 27 21:52:00.290 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859475: Oct 27 21:52:00.294 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859476: Oct 27 21:52:00.294 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859477: Oct 27 21:52:00.294 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859478: Oct 27 21:52:00.294 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859479: Oct 27 21:52:00.294 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:52:00 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385520
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859480: Oct 27 21:52:00.891 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859481: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859482: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859483: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859484: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859485: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859486: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859487: Oct 27 21:52:00.891 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859488: Oct 27 21:52:00.891 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859489: Oct 27 21:52:00.891 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859490: Oct 27 21:52:00.899 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:52:00 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385520
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859491: Oct 27 21:52:02.091 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859492: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859493: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859494: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859495: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859496: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859497: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859498: Oct 27 21:52:02.091 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859499: Oct 27 21:52:02.091 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859500: Oct 27 21:52:02.091 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859501: Oct 27 21:52:02.099 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.voipdiscount.com:5060 SIP/2.0
Via: SIP/2.0/UDP 99.230.172.76:5060;branch=z9hG4bKED020B5
From: [email protected]>;tag=59BB550-3A6
To: [email protected]>
Date: Sun, 28 Oct 2012 00:52:02 GMT
Call-ID: C977B084-1FCE11E2-81A4A3AB-85AB6D24
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1351385522
CSeq: 5 REGISTER
Contact:
Expires: 3600
Supported: path
Content-Length: 0
1859502: Oct 27 21:52:04.491 EDT: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone EDT to SIP default timezone = GMT
1859503: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Info/sipSPISendRegister: Associated container=0x4E3C18B0 to Register
1859504: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
1859505: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
1859506: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, sentBy_port=0, local_addr=, is_req=1, transport=1, switch=0, callBack=0x0
1859507: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
1859508: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
1859509: Oct 27 21:52:04.491 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:77.72.169.131, rport:5060 with laddr:
1859510: Oct 27 21:52:04.491 EDT: //3542/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x4CCD8DC8
1859511: Oct 27 21:52:04.491 EDT: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x4CCD8DC8, addr=77.72.169.131, port=5060, local_addr=, connId=2 for UDP
1859512: Oct 27 21:52:04.495 EDT: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent: -
Using Third Parth Compact Flash in a 2811 Router?
Hello all. I have a 2811 with a Cisco-installed 64MB compact flash card installed. It's not enough to install CallManager Express. We are in a pinch and need a bigger card fast. We tried using a Transcend 256MB compact flash card (not Cicso-approved or anything).
It doesn't work though. As far as we can tell it is formatted just as the 64MB card. Has all the same files on it but it won't boot.
If we boot with the 64MB card and then swap in the 256MB card, the console will display messages saying CompactFlash has been inserted. But "sh flash:" will result in device "flash:" not found.
Please, any ideas?
We should be able to use third-party CF cards if we want to right?There are some third party compact flash cards that will work. You will need one that is NOT high speed or ultra or anything like that. I use a traditional san disk 256Mb CF card and it works great (also used in a 2800). I always carry one in my bag that has all the IOS's for recovery purposes. Here is a link for the one I use.
http://www.amazon.com/SanDisk-256MB-CompactFlash-Memory-Card/dp/B000YA9G3S/ref=sr_1_9?ie=UTF8&s=electronics&qid=1221688285&sr=8-9
HTH,
Mark -
2811 w/ NM-1CE1T1-PRI & PVDM2-36DM - Modem lines being marked "B" Bad
We recently setup a new 2811 router (IOS 15.0(1)M7) for remote dialup access. It has a ISDN PRI network module NM-1CE1T1-PRI and a 36 port Digital Modem Module (PVDM2-36DM) installed to receive the inbound modem calls.
When the router is booted up, inbound remote dialup connections work fine for several hours. Then the router digital modem lines begin to stop working. For example, an inbound call is made but the modem tone does not answer. However a "show modem call-stats" shows that a line becomes active with a "*" symbol. When the call is hung up, the line remains in an active "*" state. Eventually the state changes to a "B - Modem is marked bad and cannot be used for taking calls". This symptom will repeat itself with each new inbound call until all of the lines are marked "B". Only a router reboot will temporarily correct the problem.
Additional symptom, "show modem version" changes to "NiOS Not Responding".
#sh modem ver
Slot 0:
PVDM 1: PVDMII-36DM - HW Version 1, FPGA Version 3.3, NiOS Not Responding
Modem 0/386-0/397:
PCI Classid: 0x07800001 Bootrom Rev: 0x00005601 Diag Result: 0x0000007F
Firmware: Exp_V3_12_2
Modem 0/398-0/409:
PCI Classid: 0x07800001 Bootrom Rev: 0x00005601 Diag Result: 0x0000007F
Firmware: Exp_V3_12_2
Modem 0/410-0/421:
PCI Classid: 0x07800001 Bootrom Rev: 0x00005601 Diag Result: 0x0000007F
Firmware: Exp_V3_12_2Hi Ismel,
Modem firmware looks good to me but you can still try a firmware upgrade to V3_12_3.
If it is random number selection of bad modem then I suspect that it's an ISP issue and B-channel of ISP while termination of call, leaving the modem in Bad state.
HTH
Amit -
ILBC and MGCP/2811/IOS15.1/PVDM2-48
We have CUCM 9.1(1)/Unity Connection 9.1(1) integrated with iLBC codec via SIP trunk from CUCM. Works fine internally.
User's 7965 rings but PSTN hears fast busy upon CFB/CFNA to voicemail. CCM traces show transcoder being invoked (we don't have one setup, I was wanting MGCP gateway to Unity Connection to be iLBC no xcoder by design)
Doesn’t appear that my IOS15-1/2811/MGCP/PVDM2-48 can do iLBC….or do I have something wrong with my mgcp config? Everything else works great but this SIP/iLBC setup.
voice-card 0
dsp service dspfarm
codec complexity flex
controller t1 0/0/0
pri-group timeslots 1-4 service mgcp
interface Serial0/0/0:23
isdn bind-l3 ccm-manager
mgcp codec ilbc
ccm-manager mgcp codec-all
no mgcp
mgcp
debug mgcp packet at gateway I see G711
*May 24 21:50:34.933: MGCP Packet sent to 10.12.5.11:2427--->
200 526 OK
I: 3
v=0
c=IN IP4 10.12.65.254 <<<Gateway IP
m=audio 16948 RTP/AVP 0 100 <<<<shows g711, and no iLBC capability
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
<---Hi Jason,
You might want to try one of the fixed versions of the following bug
https://tools.cisco.com/bugsearch/bug/CSCtw78163/?reffering_site=dumpcr
Description
Symptom:
iLBC codec on MGCP GW not supported with IOS 15.2(1)T
Conditions:
MGCP GW configuration:
===================
ccm-manager mgcp codec-all
mgcp codec ilbc mode 20 packetization-period 60
CUCM configuration:
=================:
region with iLBC settings created
Workaround:
it works with earlier IOS (15.1(3)T2)
HTH
Manish -
2811 modem disconnecting problem
Hi there am having an issue with digital modems disconnecting on a cisco 2811. The router has PVDM2-36DM card and hwic-1ce1t1-pri E1 interface installed.
The E1 is up and I can dialout but the calls drop after 24-30 secs.
I have issued the debug modem csm and the following output is shown.
ebug modem s csm
Modem Management Call Switching Module debugging is on
Dial_SRV#
*May 16 12:13:37.495: Modem 0/322 CSM: received ASYNC_DTR_UP for line 322
Dial_SRV#
*May 16 12:13:40.455: CSM: csm_modem_event called
*May 16 12:13:40.455: Modem 0/322 CSM: Called Number Rcvd = 07879605414
*May 16 12:13:40.455: Modem 0/322 CSM: Dial String to be processed (07879605414)
*May 16 12:13:40.455: Modem 0/322 CSM: End of Dial String
*May 16 12:13:40.455: Modem 0/322 CSM: (CSM_PROC_IDLE)<--MODEM_DIAL_OUT
*May 16 12:13:40.483: CSM: csm_modem_event called
*May 16 12:13:40.483: Modem 0/322 CSM: (CSM_PROC_OC_ISDN_PROCESSING_CALL)<--CSM_EVENT_MODEM_SETUP
*May 16 12:13:40.627: CSM: MODEM_REPORT from 0/0/0:11, call_id=0x800A, event=0x3, cause=0x0, dchan_idb=0x462427A0
Dial_SRV#
*May 16 12:13:40.627: Modem 0/322 CSM: (CSM_PROC_OC_ISDN_PROCESSING_CALL)<--ISDN_BCHAN_ASSIGNED
Dial_SRV#
*May 16 12:13:45.443: %ISDN-6-CONNECT: Interface Serial0/0/0:11 is now connected to 07879605414 N/A
Dial_SRV#
*May 16 12:13:45.443: CSM: MODEM_REPORT from 0/0/0:11, call_id=0x800A, event=0x4, cause=0x0, dchan_idb=0x462427A0
*May 16 12:13:45.443: Modem 0/322 CSM: MODEM_REPORT rcvd DEV_CONNECTED for call_id 0x800A
*May 16 12:13:45.443: Modem 0/322 CSM: (CSM_PROC_OC_ISDN_CONNECT_PENDING)<--ISDN_CONNECTED
technolog_Dial_SRV#
*May 16 12:13:59.851: CSM: csm_modem_event called
*May 16 12:13:59.851: Modem 0/322 CSM: (CSM_PROC_WAIT_FOR_CARRIER)<--MODEM_CONNECTED
Dial_SRV#
*May 16 12:14:09.903: Modem 0/322 CSM: (CSM_PROC_CONNECTED)<--ASYNC_DTR_DOWN
*May 16 12:14:09.983: CSM: csm_modem_event called
*May 16 12:14:09.983: Modem 0/322 CSM: (CSM_PROC_DISCONNECTED)<--MODEM_DISCONNECTED
*May 16 12:14:09.983: Modem 0/322 CSM: Stopping dm tone timer
*May 16 12:14:09.987: Modem 0/322 CSM: (CSM_PROC_DISCONNECTED)<--QUEUED_DISCONNECT
*May 16 12:14:09.987: Modem 0/322 CSM: Stopping dm tone timer
*May 16 12:14:09.987: Modem 0/322 CSM: CSM_MODEM_DEALLOCATE: modem is deallocated
*May 16 12:14:09.987: CSM: called_party_num '07879605414'
*May 16 12:14:09.987: Modem 0/322 CSM: (CSM_PROC_IDLE)<--ASYNC_DTR_DOWN
*May 16 12:14:09.987: %ISDN-6-DISCONNECT: Interface Serial0/0/0:11 disconnected from 07879605414 , call lasted 24 seconds
Dial_SRV#
*May 16 12:14:10.063: CSM: csm_modem_event called
*May 16 12:14:10.063: Modem 0/322 CSM: (CSM_PROC_IDLE)<--MODEM_DISCONNECTED
*May 16 12:14:10.151: CSM: MODEM_REPORT from 0/0/0:11, call_id=0x800A, event=0x0, cause=0x0, dchan_idb=0x462427A0
*May 16 12:14:10.151: CSM: MODEM_REPORT rcvd DEV_IDLE for call_id 0x800A, modem not found due to wrong b channel number or b channel is deallocated
*May 16 12:14:10.987: Modem 0/322 CSM: received ASYNC_DTR_UP for line 322
Dial_SRV#
What stands out is the following line 'modem not found due to wrong b channel number or b channel is deallocated'
I have attached the full config and in it I have configured the time-slots 1-12,16 This is because the organisation does not have the full E1 but only first 12 channels 16 is the d channel.
Any assistance would be much appreciated
ThanksHello folks,
I have found the problem.It seems that the software being used on the server to dial out to the remote devices required a modem initialisation string.
We tested dialing out with a normal windows dialup connection and this work perfectly. -
I am adding a router E1 in a 2811 and would like to know what type of connector should I use?
Can anyone help me?
Thank you.You can consult one of these links:
https://learningnetwork.cisco.com/thread/11803
http://www.cisco.com/en/US/tech/tk713/tk628/technologies_tech_note09186a00800fb754.shtml
http://www.cisco.com/en/US/docs/interfaces_modules/port_adapters/install_upgrade/cables_and_attenuator/75-120ohm_cbl_e1_multichan_install/6728cabl.html
Here you can find required informations.
Regards. -
2811 service module compatability
Hi,
Will a Cisco NM-2FE2W Network Module work in a 2811 router and if so what are the commands to set it up? I know how to setup T1 controllers but is this the same or similar or what? (presuming the module will work?)
Thanks!Hi,
The 2811 does not support NM-2FE2W module. See table-3 in this link:
http://www.cisco.com/c/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/prod_qas0900aecd80169bd6.html
HTH -
IOS: AnyConnect 2.5.3055, Windows 7 x64 fails to connect to Webvpn on 2811
I am attempting to add SSLVPN to my 2811 and 2801 production routers. These devices currently run IOS 12.4(24)T4 ADV SECURITY images. I have succesfully configured the SSL VPN gateway via CCP. I can connect via web browser to https://2811IP/sslvpn, log in, and use the web portal. When I attempt to use the full tunnel AnyConnect client on Windows 7 x64 (I have nothing else to test with right now) I get the simple and vague error: "Connection attempt has failed." This error occurs before I would receive a prompt to provide credentials. It never prompts me. There is no further information such as timeout, certificate error, or anything like that.
running term mon and debug webvpn on the router produces only the following when the client attempts to connect:
002121: Oct 23 00:10:35.081: WV: sslvpn process rcvd context queue event
002122: Oct 23 00:10:35.085: WV: sslvpn process rcvd context queue event
002123: Oct 23 00:10:38.973: WV: sslvpn process rcvd context queue event
002124: Oct 23 00:10:38.977: WV: sslvpn process rcvd context queue event
002125: Oct 23 00:10:39.041: WV: sslvpn process rcvd context queue event
002126: Oct 23 00:10:39.041: WV: Entering APPL with Context: 0x47FE4C90,
Data buffer(buffer: 0x4732ABC0, data: 0x3F5BE498, len: 172,
offset: 0, domain: 0)
002127: Oct 23 00:10:39.041: WV: http request: /sslvpn with no cookie
002128: Oct 23 00:10:39.041: WV: Client side Chunk data written..
buffer=0x4732AA20 total_len=188 bytes=188 tcb=0x481CF0A8
I've tried adding a program exception for anyconnect to the windows firewall.
I've tried disabling the windows firewall.
I've tried connecting via different ISPs, both wired and cellular.
I've tried the previous release of AnyConnect for Windows.
The TP certificate on the device is self-signed and valid from 1/23/2006 to 12/31/2019. I am prompted to accept the cert when I client Select (Connect) in the client. After I click Accept on the certificate window the connection fails. If I wait a while (perhaps a minute) the following error pops up, but ONLY if I wait a while before clicking Accept:
"AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network"
What else can I check?Does the iPod work OK?
Does it charge when connect to the computer?
Does it appear in My Computer?
Look at the dock connector on the iPod. Compare with the iPod that does work/connect.
I suspect you have a 2G iPod. Those can only go to iOS 4.2.1
http://support.apple.com/kb/HT1353#iPod_touch_late2009
iPod touch (3rd generation)
iPod touch (3rd generation) features a 3.5-inch (diagonal) widescreen multi-touch display and 32 GB or 64 GB flash drive. You can browse the web with Safari and watch YouTube videos with Wi-Fi. You can also search, preview, and buy songs from the iTunes Wi-Fi Music Store on iPod touch.
The iPod touch (3rd generation) can be distinguished from iPod touch (2nd generation) by looking at the back of the device. In the text below the engraving, look for the model number. iPod touch (2nd generation) is model A1288, and iPod touch (3rd generation) is model A1318. -
Cisco 2811 Router with 3 ADSL card and load balancing
Dear All,
I have few queries:
1. Does Cisco 2811 Router support 3 ADSL card?
2. We are the ISP. I want to do load balancing with 3 dsl
line on Cisco 2811 Router.
Please send me the linke for this configuration.
Thanks/Regards
Atulhi
In 2811 you have 4 HWIC and 1 NME you can install 1-port ADSL WAN Interface Cardon the HWIC slots.
Also just enable 3 default (equal cost) routes towards the interfaces which will take care of the load balancing.
if you need more info and inputs do post out with ur requirements along with network topology in place at present..
regds -
Hi all,
Please bear with me. I noticed several topics along the lines of password recovery for a 2811 router and do not mean to ask a redundant question. I've followed the .pdf instructions and the router will reboot as normal every time. I manage to get to the rommon 1> and when I initially entered the confreg command as outlined in the password recovery steps it would not recognize the confreg command. I ended up typing a ? and all the avaialble commands listed... after the commands listed, the CLI would allow me to type confreg 0x2142 which resulted in a message "need to reload or power cycle" (or something to that effect). After typing the reset, the 2811 reloads, but reboots to normal condition. I tried the confreg 0x102 method and got the same result. After several attempts, it seems like the procedure is not working. So how can I simply default the router and start from scratch if the recovery procedure fails?
Thank you!Hello
Can you try the below:-
thanks
please rate all useful information
Shut down the router.
Remove the compact flash that is at the back of the router.
Power on the router.
Once the Rommon1> prompt appears, enter this command:
confreg 0x2142
Insert the compact flash.
Type reset. /you forget to type reset/
When you are prompted to enter the initial configuration, type No, and press Enter.
At the Router> prompt, type enable.
At the Router# prompt, enter the configure memory command, and press Enter in order to copy the startup configuration to the running configuration.
Use the config t command in order to enter global configuration mode.
Use this command in order to create a new user name and password:
router(config)#username cisco privilege 15 password cisco
Use this command in order to change the boot statement:
config-register 0x2102
Use this command in order to save the configuration:
write memory
Reload the router, and then use the new user name and password to log in to the router.
Maybe you are looking for
-
White window shows up on all adobe programs just a strip window overlay...
When I open adobe reader or Elements a white window opens with a ryb buttons on the top left. It well go on and off it I indicate a command and preferences. It hides the preferences unless I drag it on the top left corner. It is aways there..can an
-
hi , can someone guide me to restore my iphone? I was downloading ios 6 but i think it was stuck and after that my phone just freeze with the apple icon. I keep following the instruction to press HOME and POWER OFF button then try to get it boot up t
-
PS4 System software v 2.57 is now available
Hi guys, PS4 system software version 2.57 is now available. This is a optional update which improves system stability. You can still connect to the PSN and online services if you chose not to complete this update. To update the system software via y
-
Burn 32Gb iPhoto file to 4.7Gb DVD's
I have 2011 Macbook pro. Have 12600 pics file (32GB) I need to copy to 4.7Gb DVD's for backup/security but when I try to upload/burn the file to DVD it says file to big so won't allow sequential burn to 8 DVD's. Is there a way around this? Thanks, Ni
-
Problems printing cropped photos
Having cropped ~4x6 from a large photo, E11 will only print ~ 1/2 onto a 4x6. What to do? (thread title edited by forum host)