ILBC and MGCP/2811/IOS15.1/PVDM2-48
We have CUCM 9.1(1)/Unity Connection 9.1(1) integrated with iLBC codec via SIP trunk from CUCM. Works fine internally.
User's 7965 rings but PSTN hears fast busy upon CFB/CFNA to voicemail. CCM traces show transcoder being invoked (we don't have one setup, I was wanting MGCP gateway to Unity Connection to be iLBC no xcoder by design)
Doesn’t appear that my IOS15-1/2811/MGCP/PVDM2-48 can do iLBC….or do I have something wrong with my mgcp config? Everything else works great but this SIP/iLBC setup.
voice-card 0
dsp service dspfarm
codec complexity flex
controller t1 0/0/0
pri-group timeslots 1-4 service mgcp
interface Serial0/0/0:23
isdn bind-l3 ccm-manager
mgcp codec ilbc
ccm-manager mgcp codec-all
no mgcp
mgcp
debug mgcp packet at gateway I see G711
*May 24 21:50:34.933: MGCP Packet sent to 10.12.5.11:2427--->
200 526 OK
I: 3
v=0
c=IN IP4 10.12.65.254 <<<Gateway IP
m=audio 16948 RTP/AVP 0 100 <<<<shows g711, and no iLBC capability
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
<---
Hi Jason,
You might want to try one of the fixed versions of the following bug
https://tools.cisco.com/bugsearch/bug/CSCtw78163/?reffering_site=dumpcr
Description
Symptom:
iLBC codec on MGCP GW not supported with IOS 15.2(1)T
Conditions:
MGCP GW configuration:
===================
ccm-manager mgcp codec-all
mgcp codec ilbc mode 20 packetization-period 60
CUCM configuration:
=================:
region with iLBC settings created
Workaround:
it works with earlier IOS (15.1(3)T2)
HTH
Manish
Similar Messages
-
Site-to-Site VPN btw Pix535 and Router 2811, can't get it work
Hi, every one, I spent couple of days trying to make a site-to-site VPN between PIX535 and router 2811 work but come up empty handed, I followed instructions here:
http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml
#1: PIX config:
: Saved
: Written by enable_15 at 18:05:33.678 EDT Sat Oct 20 2012
PIX Version 8.0(4)
hostname pix535
interface GigabitEthernet0
description to-cable-modem
nameif outside
security-level 0
ip address X.X.138.132 255.255.255.0
ospf cost 10
interface GigabitEthernet1
description inside 10/16
nameif inside
security-level 100
ip address 10.1.1.254 255.255.0.0
ospf cost 10
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_cryptomap_dyn_60 extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
pager lines 24
ip local pool cnf-8-ip 10.1.1.192-10.1.1.199 mask 255.255.0.0
global (outside) 10 interface
global (outside) 15 1.2.4.5
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 15 10.1.0.0 255.255.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.138.1 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
group-policy GroupPolicy1 internal
group-policy cnf-vpn-cls internal
group-policy cnf-vpn-cls attributes
wins-server value 10.1.1.7
dns-server value 10.1.1.7 10.1.1.205
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value x.com
username sean password U/h5bFVjXlIDx8BtqPFrQw== nt-encrypted
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key secret1
radius-sdi-xauth
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cnf-vpn-cls type remote-access
tunnel-group cnf-vpn-cls general-attributes
address-pool cnf-8-ip
default-group-policy cnf-vpn-cls
tunnel-group cnf-vpn-cls ipsec-attributes
pre-shared-key secret2
isakmp ikev1-user-authentication none
tunnel-group cnf-vpn-cls ppp-attributes
authentication ms-chap-v2
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
Cryptochecksum:9780edb09bc7debe147db1e7d52ec39c
: end
#2: Router 2811 config:
! Last configuration change at 09:15:32 PST Fri Oct 19 2012 by cnfla
! NVRAM config last updated at 13:45:03 PST Tue Oct 16 2012
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LA-2800
crypto pki trustpoint TP-self-signed-1411740556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1411740556
revocation-check none
rsakeypair TP-self-signed-1411740556
crypto pki certificate chain TP-self-signed-1411740556
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343131 37343035 3536301E 170D3132 31303136 32303435
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34313137
34303535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F75F F1BDAD9B DE9381FD 165B5188 7EAF9685 CF15A317 1B424825 9C66AA28
C990B2D3 D69A2F0F D745DB0E 2BB4995D 73415AC4 F01B2019 84373199 C4BCF9E0
E599B86C 17DBDCE6 47EBE0E3 8DBC90B2 9B4E217A 87F04BF7 A182501E 24381019
A61D2C05 5404DE88 DA2A1ADC A81B7F65 C318B697 7ED69DF1 2769E4C8 F3449B33
35AF0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 074C412D 32383030 301F0603 551D2304 18301680 14B56EEB
88054CCA BB8CF8E8 F44BFE2C B77954E1 52301D06 03551D0E 04160414 B56EEB88
054CCABB 8CF8E8F4 4BFE2CB7 7954E152 300D0609 2A864886 F70D0101 04050003
81810056 58755C56 331294F8 BEC4FEBC 54879FF5 0FCC73D4 B964BA7A 07D20452
E7F40F42 8B355015 77156C9F AAA45F9F 59CDD27F 89FE7560 F08D953B FC19FD2D
310DA96E A5F3E83B 52D515F8 7B4C99CF 4CECC3F7 1A0D4909 BD08C373 50BB53CC
659C4246 2CB7B79F 43D94D96 586F9103 9B4659B6 5C8DDE4F 7CC5FC68 C4AD197A 4EC322
quit
crypto isakmp policy 1
authentication pre-share
crypto isakmp key SECRET address X.X.138.132 no-xauth
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
interface FastEthernet0/0
description WAN Side
ip address X.X.216.29 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map la-2800-ipsec-policy
interface FastEthernet0/1
description LAN Side
ip address 10.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 10 permit X.X.138.132
access-list 99 permit 64.236.96.53
access-list 99 permit 98.82.1.202
access-list 101 remark vpn tunnerl acl
access-list 101 remark SDM_ACL Category=4
access-list 101 remark tunnel policy
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.20.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
webvpn gateway gateway_1
ip address X.X.216.29 port 443
ssl trustpoint TP-self-signed-1411740556
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context gateway-1
title "b"
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
functions svc-enabled
svc address-pool "WebVPN-Pool"
svc keep-client-installed
svc split include 10.20.0.0 255.255.0.0
default-group-policy policy_1
gateway gateway_1
inservice
end
#3: Test from Pix to router:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: X.X.21.29
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG2
>>DEBUG:
Oct 22 12:07:14 pix535:Oct 22 12:20:28 EDT: %PIX-vpn-3-713902: IP = X.X.21.29, Removing peer from peer table failed, no match!
Oct 22 12:07:14 pix535 :Oct 22 12:20:28 EDT: %PIX-vpn-4-713903: IP = X.X.21.29, Error: Unable to remove PeerTblEntry
#4: test from router to pix:
LA-2800#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
X.X.138.132 X.X.216.29 MM_KEY_EXCH 1017 0 ACTIVE
>>debug
LA-2800#ping 10.1.1.7 source 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
Packet sent with a source address of 10.20.1.1
Oct 22 16:24:33.945: ISAKMP:(0): SA request profile is (NULL)
Oct 22 16:24:33.945: ISAKMP: Created a peer struct for X.X.138.132, peer port 500
Oct 22 16:24:33.945: ISAKMP: New peer created peer = 0x488B25C8 peer_handle = 0x80000013
Oct 22 16:24:33.945: ISAKMP: Locking peer struct 0x488B25C8, refcount 1 for isakmp_initiator
Oct 22 16:24:33.945: ISAKMP: local port 500, remote port 500
Oct 22 16:24:33.945: ISAKMP: set new node 0 to QM_IDLE
Oct 22 16:24:33.945: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 487720A0
Oct 22 16:24:33.945: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Oct 22 16:24:33.945: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-07 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-03 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
Oct 22 16:24:33.945: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Oct 22 16:24:33.945: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Oct 22 16:24:33.945: ISAKMP:(0): beginning Main Mode exchange
Oct 22 16:24:33.945: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_NO_STATE
Oct 22 16:24:33.945: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.049: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_NO_STATE
Oct 22 16:24:34.049: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.049: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Oct 22 16:24:34.049: ISAKMP:(0): processing SA payload. message ID = 0
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:34.053: ISAKMP:(0): local preshared key found
Oct 22 16:24:34.053: ISAKMP : Scanning profiles for xauth ...
Oct 22 16:24:34.053: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Oct 22 16:24:34.053: ISAKMP: encryption DES-CBC
Oct 22 16:24:34.053: ISAKMP: hash SHA
Oct 22 16:24:34.053: ISAKMP: default group 1
Oct 22 16:24:34.053: ISAKMP: auth pre-share
Oct 22 16:24:34.053: ISAKMP: life type in seconds
Oct 22 16:24:34.053: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Oct 22 16:24:34.053: ISAKMP:(0):atts are acceptable. Next payload is 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:actual life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa vpi_length:4
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Oct 22 16:24:34.053: ISAKMP:(0):Returning Actual lifetime: 86400
Oct 22 16:24:34.053: ISAKMP:(0)::Started lifetime timer: 86400.
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.053: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Oct 22 16:24:34.057: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_SA_SETUP
Oct 22 16:24:34.057: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.057: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.057: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Oct 22 16:24:34.181: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_SA_SETUP
Oct 22 16:24:34.181: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.181: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Oct 22 16:24:34.181: ISAKMP:(0): processing KE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0): processing NONCE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0):found peer pre-shared key matching X.X.138.132
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is Unity
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID seems Unity/DPD but major 55 mismatch
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is XAUTH
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): speaking to another IOS box!
Oct 22 16:24:34.221: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.221: ISAKMP:(1018):vendor ID seems Unity/DPD but hash mismatch
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.221: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM4
Oct 22 16:24:34.221: ISAKMP:(1018):Send initial contact
Oct 22 16:24:34.221: ISAKMP:(1018):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Oct 22 16:24:34.221: ISAKMP (0:1018): ID payload
next-payload : 8
type : 1
address : X.X.216.29
protocol : 17
port : 500
length : 12
Oct 22 16:24:34.221: ISAKMP:(1018):Total payload length: 12
Oct 22 16:24:34.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:34.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.225: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.225: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM5
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 198554740
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 812380002
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 773209335..
Success rate is 0 percent (0/5)
LA-2800#
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:44.221: ISAKMP (0:1018): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:44.317: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:44.317: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:44.321: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 96)
Oct 22 16:24:48.849: ISAKMP:(1017):purging SA., sa=469BAD60, delme=469BAD60
Oct 22 16:24:52.313: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:52.313: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.313: ISAKMP:(1018): retransmitting due to retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:52.813: ISAKMP (0:1018): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018): sending packet to X.X138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:52.913: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.913: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 100)
Oct 22 16:25:00.905: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:25:00.905: ISAKMP: set new node 422447177 to QM_IDLE
Oct 22 16:25:03.941: ISAKMP:(1018):SA is still budding. Attached new ipsec request to it. (local 1X.X.216.29, remote X.X.138.132)
Oct 22 16:25:03.941: ISAKMP: Error while processing SA request: Failed to initialize SA
Oct 22 16:25:03.941: ISAKMP: Error while processing KMI message 0, error 2.
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:12.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:22.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:32.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:32.814: ISAKMP:(1018):peer does not do paranoid keepalives.
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP: Unlocking peer struct 0x488B25C8 for isadb_mark_sa_deleted(), count 0
Oct 22 16:25:32.814: ISAKMP: Deleting peer node by peer_reap for X.X.138.132: 488B25C8
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 1112432180 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 422447177 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node -278980615 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 22 16:25:32.814: ISAKMP:(1018):Old State = IKE_I_MM5 New State = IKE_DEST_SA
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 1112432180
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 422447177
Oct 22 16:26:22.816: ISAKMP:(1018):purging node -278980615
Oct 22 16:26:32.816: ISAKMP:(1018):purging SA., sa=487720A0, delme=487720A0
****** The PIX is also used VPN client access , such as Cicso VPN client 5.0, working fine ; Router is used as SSL VPN server, working too
I know there are lots of data here, hopefully these data may be useful for diagnosis purpose.
Any suggestions and advices are greatly appreciated.
SeanHi Sean,
Current configuration:
On the PIX:
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
On the Router:
crypto isakmp policy 1
authentication pre-share
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto isakmp key SECRET address X.X.138.132 no-xauth
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez -
Dears,
Greetings , i asked if can deploy H.323 protocol and MGCP protocol in the same gateway using AS5350XM or AS5400XM Voice gateways and 1 TFTP server and 5 call managers 7.1 .
Regards.Thanks Paolo , the customer request to deploye H.323 for PSTN Line and MGCP for FXO "tellular" connection , i dont know order new VGateway or if it available to reduce tender cost deploye both protocols in the same gateway .
thank you for your response -
PIX515 version 7.0 and router 2811 ver 12.3r8 not able to receive emails from gmail files larger than 2M
MatejLach wrote:
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane. -
BRI IN "TEI_ASSIGNED" AND MGCP
Hello,
We have tried to configure a MGCP gateway with BRI link and CCM 4.1.
The particularity of the link is that, when no calls are active, it remains in "TEI_ASSIGNED" state:
ISDN BRI0/1/0 interface
dsl 2, interface ISDN Switchtype = basic-net3
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 2 CCBs = 0
The Free Channel Mask: 0x80000003
Due to this, MGCP configuration is not working - the CCM seems to not be able to send the call to the BRI. On the other hand, if I configure the gateway with H.323 protocol, calls progress normally.
Is there any way in MGCP configuration of forcing MULTIPLE_FRAME_ESTABLISHED in these type of links??? Thanks.Here is a bug on this.
CSCsc03264 Bug Details
Headline MGCP media bind :INACTIVE after reload when using an interface
Product IOS
Feature Voice Components Duplicate of
Severity 3 Severity help Status Resolved Status help
First Found-in Version 12.3T All affected versions First Fixed-in Version
12.4(6.5)T, 12.4(6.6), 12.3(11)T10, 12.4(2)T04, 12.4(4)T02, 12.3(14)T07,
12.4(03d), 12.4(05b), 12.4(6)T01 Version help
Release Notes
MGCP bind to interface vlan may become inactive after reload.
Workaround: Use a loopback interface in the bind command.
Here is my usage:
interface Loopback0
description ABC Corp IPT
ip address XXX.XXX.XXX.XXX 255.255.255.255 -->IP of this Interface Reachable from Call MGR
h323-gateway voip interface
h323-gateway voip bind srcaddr XXX.XXX.XXX.XXX --> IP of this Interface same as above
interface Serial0/0:23
isdn switch-type primary-ni
isdn incoming-voice voice
isdn bind-l3 ccm-manager
mgcp
mgcp call-agent xxx.xxx.xxx.xxx 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp modem passthrough voip mode nse
no mgcp fax t38 ecm
mgcp bind control source-interface Loopback0
mgcp bind media source-interface Loopback0
mgcp profile default
Refrences
Cisco IOS MGCP with PRI configuration
http://www.cisco.com/en/US/partner/tech/tk652/tk701/technologies_configuration_example09186a00801ad22f.shtml
Interworking of IOS MGCP Gateway and Call Manager
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5012/products_feature_guide09186a0080087fd9.html
Configuring SRST and MGCP Fallback
http://www.cisco.com/en/US/partner/tech/tk652/tk701/technologies_tech_note09186a0080144630.shtml
Understanding MGCP Interactions with Cisco CallManager
http://www.cisco.com/en/US/partner/tech/tk652/tk701/technologies_tech_note09186a00801da84e.shtml -
Cisco Call Manager and MGCP Question
Hello,
I appreciate if somebody can help.
Scenario:
Site 1 PSTN E1----VG----Call Manager----VG--- PABX---Site 2 PSTN1 E1
I have configured a dialing pattern on Cisco call manager 6.xxxxxx to Send to VG on Site1
Both VG routers are using MGCP with call Manager.
The problem if from Site 2 tries to call 6xxxxxx the call manager is not routing the call to the VG in site 1.
I did debug ccapi inout and on Site 2 VG the call response was the number unassigned. This means that the call Manager is searching the directory for the destination but it is not searching the route patterns.
Any ideas to override this and ask the call manager to check it's destination pattern?
Thanks,Problem solved. The VG in Site 2 was in a CSS that is not allowed to dial PSTN.
Regards, -
CUCM 9.1.1 - MGCP gateway won't register to my 2811
Hello
I am trying to add a MGCP gateway on a 2811.
I have configured as per the book, but it is not registering,
here is my Router config:
2811 uptime is 2 hours, 4 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-adventerprisek9-mz.124-11.XJ4.bin"
Cisco 2811 (revision 53.50) with 509952K/14336K bytes of memory.
Processor board ID FHK1302F0YV
3 FastEthernet interfaces
24 Serial interfaces
1 Channelized T1/PRI port
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
2811#sh run
Building configuration...
Current configuration : 7125 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname 2811
boot-start-marker
boot-end-marker
card type t1 0 2
enable secret 5 $1$ax07$1yOFpGS1rHGYm873l9n9q/
no aaa new-model
clock timezone PCLAIRE -5
clock summer-time PCLAIRE recurring
network-clock-participate wic 2
network-clock-select 1 T1 0/2/0
ip cef
no ip dhcp use vrf connected
ip domain name homelab.local
multilink bundle-name authenticated
isdn switch-type primary-ni
voice-card 0
dspfarm
dsp services dspfarm
controller T1 0/2/0
framing esf
linecode b8zs
pri-group timeslots 1-24
description Home_PBX
vlan internal allocation policy ascending
interface FastEthernet0/0/0
description To Home Network$ETH-LAN$
ip address 192.168.15.50 255.255.255.0
duplex auto
speed auto
interface Serial0/2/0:23
description Home_PBX
no ip address
encapsulation ppp
isdn switch-type primary-ni
isdn incoming-voice voice
control-plane
voice-port 0/2/0:23
description Home_PBX
ccm-manager mgcp
ccm-manager config server 192.168.15.11 - THIS IS THE SUBSCRIBER , SHOULD IT BE THE PUBLISHER ?
ccm-manager config
mgcp
gateway
timer receive-rtp 1200
Here is what I get:
2811(config)#do sh ccm-manager
MGCP Domain Name: 2811.homelab.local
Priority Status Host
============================================================
Primary None
First Backup None
Second Backup None
Current active Call Manager: None
Backhaul/Redundant link port: 2428
Failover Interval: 30 seconds
Keepalive Interval: 15 seconds
Last keepalive sent: 09:55:04 PCLAIRE Jan 16 2014 (elapsed time: 02:00:24)
Last MGCP traffic time: 11:34:19 PCLAIRE Jan 16 2014 (elapsed time: 00:21:08)
Last failover time: None
Last switchback time: None
Switchback mode: Graceful
MGCP Fallback mode: Not Selected
Last MGCP Fallback start time: None
Last MGCP Fallback end time: None
MGCP Download Tones: Disabled
Backhaul/Redundant link is down
Configuration Auto-Download Information
=======================================
No configurations downloaded
Current state: Downloading XML file
Configuration Download statistics:
Download Attempted : 1
Download Successful : 1
Download Failed : 0
Configuration Attempted : 0
Configuration Successful : 0
Configuration Failed(Parsing): 0
Configuration Failed(config) : 0
Last config download command:
FAX mode: cisco
Configuration Error History:
2811(config)#
Any help greatly appreciated
John BachmanStill same problem, I have erased all that related to mgcp on my router, to start from scratch
2811(config)#controller T1 0/2/0
2811(config-controller)#pri-group timeslots 1-24 service mgcp
Cannot overwrite no serv type with one. Unconfigure existing configuration and reconfigure
2811(config-controller)#
Where is this error coming from ??
Here is what I want to try:
192.168.15.10 - pub
192.168.15.11 - sub
controller T1 0/2/0
pri-group timeslots 1-24 service mgcp
interface Serial0/0/0:23
isdn bind-l3 ccm-manager
ccm-manager config server 192.168.15.10 192.168.15.11
ccm-manager config
ccm-manager redundant-host 192.168.15.11
ccm-manager mgcp
mgcp
mgcp call-agent 192.168.15.10 service-type mgcp version 0.1 -
MGCP PRI - UpDown logs difference between Telco Issue and Network issue
Hi,
Setup is remote site MGCP Gateway and CUCM is on HQ. I'm suspecting the below logs and what caused its flap but not 100% sure, is this correct?
Logs caused by connection to Telco
021987: Jan 14 18:15:45.708: %CONTROLLER-5-UPDOWN: Controller E1 0/3/0, changed state to down (AIS detected)
021988: Jan 14 18:15:45.712: %CONTROLLER-5-UPDOWN: Controller E1 0/3/1, changed state to down (AIS detected)
021989: Jan 14 18:15:46.692: %CONTROLLER-5-UPDOWN: Controller E1 0/2/0, changed state to down (AIS detected)
021990: Jan 14 18:15:46.692: %CONTROLLER-5-UPDOWN: Controller E1 0/2/1, changed state to down (AIS detected)
021991: Jan 14 18:15:46.692: %CONTROLLER-5-UPDOWN: Controller E1 0/2/2, changed state to down (AIS detected)
021992: Jan 14 18:15:46.696: %CONTROLLER-5-UPDOWN: Controller E1 0/2/3, changed state to down (AIS detected)
021993: Jan 14 18:15:46.912: %MARS_NETCLK-3-HOLDOVER: Entering Holdover for Controller E1 0/2/0
021994: Jan 14 18:15:47.708: %LINK-3-UPDOWN: Interface Serial0/3/0:15, changed state to down
021995: Jan 14 18:15:47.712: %LINK-3-UPDOWN: Interface Serial0/3/1:15, changed state to down
021996: Jan 14 18:15:48.692: %LINK-3-UPDOWN: Interface Serial0/2/1:15, changed state to down
021997: Jan 14 18:15:48.696: %LINK-3-UPDOWN: Interface Serial0/2/2:15, changed state to down
021998: Jan 14 18:15:48.696: %LINK-3-UPDOWN: Interface Serial0/2/3:15, changed state to down
021999: Jan 14 18:15:49.692: %CONTROLLER-5-UPDOWN: Controller E1 0/2/0, changed state to up
022000: Jan 14 18:15:49.700: %CONTROLLER-5-UPDOWN: Controller E1 0/2/1, changed state to up
022001: Jan 14 18:15:49.708: %CONTROLLER-5-UPDOWN: Controller E1 0/2/3, changed state to up
022002: Jan 14 18:15:51.700: %LINK-3-UPDOWN: Interface Serial0/2/1:15, changed state to up
022003: Jan 14 18:15:51.708: %LINK-3-UPDOWN: Interface Serial0/2/3:15, changed state to up
022004: Jan 14 18:15:52.164: %MARS_NETCLK-3-HOLDOVER: Exiting Holdover for Controller E1 0/2/0
022005: Jan 14 18:15:53.692: %CONTROLLER-5-UPDOWN: Controller E1 0/2/2, changed state to up
022006: Jan 14 18:15:53.708: %CONTROLLER-5-UPDOWN: Controller E1 0/3/0, changed state to up
022007: Jan 14 18:15:53.716: %CONTROLLER-5-UPDOWN: Controller E1 0/3/1, changed state to up
022008: Jan 14 18:15:55.692: %LINK-3-UPDOWN: Interface Serial0/2/2:15, changed state to up
022009: Jan 14 18:15:55.708: %LINK-3-UPDOWN: Interface Serial0/3/0:15, changed state to up
022010: Jan 14 18:15:55.716: %LINK-3-UPDOWN: Interface Serial0/3/1:15, changed state to up
Logs caused by network connectivity issue between CUCM and MGCP Gateway
021869: Jan 7 10:05:00.763: %LINK-5-CHANGED: Interface Serial0/2/2:15, changed state to administratively down
021870: Jan 7 10:05:01.371: %SYS-5-CONFIG_I: Configured from console by console
021871: Jan 7 10:05:02.575: %SYS-5-CONFIG_I: Configured from console by console
021872: Jan 7 10:05:02.667: %LINK-5-CHANGED: Interface Serial0/2/3:15, changed state to administratively down
021873: Jan 7 10:05:03.275: %SYS-5-CONFIG_I: Configured from console by console
021874: Jan 7 10:05:04.479: %SYS-5-CONFIG_I: Configured from console by console
021875: Jan 7 10:05:04.571: %LINK-5-CHANGED: Interface Serial0/3/0:15, changed state to administratively down
021876: Jan 7 10:05:05.179: %SYS-5-CONFIG_I: Configured from console by console
021877: Jan 7 10:05:06.475: %LINK-5-CHANGED: Interface Serial0/3/1:15, changed state to administratively down
021878: Jan 7 10:05:08.391: %SYS-5-CONFIG_I: Configured from console by console
021879: Jan 7 10:05:09.603: %SYS-5-CONFIG_I: Configured from console by console
021880: Jan 7 10:05:10.815: %SYS-5-CONFIG_I: Configured from console by console
021881: Jan 7 10:05:11.591: %LINK-3-UPDOWN: Interface Serial0/2/1:15, changed state to up
021882: Jan 7 10:05:12.027: %SYS-5-CONFIG_I: Configured from console by console
021883: Jan 7 10:05:12.803: %LINK-3-UPDOWN: Interface Serial0/2/2:15, changed state to up
021884: Jan 7 10:05:13.239: %SYS-5-CONFIG_I: Configured from console by console
021885: Jan 7 10:05:14.015: %LINK-3-UPDOWN: Interface Serial0/2/3:15, changed state to up
021886: Jan 7 10:05:14.451: %SYS-5-CONFIG_I: Configured from console by console
021887: Jan 7 10:05:15.227: %LINK-3-UPDOWN: Interface Serial0/3/0:15, changed state to up
021888: Jan 7 10:05:16.439: %LINK-3-UPDOWN: Interface Serial0/3/1:15, changed state to up
021889: Jan 7 10:05:39.379: %SYS-5-CONFIG_I: Configured from console by console
021890: Jan 7 10:05:40.079: %SYS-5-CONFIG_I: Configured from console by console
021891: Jan 7 10:05:41.783: %SYS-5-CONFIG_I: Configured from console by console
021892: Jan 7 10:05:42.483: %SYS-5-CONFIG_I: Configured from console by console
021893: Jan 7 10:05:43.779: %LINK-5-CHANGED: Interface Serial0/2/1:15, changed state to administratively down
021894: Jan 7 10:05:44.187: %SYS-5-CONFIG_I: Configured from console by console
021895: Jan 7 10:05:44.887: %SYS-5-CONFIG_I: Configured from console by console
021896: Jan 7 10:05:46.183: %LINK-5-CHANGED: Interface Serial0/2/2:15, changed state to administratively down
021897: Jan 7 10:05:46.591: %SYS-5-CONFIG_I: Configured from console by console
021898: Jan 7 10:05:47.291: %SYS-5-CONFIG_I: Configured from console by console
021899: Jan 7 10:05:48.587: %LINK-5-CHANGED: Interface Serial0/2/3:15, changed state to administratively down
021900: Jan 7 10:05:48.995: %SYS-5-CONFIG_I: Configured from console by console
021901: Jan 7 10:05:49.695: %SYS-5-CONFIG_I: Configured from console by console
021902: Jan 7 10:05:50.991: %LINK-5-CHANGED: Interface Serial0/3/0:15, changed state to administratively down
021903: Jan 7 10:05:51.399: %SYS-5-CONFIG_I: Configured from console by console
021904: Jan 7 10:05:52.099: %SYS-5-CONFIG_I: Configured from console by console
021905: Jan 7 10:05:53.395: %LINK-5-CHANGED: Interface Serial0/3/1:15, changed state to administratively down
021906: Jan 7 10:05:55.811: %SYS-5-CONFIG_I: Configured from console by console
021907: Jan 7 10:05:57.023: %SYS-5-CONFIG_I: Configured from console by console
021908: Jan 7 10:05:58.235: %SYS-5-CONFIG_I: Configured from console by console
021909: Jan 7 10:05:59.011: %LINK-3-UPDOWN: Interface Serial0/2/1:15, changed state to up
021910: Jan 7 10:05:59.447: %SYS-5-CONFIG_I: Configured from console by console
021911: Jan 7 10:06:00.223: %LINK-3-UPDOWN: Interface Serial0/2/2:15, changed state to up
021912: Jan 7 10:06:00.659: %SYS-5-CONFIG_I: Configured from console by console
021913: Jan 7 10:06:01.435: %LINK-3-UPDOWN: Interface Serial0/2/3:15, changed state to up
021914: Jan 7 10:06:01.871: %SYS-5-CONFIG_I: Configured from console by console
021915: Jan 7 10:06:02.647: %LINK-3-UPDOWN: Interface Serial0/3/0:15, changed state to up
021916: Jan 7 10:06:03.859: %LINK-3-UPDOWN: Interface Serial0/3/1:15, changed state to up
thanks in advance!!Here it is.. what is it you're looking for? i'm suspecting the above difference between %LINK-5-CHANGED (network issue) vs %LINK-3-UPDOWN (telco issue)
E1 0/2/0 is up.
Applique type is Channelized E1 - balanced
Description:
No alarms detected.
alarm-trigger is not set
Version info FPGA Rev: 08121917, FPGA Type: PRK4
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
International Bit: 1, National Bits: 11111
Data in current interval (71 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 330 Path Code Violations,
0 Slip Secs, 6 Fr Loss Secs, 0 Line Err Secs, 1 Degraded Mins,
7 Errored Secs, 5 Bursty Err Secs, 2 Severely Err Secs, 2147417995 Unavail Secs
E1 0/2/1 is up.
Applique type is Channelized E1 - balanced
Description:
No alarms detected.
alarm-trigger is not set
Version info FPGA Rev: 08121917, FPGA Type: PRK4
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
International Bit: 1, National Bits: 11111
Data in current interval (72 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 314 Path Code Violations,
0 Slip Secs, 5 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
8 Errored Secs, 6 Bursty Err Secs, 2 Severely Err Secs, 2147418015 Unavail Secs
E1 0/2/2 is up.
Applique type is Channelized E1 - balanced
Description:
No alarms detected.
alarm-trigger is not set
Version info FPGA Rev: 08121917, FPGA Type: PRK4
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
International Bit: 1, National Bits: 11111
Data in current interval (75 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 344 Path Code Violations,
0 Slip Secs, 12 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
16 Errored Secs, 4 Bursty Err Secs, 5 Severely Err Secs, 2147418015 Unavail Secs
E1 0/2/3 is up.
Applique type is Channelized E1 - balanced
Description:
No alarms detected.
alarm-trigger is not set
Version info FPGA Rev: 08121917, FPGA Type: PRK4
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
International Bit: 1, National Bits: 11111
Data in current interval (103 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 448 Path Code Violations,
0 Slip Secs, 5 Fr Loss Secs, 0 Line Err Secs, 1 Degraded Mins,
7 Errored Secs, 5 Bursty Err Secs, 2 Severely Err Secs, 2147418002 Unavail Secs
E1 0/3/0 is up.
Applique type is Channelized E1 - balanced
Description:
No alarms detected.
alarm-trigger is not set
Version info FPGA Rev: 08121917, FPGA Type: PRK4
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
International Bit: 1, National Bits: 11111
Data in current interval (104 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 299 Path Code Violations,
0 Slip Secs, 8 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
11 Errored Secs, 5 Bursty Err Secs, 0 Severely Err Secs, 2147418017 Unavail Secs -
Trouble with my T1's and E1's in the lab - please help.... :-)
I'm working through my CCIE Voice/Collaboration training materials and am just about finished with the physical construction of the lab. At this time I'm just going to install a new T1 card into my BR1 router and I'm trying to get my T1 to HQ (HQ router) and my E1 to BR2 (Branch2 router) up and running. I am enclosing the "show run", "show isdn status" and "show e1/t1 controller" outputs. I am using a 2801 for my HQ router, a 2851 for my PSTN/IP-WAN router, and a 2811 for my BR2 router.
I am using a T1 cable RJ-48C/RJ-48C. I'm embarassed to say it - but I don't have a cable tester at the time. I lended my backup out to a friend and my primary one is not working. I'm also not 100% sure that I'm using the correct cable. I have VWIC2-2MFT-T1/E1 cards in my routers and I have a 2851 (PSTN router) setup to give connectivity via the T1's to HQ and BR1 and E1 connectivity to BR2. I have taken the liberty of attaching my configs, as mentioned I don't think I have cable issues because this is the case with all my cables.
Main issue, in the "show isdn stat" the layer 1 status is "deactivated" and when I do a shut/no shut the status goes to "shutdown" and doesn't come back up despite my efforts to enable the interface. The only way to fix it is to reboot the router. I've got to be missing something - I just want to get my T1's and E1 up for my CCIE Lab. I'm building my lab based on the CCIE Voice specification and have the ability to get it modified eventually to fit the CCIE Collaboration lab.
***PLEASE go easy on me - I'm sure there is a fundamental configuration item or concept I'm not thinking about so I'm preparing to look like a fool - but that's okay....it's part of learning. :-) ***
Any help would be so much appreciated. All configs are pasted below.......
==========================================================
=================START OF BR2 CONFIG=======================
BR2_RTR#show controllers e1
E1 0/0/0 is down.
Applique type is Channelized E1 - balanced
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Version info Firmware: 20100222, FPGA: 13, spm_count = 0
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
Data in current interval (895 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 895 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
BR2_RTR#show isdn stat
Global ISDN Switchtype = primary-net5
ISDN Serial0/0/0:15 interface
dsl 0, interface ISDN Switchtype = primary-net5
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
Total Allocated ISDN CCBs = 0
BR2_RTR#show inventory
NAME: "2811 chassis", DESCR: "2811 chassis"
PID: CISCO2811 , VID: V06 , SN: FTX1328A0D3
NAME: "VWIC2-1MFT-T1/E1 - 1-Port RJ-48 Multiflex Trunk - T1/E1 on Slot 0 SubSlot 0", DESCR: "VWIC2-1MFT-T1/E1 - 1-Port RJ-48 Multiflex Trunk - T1/E1"
PID: VWIC2-1MFT-T1/E1 , VID: V01 , SN: FOC11271UAU
NAME: "WAN Interface Card - Serial 2T on Slot 0 SubSlot 1", DESCR: "WAN Interface Card - Serial 2T"
PID: WIC-2T , VID: V01, SN: 35759031
NAME: "PVDMII DSP SIMM with three DSPs on Slot 0 SubSlot 5", DESCR: "PVDMII DSP SIMM with three DSPs"
PID: PVDM2-48 , VID: V01 , SN: FOC12221GJE
NAME: "AIM Service Engine 0", DESCR: "AIM Service Engine"
PID: AIM-CUE , VID: V03 , SN: FOC11505K9D
NAME: "16 Port 10BaseT/100BaseTX EtherSwitch on Slot 1", DESCR: "16 Port 10BaseT/100BaseTX EtherSwitch"
PID: NM-16ESW= , VID: 1.0, SN: FOC09245Q0H
NAME: "Power daughter card for 16 port EtherSwitch NM on Slot 1 SubSlot 0", DESCR: "Power daughter card for 16 port EtherSwitch NM"
PID: , VID: 1.0, SN: FOC09243VGH
NAME: "Gigabit(1000BaseT) module for EtherSwitch NM on Slot 1 SubSlot 1", DESCR: "Gigabit(1000BaseT) module for EtherSwitch NM"
PID: , VID: 1.0, SN: FOC092034R1
BR2_RTR#
BR2_RTR#
BR2_RTR#
BR2_RTR#
BR2_RTR#
BR2_RTR#show run
Building configuration...
Current configuration : 9148 bytes
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname BR2_RTR
boot-start-marker
boot-end-marker
card type e1 0 0
enable secret 5 $1$kYuC$TYARPnIw8mjqiVM3CqM15.
no aaa new-model
clock timezone CET 1 0
clock summer-time CET recurring 1 Sun Apr 1:00 last Sun Oct 1:00
network-clock-participate wic 0
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.30.1 192.168.30.49
ip dhcp excluded-address 192.168.30.70 192.168.30.254
ip dhcp pool PHONES
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
option 150 ip 3.3.3.3
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type primary-net5
voice service voip
allow-connections sip to sip
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
registrar server expires max 600 min 60
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class h323 1
h225 timeout tcp establish 3
voice register global
mode cme
source-address 3.3.3.3 port 5060
max-dn 20
max-pool 10
load 7960-7940 P0S3-08-6-00
authenticate register
tftp-path flash:
create profile sync 1684632613172238
voice register dn 1
number 3005
name BR2_Phone3
voice register dn 2
number 3006
name BR2_Phone4
voice register template 1
no conference enable
voice register dialplan 1
type 7940-7960-others
pattern 1 3...
pattern 2 999
voice register pool 1
id mac 0008.E31B.7CD4
type 7960
number 1 dn 1
template 1
dtmf-relay sip-notify
username 3005 password cisco
description 3214-3005
codec g711ulaw
voice translation-rule 1
rule 1 /^\(3...$\)/ /3214\1/
voice translation-rule 2
rule 1 /^32143/ /3/
rule 2 /^\+3432143/ /3/
voice translation-rule 3000
rule 1 /^3000/ /1002/
voice translation-profile 3000
translate called 3000
voice translation-profile 4digitDNIS
translate called 2
voice translation-profile 8digitANI
translate calling 1
voice-card 0
crypto pki token default removal timeout 0
license udi pid CISCO2811 sn FTX1328A0D3
redundancy
controller E1 0/0/0
pri-group timeslots 1-3,16
interface Loopback0
ip address 3.3.3.3 255.255.255.255
h323-gateway voip bind srcaddr 3.3.3.3
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface Service-Engine0/0
no ip address
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.21
description BR2-PHONES(RTR on a stick)
encapsulation dot1Q 21
ip address 192.168.30.1 255.255.255.0
interface FastEthernet0/1.22
description BR2-DATA(RTR on a stick)
encapsulation dot1Q 22
ip address 192.168.31.1 255.255.255.0
interface Serial0/0/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
isdn bchan-number-order ascending
isdn outgoing display-ie
no cdp enable
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
interface Serial0/1/1
description BR2-RTR_IP-WAN
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
interface Serial0/1/1.1 point-to-point
ip address 10.1.1.2 255.255.255.128
frame-relay interface-dlci 301
interface FastEthernet1/0
description BR2-PHONE1
switchport mode trunk
switchport voice vlan 40
no ip address
spanning-tree portfast
interface FastEthernet1/1
description BR2-PHONE2
switchport mode trunk
switchport voice vlan 40
no ip address
spanning-tree portfast
interface FastEthernet1/2
no ip address
interface FastEthernet1/3
no ip address
interface FastEthernet1/4
no ip address
interface FastEthernet1/5
no ip address
interface FastEthernet1/6
no ip address
interface FastEthernet1/7
no ip address
interface FastEthernet1/8
no ip address
interface FastEthernet1/9
no ip address
interface FastEthernet1/10
no ip address
interface FastEthernet1/11
no ip address
interface FastEthernet1/12
no ip address
interface FastEthernet1/13
no ip address
interface FastEthernet1/14
no ip address
interface FastEthernet1/15
no ip address
interface GigabitEthernet1/0
no ip address
interface Vlan1
no ip address
interface Vlan30
description PHONES-VLAN-FOR-LAYER3-SWITCHING
no ip address
shutdown
interface Vlan31
description DATA-VLAN-FOR-LAYER3-SWITCHING
no ip address
shutdown
router ospf 1
network 3.3.3.3 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 0
network 192.168.31.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
ip forward-protocol nd
ip http server
no ip http secure-server
ip http path flash:/GUI
ip route 192.168.100.0 255.255.255.0 10.1.1.1
tftp-server flash:Desktops/320x212x12/CampusNight.png
tftp-server flash:Desktops/320x212x12/CiscoFountain.png
tftp-server flash:Desktops/320x212x12/MorroRock.png
tftp-server flash:Desktops/320x212x12/NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/TN-CampusNight.png
tftp-server flash:Desktops/320x212x12/TN-CiscoFountain.png
tftp-server flash:Desktops/320x212x12/TN-Fountain.png
tftp-server flash:Desktops/320x212x12/TN-MorroRock.png
tftp-server flash:Desktops/320x212x12/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x12/Fountain.png
tftp-server flash:Desktops/320x212x12/CiscoLogo.png
tftp-server flash:Desktops/320x212x12/TN-CiscoLogo.png
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:ringtones/Analog1.raw
tftp-server flash:ringtones/Analog2.raw
tftp-server flash:ringtones/AreYouThere.raw
tftp-server flash:ringtones/AreYouThereF.raw
tftp-server flash:ringtones/Bass.raw
tftp-server flash:ringtones/CallBack.raw
tftp-server flash:ringtones/Chime.raw
tftp-server flash:ringtones/Classic1.raw
tftp-server flash:ringtones/Classic2.raw
tftp-server flash:ringtones/ClockShop.raw
tftp-server flash:ringtones/DistinctiveRingList.xml
tftp-server flash:ringtones/Drums1.raw
tftp-server flash:ringtones/Drums2.raw
tftp-server flash:ringtones/FilmScore.raw
tftp-server flash:ringtones/HarpSynth.raw
tftp-server flash:ringtones/Jamaica.raw
tftp-server flash:ringtones/KotoEffect.raw
tftp-server flash:ringtones/MusicBox.raw
tftp-server flash:ringtones/Piano1.raw
tftp-server flash:ringtones/Piano2.raw
tftp-server flash:ringtones/Pop.raw
tftp-server flash:ringtones/Pulse1.raw
tftp-server flash:ringtones/Ring1.raw
tftp-server flash:ringtones/Ring2.raw
tftp-server flash:ringtones/Ring3.raw
tftp-server flash:ringtones/Ring4.raw
tftp-server flash:ringtones/Ring5.raw
tftp-server flash:ringtones/Ring6.raw
tftp-server flash:ringtones/Ring7.raw
tftp-server flash:ringtones/RingList.xml
tftp-server flash:ringtones/Sax1.raw
tftp-server flash:ringtones/Sax2.raw
tftp-server flash:ringtones/Vibe.raw
tftp-server flash:PHONE/7940-7960/P0S3-08-6-00.loads alias P0S3-08-6-00.loads
tftp-server flash:PHONE/7940-7960/P0S3-08-6-00.sb2 alias P0S3-08-6-00.sb2
tftp-server flash:PHONE/7940-7960/P0S3-08-6-00.bin alias P0S3-08-6-00.bin
tftp-server flash:PHONE/7940-7960/P0S3-08-6-00.sbn alias P0S3-08-6-00.sbn
control-plane
voice-port 0/0/0:15
translation-profile outgoing 4digitDNIS
mgcp profile default
dial-peer voice 999 pots
translation-profile outgoing 8digitANI
destination-pattern 999
port 0/0/0:15
forward-digits 3
dial-peer voice 1 voip
incoming called-number .
dial-peer voice 901134 pots
destination-pattern 901134T
port 0/0/0:15
dial-peer voice 3000 voip
translation-profile outgoing 3000
destination-pattern 3000
session target ipv4:192.168.15.23
voice-class codec 1
voice-class h323 1
telephony-service
no auto-reg-ephone
max-ephones 10
max-dn 20
ip source-address 3.3.3.3 port 2000
network-locale ES
time-format 24
date-format dd-mm-yy
max-conferences 8 gain -6
web admin system name admin password cisco
dn-webedit
transfer-system full-consult
create cnf-files version-stamp 7960 Jan 23 2014 05:43:52
ephone-template 1
softkeys connected Hold Select Trnsfer Endcall HLog Park
ephone-dn 1
number 3001
name BR2_Phone1
ephone-dn 2
number 3002
name BR2_Phone2
ephone 1
device-security-mode none
description 3214-3001
mac-address 0008.A3FD.3A32
ephone-template 1
max-calls-per-button 5
busy-trigger-per-button 3
type 7960
button 1:1
ephone 2
device-security-mode none
description 3214-3002
mac-address 0017.E0C6.E232
ephone-template 1
max-calls-per-button 5
busy-trigger-per-button 3
type 7961
button 1:2
banner motd ^CBR2 ROUTER CUCME/CUE^C
line con 0
password cisco
logging synchronous
login
line aux 0
line 194
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
transport input all
scheduler allocate 20000 1000
ntp server 172.30.1.2
end
===========END OF BR2 CONFIG=================
===========START OF HQ CONFIG================
HQ-RTR#show inventory
NAME: "chassis", DESCR: "2801 chassis"
PID: CISCO2801 , VID: V02 , SN: FTX1016Y07Z
NAME: "motherboard", DESCR: "C2801 Motherboard with 2 Fast Ethernet"
PID: CISCO2801 , VID: V02 , SN: FOC10140N6M
NAME: "WIC/VIC 2", DESCR: "Two port T1 voice interface daughtercard"
PID: VWIC-2MFT-T1= , VID: 1.0, SN: 32867042
NAME: "WIC/VIC/HWIC 3", DESCR: "WAN Interface Card - Serial 2T"
PID: WIC-2T= , VID: 1.0, SN: 32195023
NAME: "PVDM 0", DESCR: "PVDMII DSP SIMM with three DSPs"
PID: PVDM2-48 , VID: V01 , SN: FOC132935YB
HQ-RTR#
HQ-RTR#show controllers t1
T1 0/2/0 is down.
Applique type is Channelized T1
Cablelength is long gain36 0db
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Line.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (709 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 709 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
T1 0/2/1 is down.
Applique type is Channelized T1
Cablelength is long gain36 0db
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Line.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (709 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 709 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
HQ-RTR#show isdn stat
Global ISDN Switchtype = primary-ni
ISDN Serial0/2/0:23 interface
dsl 0, interface ISDN Switchtype = primary-ni
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
Total Allocated ISDN CCBs = 0
HQ-RTR#
HQ-RTR#show run
Building configuration...
Current configuration : 6734 bytes
! Last configuration change at 02:32:03 UTC Tue Feb 4 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname HQ-RTR
boot-start-marker
boot-end-marker
logging buffered 512000 informational
enable secret 5 $1$K8GP$JbYRetpgnaxvy2wnjrPDW/
no aaa new-model
network-clock-participate wic 2
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.12.1 192.168.12.10
ip dhcp excluded-address 192.168.13.1 192.168.13.10
ip dhcp excluded-address 192.168.14.1 192.168.14.10
ip dhcp excluded-address 192.168.16.1 192.168.16.10
ip dhcp excluded-address 192.168.17.1 192.168.17.10
ip dhcp pool HQ-BR1-Pool
import all
network 192.168.11.0 255.255.255.0
option 150 ip 10.10.210.10
default-router 192.168.11.1
domain-name proctorlabs.com
dns-server 8.8.4.4 8.8.8.8
lease 8
ip dhcp pool BR2-Pool
import all
network 192.168.12.0 255.255.255.0
option 150 ip 10.10.202.1
default-router 192.168.12.1
domain-name proctorlabs.com
dns-server 8.8.4.4 8.8.8.8
lease 8
ip dhcp pool PSTN-Pool
import all
network 192.168.13.0 255.255.255.0
option 150 ip 10.10.100.2
default-router 192.168.13.1
domain-name proctorlabs.com
dns-server 8.8.4.4 8.8.8.8
lease 8
ip dhcp pool Laptop-Pool
import all
network 192.168.14.0 255.255.255.0
default-router 192.168.14.1
domain-name proctorlabs.com
dns-server 8.8.4.4 8.8.8.8
lease 8
ip dhcp pool WIRELESS-HOME
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 4.2.2.2
domain-name proctorlabs.com
lease 8
ip cef
no ip domain lookup
ip domain name proctorlabs.com
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type primary-ni
voice service voip
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice-card 0
crypto pki token default removal timeout 0
license udi pid CISCO2801 sn FTX1016Y07Z
archive
log config
hidekeys
controller T1 0/2/0
pri-group timeslots 1-3,24
controller T1 0/2/1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
description (Outside Public Interface)
ip address dhcp
ip access-group FW-IN in
no ip unreachables
ip mtu 1300
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.11
description (Inside Private Interface)
encapsulation dot1Q 11
ip address 192.168.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.12
description (Inside Private Interface)
encapsulation dot1Q 12
ip address 192.168.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.13
description (Inside Private Interface)
encapsulation dot1Q 13
ip address 192.168.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.14
description (Inside Private Interface)
encapsulation dot1Q 14
ip address 192.168.14.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.15
description LAB-SERVERS
encapsulation dot1Q 15
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.16
description WIRELESS-HOME
encapsulation dot1Q 16
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.17
description LAB-HQ-PHONES
encapsulation dot1Q 17
ip address 192.168.17.1 255.255.255.0
ip helper-address 192.168.15.22
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.18
description LAB-HQ-DATA
encapsulation dot1Q 18
ip address 192.168.18.1 255.255.255.0
ip helper-address 192.168.15.22
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.501
description PSTN-RTR_MGMT-NETWORK
encapsulation dot1Q 501
ip address 172.30.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Serial0/2/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
isdn outgoing display-ie
no cdp enable
interface Serial0/3/0
description HQ-RTR_IP-WAN
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
interface Serial0/3/0.1 point-to-point
ip address 10.1.1.1 255.255.255.128
ip ospf mtu-ignore
snmp trap link-status
frame-relay interface-dlci 103
interface Serial0/3/0.2 point-to-point
ip address 10.1.1.129 255.255.255.128
ip ospf mtu-ignore
snmp trap link-status
frame-relay interface-dlci 102
interface Serial0/3/1
no ip address
shutdown
clock rate 2000000
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
network 172.30.1.0 0.0.0.3 area 0
network 192.168.0.0 0.0.255.255 area 0
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.0.1 254
ip route 192.168.100.0 255.255.255.0 172.30.1.2
ip route 0.0.0.0 0.0.0.0 dhcp
access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 102 permit udp any any eq bootps
access-list 102 permit udp any any eq bootpc
access-list 102 permit udp any eq bootpc any
access-list 102 permit udp any eq bootps any
disable-eadi
control-plane
voice-port 0/2/0:23
mgcp fax t38 ecm
mgcp profile default
dial-peer voice 91212 pots
description PSTN-CALLS-TO-NYC-AREA-CODE
destination-pattern 91212T
port 0/2/0:23
forward-digits all
dial-peer voice 1 pots
description INCOMING-DIAL-PEER_PSTN
incoming called-number .
direct-inward-dial
port 0/2/0:23
dial-peer voice 1000 voip
destination-pattern 2123941...
session protocol sipv2
session target ipv4:192.168.15.23
incoming called-number .
voice-class codec 1
dtmf-relay rtp-nte
no vad
dial-peer voice 1001 voip
preference 1
destination-pattern 2123941...
session protocol sipv2
session target ipv4:192.168.15.22
incoming called-number .
voice-class codec 1
dtmf-relay rtp-nte
no vad
sip-ua
retry invite 2
timers trying 300
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
exec-timeout 30 0
privilege level 15
password cisco
logging synchronous
login
transport input telnet ssh
line vty 5 15
exec-timeout 30 0
privilege level 15
password cisco
logging synchronous
login
transport input telnet ssh
scheduler allocate 20000 1000
end
HQ-RTR#
=============END OF HQ CONFIG=============
=======START OF PSTN-IP-WAN_RTR CONFIG=========
PSTN_IP-WAN_RTR#show inventory
NAME: "2851 chassis", DESCR: "2851 chassis"
PID: CISCO2851 , VID: V01 , SN: FTX0922A1E7
NAME: "VWIC2-2MFT-T1/E1 - 2-Port RJ-48 Multiflex Trunk - T1/E1 on Slot 0 SubSlot 0", DESCR: "VWIC2-2MFT-T1/E1 - 2-Port RJ-48 Multiflex Trunk - T1/E1"
PID: VWIC2-2MFT-T1/E1 , VID: V01 , SN: FOC11063UF9
NAME: "WAN Interface Card - Serial 2T on Slot 0 SubSlot 1", DESCR: "WAN Interface Card - Serial 2T"
PID: WIC-2T , VID: V01, SN: 35845606
NAME: "Two port T1 voice interface daughtercard on Slot 0 SubSlot 2", DESCR: "Two port T1 voice interface daughtercard"
PID: VWIC-2MFT-T1= , VID: 1.0, SN: 29803060
NAME: "WAN Interface Card - Serial 2T on Slot 0 SubSlot 3", DESCR: "WAN Interface Card - Serial 2T"
PID: WIC-2T= , VID: 1.0, SN: 23188546
NAME: "PVDMII DSP SIMM with Two DSPs on Slot 0 SubSlot 4", DESCR: "PVDMII DSP SIMM with Two DSPs"
PID: PVDM2-32 , VID: V01 , SN: FOC12045356
PSTN_IP-WAN_RTR#show controllers t1
T1 0/2/0 is down.
Applique type is Channelized T1
Cablelength is long gain36 0db
Description: HQ_T1
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20071129, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (852 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 852 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
T1 0/2/1 is down.
Applique type is Channelized T1
Cablelength is long gain36 0db
Description: BR1_T1
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Soaking time: 3, Clearance time: 10
AIS State:Clear LOS State:Clear LOF State:Clear
Version info Firmware: 20071129, FPGA: 20, spm_count = 0
Framing is ESF, Line Code is B8ZS, Clock Source is Internal.
CRC Threshold is 320. Reported from firmware is 320.
Data in current interval (854 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 854 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
PSTN_IP-WAN_RTR#show controllers e1
E1 0/0/0 is down.
Applique type is Channelized E1 - balanced
Cablelength is Unknown
Description: BR2_E1
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Version info Firmware: 20071011, FPGA: 13, spm_count = 0
Framing is CRC4, Line Code is HDB3, Clock Source is Internal.
Data in current interval (862 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 862 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
E1 0/0/1 is down.
Applique type is Channelized E1 - balanced
Cablelength is Unknown
Transmitter is sending remote alarm.
Receiver has loss of signal.
alarm-trigger is not set
Version info Firmware: 20071011, FPGA: 13, spm_count = 0
Framing is CRC4, Line Code is HDB3, Clock Source is Internal.
Data in current interval (864 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 864 Unavail Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
PSTN_IP-WAN_RTR#
PSTN_IP-WAN_RTR#
PSTN_IP-WAN_RTR#show isdn status
Global ISDN Switchtype = primary-net5
ISDN Serial0/0/0:15 interface
******* Network side configuration *******
dsl 0, interface ISDN Switchtype = primary-net5
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
ISDN Serial0/0/1:15 interface
******* Network side configuration *******
dsl 1, interface ISDN Switchtype = primary-net5
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 1 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
ISDN Serial0/2/0:23 interface
******* Network side configuration *******
dsl 2, interface ISDN Switchtype = primary-ni
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 2 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
ISDN Serial0/2/1:23 interface
******* Network side configuration *******
dsl 3, interface ISDN Switchtype = primary-ni
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = TEI_ASSIGNED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 3 CCBs = 0
The Free Channel Mask: 0x00000000
Number of L2 Discards = 0, L2 Session ID = 0
Total Allocated ISDN CCBs = 0
PSTN_IP-WAN_RTR#
PSTN_IP-WAN_RTR#show run
Building configuration...
Current configuration : 6518 bytes
! Last configuration change at 23:02:02 CST Tue Feb 4 2014
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname PSTN_IP-WAN_RTR
boot-start-marker
boot-end-marker
card type e1 0 0
logging message-counter syslog
enable secret 5 $1$rLlG$MPPST59p5rs0FfXu8OXp1.
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-participate wic 2
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp pool PSTN-PHONE
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
option 150 ip 192.168.100.1
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
frame-relay switching
isdn switch-type primary-net5
voice translation-rule 1
rule 1 /^011\(.*\)/ /\1/
rule 2 /^1\(.*\)/ /&/
rule 3 /^00\(.*\)/ /\1/
rule 4 /^617\(.*\)/ /1&/
rule 5 /^212\(.*\)/ /1&/
voice translation-rule 2
rule 1 /^617/ /1&/
rule 2 /^212/ /1&/
voice translation-rule 3
rule 1 /^212/ /1&/
rule 2 /^34/ /&/
voice translation-rule 4
rule 1 /^617/ /1&/
rule 2 /^34/ /&/
voice translation-profile BR1-OUT
translate calling 3
voice translation-profile BR2-OUT
translate calling 2
voice translation-profile HQ-OUT
translate calling 4
voice translation-profile PSTN-IN
translate called 1
voice-card 0
crypto pki token default removal timeout 0
archive
log config
hidekeys
controller E1 0/0/0
clock source internal
pri-group timeslots 1-3,16
description BR2_E1
controller E1 0/0/1
clock source internal
pri-group timeslots 1-3,16
controller T1 0/2/0
clock source internal
pri-group timeslots 1-3,24
description HQ_T1
controller T1 0/2/1
clock source internal
pri-group timeslots 1-3,24
description BR1_T1
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.13
description PSTN-PHONE_LAN
encapsulation dot1Q 13
ip address 192.168.100.1 255.255.255.0
interface GigabitEthernet0/1
description MGMT-CONNECTION-via-WIFI
ip address 172.30.1.2 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0:15
description BR2-PSTN-CONNECTION
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn protocol-emulate network
isdn incoming-voice voice
no cdp enable
interface Serial0/0/1:15
description BR2-PSTN-CONNECTION
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn protocol-emulate network
isdn incoming-voice voice
no cdp enable
interface Serial0/1/0
description FR_to_BR2-RTR
no ip address
encapsulation frame-relay IETF
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 301 interface Serial0/3/0 103
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
interface Serial0/2/0:23
description HQ-PSTN-CONNECTION
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn protocol-emulate network
isdn incoming-voice voice
no cdp enable
interface Serial0/2/1:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn protocol-emulate network
isdn incoming-voice voice
no cdp enable
interface Serial0/3/0
description FR_to_HQ-RTR_point-to-point-BR1andBR2
no ip address
encapsulation frame-relay IETF
clock rate 64000
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 102 interface Serial0/3/1 201
frame-relay route 103 interface Serial0/1/0 301
interface Serial0/3/1
description FR_to_BR1-RTR-to-HQ-RTR
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
frame-relay intf-type dce
frame-relay route 201 interface Serial0/3/0 102
ip forward-protocol nd
ip route 1.1.1.1 255.255.255.255 172.30.1.1
ip route 2.2.2.2 255.255.255.255 172.30.1.1
ip route 3.3.3.3 255.255.255.255 172.30.1.1
ip route 10.1.1.0 255.255.255.0 172.30.1.1
ip route 192.168.14.0 255.255.255.0 172.30.1.1
ip route 192.168.15.0 255.255.255.0 172.30.1.1
ip route 192.168.16.0 255.255.255.0 172.30.1.1
ip route 192.168.17.0 255.255.255.0 172.30.1.1
ip route 192.168.20.0 255.255.255.0 172.30.1.1
ip route 192.168.21.0 255.255.255.0 172.30.1.1
ip route 192.168.30.0 255.255.255.0 172.30.1.1
ip route 192.168.31.0 255.255.255.0 172.30.1.1
no ip http server
no ip http secure-server
tftp-server flash:P0030801SR02.bin
tftp-server flash:P0030801SR02.loads
tftp-server flash:P0030801SR02.sb2
tftp-server flash:P0030801SR02.sbn
tftp-server P0030801SR02.txt
control-plane
voice-port 0/0/0:15
voice-port 0/2/0:23
voice-port 0/0/1:15
voice-port 0/2/1:23
ccm-manager fax protocol cisco
mgcp fax t38 ecm
dial-peer voice 1 pots
incoming called-number .
direct-inward-dial
dial-peer voice 10 pots
description HQ-NATIONAL-CALLS-DIAL-PEER
destination-pattern 2123941...
port 0/2/0:23
forward-digits all
dial-peer voice 20 pots
description BR1-NATIONAL-CALLS-DIAL-PEER
destination-pattern 6178632...
port 0/2/1:23
forward-digits all
dial-peer voice 30 pots
description BR2-NATIONAL-CALLS-DIAL-PEER
destination-pattern 32143...
port 0/0/0:15
forward-digits all
dial-peer voice 31 pots
description BR2-INTL-CALLS-DIAL-PEER
destination-pattern 3432143...
port 0/0/0:15
forward-digits all
telephony-service
em logout 0:0 0:0 0:0
max-ephones 2
max-dn 10
ip source-address 192.168.100.1 port 2000
load 7960-7940 P00303020214
keepalive 10
max-conferences 4 gain -6
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-dn 1
number 12123945001
label +8087812321
description NYC
name NYC-PSTN
ephone-dn 2
number 16178635001
label 911+999
description BOSTON
name BOSTON-PSTN
ephone-dn 3
number 32145001
label 18005551234
description SPAIN
name SPAIN-PSTN
ephone-dn 4
number 3432145002
description SPAIN
name SPAIN-PSTN-INTL
ephone-dn 5
number 5005
label 7812321
description 7812321
ephone-dn 6
number 5006
label x5005
description OFFICE PHONE
ephone 1
device-security-mode none
mac-address 0008.A3FD.39FF
type 7960
button 1:1 2:2 3:3 4:4
button 5:5
banner motd ^CC PSTN-IP-WAN ROUTER ^C
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
transport input all
scheduler allocate 20000 1000
ntp master
end
PSTN_IP-WAN_RTR#I have went ahead and re-enabled the voice-ports just because I left that out of my original output. See below.....
Do you think I ordered 3 factory made T1 cables from BlackBox and ALL of them came back to me bad? Or perhaps they might not have made them as cross over cables......hmm...any other suggestions?
BR2_RTR(config)#voice-port 0/0/0:15
BR2_RTR(config-voiceport)#no shut
BR2_RTR(config-voiceport)#do sh voice port summ
BR2_RTR(config-voiceport)#do sh voice port summ
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
=============== == ============ ===== ==== ======== ======== ==
0/0/0:15 01 isdn-voice up down none none y
0/0/0:15 02 isdn-voice up down none none y
0/0/0:15 03 isdn-voice up down none none y
50/0/1 1 efxs up dorm on-hook idle y
50/0/2 1 efxs up dorm on-hook idle y
PWR FAILOVER PORT PSTN FAILOVER PORT
================= ==================
HQ-RTR(config)#voice-port 0/2/0:23
HQ-RTR(config-voiceport)#no shut
HQ-RTR(config-voiceport)#
HQ-RTR(config-voiceport)#
HQ-RTR(config-voiceport)#do sh voice port summ
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
=============== == ============ ===== ==== ======== ======== ==
0/2/0:23 01 isdn-voice up down none none y
0/2/0:23 02 isdn-voice up down none none y
0/2/0:23 03 isdn-voice up down none none y
PWR FAILOVER PORT PSTN FAILOVER PORT
================= ==================
PSTN_IP-WAN_RTR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PSTN_IP-WAN_RTR(config)#voice-p
PSTN_IP-WAN_RTR(config)#voice-port 0/0/0:15
PSTN_IP-WAN_RTR(config-voiceport)#no shut
PSTN_IP-WAN_RTR(config-voiceport)#exit
PSTN_IP-WAN_RTR(config)#voice-por
PSTN_IP-WAN_RTR(config)#voice-port 0/2/0:23
PSTN_IP-WAN_RTR(config-voiceport)#no shut
PSTN_IP-WAN_RTR(config-voiceport)#exit
PSTN_IP-WAN_RTR(config)#voice-por
PSTN_IP-WAN_RTR(config)#voice-port 0/0/1:15
PSTN_IP-WAN_RTR(config-voiceport)#no shut
PSTN_IP-WAN_RTR(config-voiceport)#exit
PSTN_IP-WAN_RTR(config)#voice-port 0/2/1:23
PSTN_IP-WAN_RTR(config-voiceport)#no shut
PSTN_IP-WAN_RTR(config-voiceport)#exit
PSTN_IP-WAN_RTR(config)#
PSTN_IP-WAN_RTR(config)#
PSTN_IP-WAN_RTR(config)#
PSTN_IP-WAN_RTR(config)#do sh voice port summ
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
=============== == ============ ===== ==== ======== ======== ==
0/0/0:15 01 isdn-voice up dorm none none y
0/0/0:15 02 isdn-voice up dorm none none y
0/0/0:15 03 isdn-voice up dorm none none y
0/2/0:23 01 isdn-voice up dorm none none y
0/2/0:23 02 isdn-voice up dorm none none y
0/2/0:23 03 isdn-voice up dorm none none y
0/0/1:15 01 isdn-voice up dorm none none y
0/0/1:15 02 isdn-voice up dorm none none y
0/0/1:15 03 isdn-voice up dorm none none y
0/2/1:23 01 isdn-voice up dorm none none y
0/2/1:23 02 isdn-voice up dorm none none y
0/2/1:23 03 isdn-voice up dorm none none y
50/0/1 1 efxs up dorm on-hook idle y
50/0/2 1 efxs up dorm on-hook idle y
50/0/3 1 efxs up dorm on-hook idle y
50/0/4 1 efxs up dorm on-hook idle y
50/0/5 1 efxs up dorm on-hook idle y
50/0/6 1 efxs up up on-hook idle y
PWR FAILOVER PORT PSTN FAILOVER PORT
================= ==================
PSTN_IP-WAN_RTR(config)# -
ASA 5510 with Cisco 2811 Router Behind it - Not forwarding traffic
Hi all,
Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it.
Some examples that work.
I can SSH into the ASA.
I can SSH to the Cisco Routers behind the ASA.
I cannot reach items beind the Cisco Routers.
My Configuration is this (I am sure I included a bunch of info I didn't need to, but I am hoping it'll help!):
I have a static Ip assigned to my Ouside Interface Ethernet 0/1
It has an IP address of 199.195.xxx.xxx
I am trying to learn how to shape network traffic (this is all new to me) via the ASA and the Routers to specific devices.
The Inside Interface on the ASA is 10.10.1.1 255.255.255.252
The Outside Interface on the 2811 is 10.10.1.2 255.255.255.252
I can ping the router from the ASA. I can SSH through the ASA to the router.
BUT I CANNOT ACCESS DEVICES BEHIND THE ROUTER.
So, I wanted to BAM that statement above because I just don't kjnow where the issue is. Is the issue on the router or the ASA, my guess is, the router, but I just don't know.
Here are my configs, helpfully someone can help.
ASA errors on the ASDM when I try and hit resources; specifically a web device behind the ASA and the 2811. It's Ip address 192.168.1.5 it's listening on port 80.Static IP, not assigned via DHCP.
6
Feb 14 2014
19:38:56
98.22.121.x
41164
192.168.1.5
80
Built inbound TCP connection 1922859 for Outside:98.22.121.x/41164 (98.22.121.x/41164) to Inside:192.168.1.5/80 (199.195.168.x/8080)
6
Feb 14 2014
19:38:56
10.10.1.2
80
98.22.121.x
41164
Deny TCP (no connection) from 10.10.1.2/80 to 98.22.121.x/41164 flags SYN ACK on interface Inside
ASA5510# sh nat
Auto NAT Policies (Section 2)
1 (DMZ) to (Outside) source static ROUTER-2821 interface service tcp ssh 2222
translate_hits = 1, untranslate_hits = 18
2 (Inside) to (Outside) source static ROUTER-2811 interface service tcp ssh 222
translate_hits = 0, untranslate_hits = 13
3 (VOIP) to (Outside) source static ROUTER-3745 interface service tcp ssh 2223
translate_hits = 0, untranslate_hits = 3
4 (Inside) to (Outside) source static RDP-DC1 interface service tcp 3389 3389
translate_hits = 0, untranslate_hits = 236
5 (Inside) to (Outside) source static WEBCAM-01 interface service tcp www 8080
translate_hits = 0, untranslate_hits = 162
Manual NAT Policies (Section 3)
1 (any) to (Outside) source dynamic PAT-SOURCE interface
translate_hits = 1056862, untranslate_hits = 83506
ASA5510# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list USERS; 1 elements; name hash: 0x50681c1e
access-list USERS line 1 standard permit 10.10.1.0 255.255.255.0 (hitcnt=0) 0xdd6ba495
access-list Outside_access_in; 5 elements; name hash: 0xe796c137
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x host 10.10.1.2 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x host 10.10.0.2 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 3 extended permit tcp host 98.22.121.x interface Outside eq https (hitcnt=0) 0x385488b2
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x object WEBCAM-01 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x host 192.168.1.5 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389 (hitcnt=3) 0x02f13f4e
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x host 192.168.1.2 eq 3389 (hitcnt=3) 0x02f13f4e
access-list dmz-access-vlan1; 1 elements; name hash: 0xc3450860
access-list dmz-access-vlan1 line 1 extended permit ip 128.162.1.0 255.255.255.0 any (hitcnt=0) 0x429fedf1
access-list dmz-access; 3 elements; name hash: 0xf53f5801
access-list dmz-access line 1 remark Permit all traffic to DC1
access-list dmz-access line 2 extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2 (hitcnt=0) 0xd2dced0a
access-list dmz-access line 3 remark Permit only DNS traffic to DNS server
access-list dmz-access line 4 extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain (hitcnt=0) 0xbb21093e
access-list dmz-access line 5 remark Permit ICMP to all devices in DC
access-list dmz-access line 6 extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x71269ef7
CISCO-2811#show access-lists
Standard IP access list 1
10 permit any (1581021 matches)
CISCO-2811#show translate
CISCO-2811#show route
CISCO-2811#show route-map
CISCO-2811#show host
CISCO-2811#show hosts
Default domain is maladomini.int
Name/address lookup uses domain service
Name servers are 192.168.1.2, 199.195.168.4, 205.171.2.65, 205.171.3.65, 8.8.8.8
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
api.mixpanel.com None (temp, OK) 2 IP 198.23.64.21
198.23.64.22
198.23.64.18
198.23.64.19
198.23.64.20
ASA5510:
ASA5510# sh run all
: Saved
ASA Version 9.1(4)
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname ASA5510
domain-name maladomini.int
enable password x encrypted
no fips enable
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
passwd x encrypted
names
dns-guard
lacp system-priority 32768
interface Ethernet0/0
description LAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
delay 10
interface Ethernet0/1
description WAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Outside
security-level 0
ip address 199.195.168.xxx 255.255.255.240
delay 10
interface Ethernet0/2
description DMZ
speed auto
duplex auto
no flowcontrol send on
nameif DMZ
security-level 100
ip address 10.10.0.1 255.255.255.252
delay 10
interface Ethernet0/3
description VOIP
speed auto
duplex auto
no flowcontrol send on
nameif VOIP
security-level 100
ip address 10.10.2.1 255.255.255.252
delay 10
interface Management0/0
speed auto
duplex auto
management-only
shutdown
nameif management
security-level 0
no ip address
delay 10
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[\r\n\t ]+[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[\r\n\t ]+[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_windows-media-player-tunnel "NSPlayer"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_firethru-tunnel_1 "firethru[.]com"
checkheaps check-interval 60
checkheaps validate-checksum 60
boot system disk0:/asa914-k8.bin
ftp mode passive
clock timezone UTC 0
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.195.168.4
name-server 205.171.2.65
name-server 205.171.3.65
domain-name maladomini.int
same-security-traffic permit inter-interface
object service ah pre-defined
service ah
description This is a pre-defined object
object service eigrp pre-defined
service eigrp
description This is a pre-defined object
object service esp pre-defined
service esp
description This is a pre-defined object
object service gre pre-defined
service gre
description This is a pre-defined object
object service icmp pre-defined
service icmp
description This is a pre-defined object
object service icmp6 pre-defined
service icmp6
description This is a pre-defined object
object service igmp pre-defined
service igmp
description This is a pre-defined object
object service igrp pre-defined
service igrp
description This is a pre-defined object
object service ip pre-defined
service ip
description This is a pre-defined object
object service ipinip pre-defined
service ipinip
description This is a pre-defined object
object service ipsec pre-defined
service esp
description This is a pre-defined object
object service nos pre-defined
service nos
description This is a pre-defined object
object service ospf pre-defined
service ospf
description This is a pre-defined object
object service pcp pre-defined
service pcp
description This is a pre-defined object
object service pim pre-defined
service pim
description This is a pre-defined object
object service pptp pre-defined
service gre
description This is a pre-defined object
object service snp pre-defined
service snp
description This is a pre-defined object
object service tcp pre-defined
service tcp
description This is a pre-defined object
object service udp pre-defined
service udp
description This is a pre-defined object
object service tcp-aol pre-defined
service tcp destination eq aol
description This is a pre-defined object
object service tcp-bgp pre-defined
service tcp destination eq bgp
description This is a pre-defined object
object service tcp-chargen pre-defined
service tcp destination eq chargen
description This is a pre-defined object
object service tcp-cifs pre-defined
service tcp destination eq cifs
description This is a pre-defined object
object service tcp-citrix-ica pre-defined
service tcp destination eq citrix-ica
description This is a pre-defined object
object service tcp-ctiqbe pre-defined
service tcp destination eq ctiqbe
description This is a pre-defined object
object service tcp-daytime pre-defined
service tcp destination eq daytime
description This is a pre-defined object
object service tcp-discard pre-defined
service tcp destination eq discard
description This is a pre-defined object
object service tcp-domain pre-defined
service tcp destination eq domain
description This is a pre-defined object
object service tcp-echo pre-defined
service tcp destination eq echo
description This is a pre-defined object
object service tcp-exec pre-defined
service tcp destination eq exec
description This is a pre-defined object
object service tcp-finger pre-defined
service tcp destination eq finger
description This is a pre-defined object
object service tcp-ftp pre-defined
service tcp destination eq ftp
description This is a pre-defined object
object service tcp-ftp-data pre-defined
service tcp destination eq ftp-data
description This is a pre-defined object
object service tcp-gopher pre-defined
service tcp destination eq gopher
description This is a pre-defined object
object service tcp-ident pre-defined
service tcp destination eq ident
description This is a pre-defined object
object service tcp-imap4 pre-defined
service tcp destination eq imap4
description This is a pre-defined object
object service tcp-irc pre-defined
service tcp destination eq irc
description This is a pre-defined object
object service tcp-hostname pre-defined
service tcp destination eq hostname
description This is a pre-defined object
object service tcp-kerberos pre-defined
service tcp destination eq kerberos
description This is a pre-defined object
object service tcp-klogin pre-defined
service tcp destination eq klogin
description This is a pre-defined object
object service tcp-kshell pre-defined
service tcp destination eq kshell
description This is a pre-defined object
object service tcp-ldap pre-defined
service tcp destination eq ldap
description This is a pre-defined object
object service tcp-ldaps pre-defined
service tcp destination eq ldaps
description This is a pre-defined object
object service tcp-login pre-defined
service tcp destination eq login
description This is a pre-defined object
object service tcp-lotusnotes pre-defined
service tcp destination eq lotusnotes
description This is a pre-defined object
object service tcp-nfs pre-defined
service tcp destination eq nfs
description This is a pre-defined object
object service tcp-netbios-ssn pre-defined
service tcp destination eq netbios-ssn
description This is a pre-defined object
object service tcp-whois pre-defined
service tcp destination eq whois
description This is a pre-defined object
object service tcp-nntp pre-defined
service tcp destination eq nntp
description This is a pre-defined object
object service tcp-pcanywhere-data pre-defined
service tcp destination eq pcanywhere-data
description This is a pre-defined object
object service tcp-pim-auto-rp pre-defined
service tcp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-pop2 pre-defined
service tcp destination eq pop2
description This is a pre-defined object
object service tcp-pop3 pre-defined
service tcp destination eq pop3
description This is a pre-defined object
object service tcp-pptp pre-defined
service tcp destination eq pptp
description This is a pre-defined object
object service tcp-lpd pre-defined
service tcp destination eq lpd
description This is a pre-defined object
object service tcp-rsh pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-rtsp pre-defined
service tcp destination eq rtsp
description This is a pre-defined object
object service tcp-sip pre-defined
service tcp destination eq sip
description This is a pre-defined object
object service tcp-smtp pre-defined
service tcp destination eq smtp
description This is a pre-defined object
object service tcp-ssh pre-defined
service tcp destination eq ssh
description This is a pre-defined object
object service tcp-sunrpc pre-defined
service tcp destination eq sunrpc
description This is a pre-defined object
object service tcp-tacacs pre-defined
service tcp destination eq tacacs
description This is a pre-defined object
object service tcp-talk pre-defined
service tcp destination eq talk
description This is a pre-defined object
object service tcp-telnet pre-defined
service tcp destination eq telnet
description This is a pre-defined object
object service tcp-uucp pre-defined
service tcp destination eq uucp
description This is a pre-defined object
object service tcp-www pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-http pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-https pre-defined
service tcp destination eq https
description This is a pre-defined object
object service tcp-cmd pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-sqlnet pre-defined
service tcp destination eq sqlnet
description This is a pre-defined object
object service tcp-h323 pre-defined
service tcp destination eq h323
description This is a pre-defined object
object service tcp-udp-cifs pre-defined
service tcp-udp destination eq cifs
description This is a pre-defined object
object service tcp-udp-discard pre-defined
service tcp-udp destination eq discard
description This is a pre-defined object
object service tcp-udp-domain pre-defined
service tcp-udp destination eq domain
description This is a pre-defined object
object service tcp-udp-echo pre-defined
service tcp-udp destination eq echo
description This is a pre-defined object
object service tcp-udp-kerberos pre-defined
service tcp-udp destination eq kerberos
description This is a pre-defined object
object service tcp-udp-nfs pre-defined
service tcp-udp destination eq nfs
description This is a pre-defined object
object service tcp-udp-pim-auto-rp pre-defined
service tcp-udp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-udp-sip pre-defined
service tcp-udp destination eq sip
description This is a pre-defined object
object service tcp-udp-sunrpc pre-defined
service tcp-udp destination eq sunrpc
description This is a pre-defined object
object service tcp-udp-tacacs pre-defined
service tcp-udp destination eq tacacs
description This is a pre-defined object
object service tcp-udp-www pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-http pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-talk pre-defined
service tcp-udp destination eq talk
description This is a pre-defined object
object service udp-biff pre-defined
service udp destination eq biff
description This is a pre-defined object
object service udp-bootpc pre-defined
service udp destination eq bootpc
description This is a pre-defined object
object service udp-bootps pre-defined
service udp destination eq bootps
description This is a pre-defined object
object service udp-cifs pre-defined
service udp destination eq cifs
description This is a pre-defined object
object service udp-discard pre-defined
service udp destination eq discard
description This is a pre-defined object
object service udp-domain pre-defined
service udp destination eq domain
description This is a pre-defined object
object service udp-dnsix pre-defined
service udp destination eq dnsix
description This is a pre-defined object
object service udp-echo pre-defined
service udp destination eq echo
description This is a pre-defined object
object service udp-www pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-http pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-nameserver pre-defined
service udp destination eq nameserver
description This is a pre-defined object
object service udp-kerberos pre-defined
service udp destination eq kerberos
description This is a pre-defined object
object service udp-mobile-ip pre-defined
service udp destination eq mobile-ip
description This is a pre-defined object
object service udp-nfs pre-defined
service udp destination eq nfs
description This is a pre-defined object
object service udp-netbios-ns pre-defined
service udp destination eq netbios-ns
description This is a pre-defined object
object service udp-netbios-dgm pre-defined
service udp destination eq netbios-dgm
description This is a pre-defined object
object service udp-ntp pre-defined
service udp destination eq ntp
description This is a pre-defined object
object service udp-pcanywhere-status pre-defined
service udp destination eq pcanywhere-status
description This is a pre-defined object
object service udp-pim-auto-rp pre-defined
service udp destination eq pim-auto-rp
description This is a pre-defined object
object service udp-radius pre-defined
service udp destination eq radius
description This is a pre-defined object
object service udp-radius-acct pre-defined
service udp destination eq radius-acct
description This is a pre-defined object
object service udp-rip pre-defined
service udp destination eq rip
description This is a pre-defined object
object service udp-secureid-udp pre-defined
service udp destination eq secureid-udp
description This is a pre-defined object
object service udp-sip pre-defined
service udp destination eq sip
description This is a pre-defined object
object service udp-snmp pre-defined
service udp destination eq snmp
description This is a pre-defined object
object service udp-snmptrap pre-defined
service udp destination eq snmptrap
description This is a pre-defined object
object service udp-sunrpc pre-defined
service udp destination eq sunrpc
description This is a pre-defined object
object service udp-syslog pre-defined
service udp destination eq syslog
description This is a pre-defined object
object service udp-tacacs pre-defined
service udp destination eq tacacs
description This is a pre-defined object
object service udp-talk pre-defined
service udp destination eq talk
description This is a pre-defined object
object service udp-tftp pre-defined
service udp destination eq tftp
description This is a pre-defined object
object service udp-time pre-defined
service udp destination eq time
description This is a pre-defined object
object service udp-who pre-defined
service udp destination eq who
description This is a pre-defined object
object service udp-xdmcp pre-defined
service udp destination eq xdmcp
description This is a pre-defined object
object service udp-isakmp pre-defined
service udp destination eq isakmp
description This is a pre-defined object
object service icmp6-unreachable pre-defined
service icmp6 unreachable
description This is a pre-defined object
object service icmp6-packet-too-big pre-defined
service icmp6 packet-too-big
description This is a pre-defined object
object service icmp6-time-exceeded pre-defined
service icmp6 time-exceeded
description This is a pre-defined object
object service icmp6-parameter-problem pre-defined
service icmp6 parameter-problem
description This is a pre-defined object
object service icmp6-echo pre-defined
service icmp6 echo
description This is a pre-defined object
object service icmp6-echo-reply pre-defined
service icmp6 echo-reply
description This is a pre-defined object
object service icmp6-membership-query pre-defined
service icmp6 membership-query
description This is a pre-defined object
object service icmp6-membership-report pre-defined
service icmp6 membership-report
description This is a pre-defined object
object service icmp6-membership-reduction pre-defined
service icmp6 membership-reduction
description This is a pre-defined object
object service icmp6-router-renumbering pre-defined
service icmp6 router-renumbering
description This is a pre-defined object
object service icmp6-router-solicitation pre-defined
service icmp6 router-solicitation
description This is a pre-defined object
object service icmp6-router-advertisement pre-defined
service icmp6 router-advertisement
description This is a pre-defined object
object service icmp6-neighbor-solicitation pre-defined
service icmp6 neighbor-solicitation
description This is a pre-defined object
object service icmp6-neighbor-advertisement pre-defined
service icmp6 neighbor-advertisement
description This is a pre-defined object
object service icmp6-neighbor-redirect pre-defined
service icmp6 neighbor-redirect
description This is a pre-defined object
object service icmp-echo pre-defined
service icmp echo
description This is a pre-defined object
object service icmp-echo-reply pre-defined
service icmp echo-reply
description This is a pre-defined object
object service icmp-unreachable pre-defined
service icmp unreachable
description This is a pre-defined object
object service icmp-source-quench pre-defined
service icmp source-quench
description This is a pre-defined object
object service icmp-redirect pre-defined
service icmp redirect
description This is a pre-defined object
object service icmp-alternate-address pre-defined
service icmp alternate-address
description This is a pre-defined object
object service icmp-router-advertisement pre-defined
service icmp router-advertisement
description This is a pre-defined object
object service icmp-router-solicitation pre-defined
service icmp router-solicitation
description This is a pre-defined object
object service icmp-time-exceeded pre-defined
service icmp time-exceeded
description This is a pre-defined object
object service icmp-parameter-problem pre-defined
service icmp parameter-problem
description This is a pre-defined object
object service icmp-timestamp-request pre-defined
service icmp timestamp-request
description This is a pre-defined object
object service icmp-timestamp-reply pre-defined
service icmp timestamp-reply
description This is a pre-defined object
object service icmp-information-request pre-defined
service icmp information-request
description This is a pre-defined object
object service icmp-information-reply pre-defined
service icmp information-reply
description This is a pre-defined object
object service icmp-mask-request pre-defined
service icmp mask-request
description This is a pre-defined object
object service icmp-mask-reply pre-defined
service icmp mask-reply
description This is a pre-defined object
object service icmp-traceroute pre-defined
service icmp traceroute
description This is a pre-defined object
object service icmp-conversion-error pre-defined
service icmp conversion-error
description This is a pre-defined object
object service icmp-mobile-redirect pre-defined
service icmp mobile-redirect
description This is a pre-defined object
object network ROUTER-2811
host 10.10.1.2
object network ROUTER-2821
host 10.10.0.2
object network WEBCAM-01
host 192.168.1.5
object network DNS-SERVER
host 192.168.1.2
object network ROUTER-3745
host 10.10.2.2
object network RDP-DC1
host 192.168.1.2
object-group network PAT-SOURCE
network-object 10.10.1.0 255.255.255.252
network-object 10.10.0.0 255.255.255.252
network-object 10.10.2.0 255.255.255.252
network-object 192.168.0.0 255.255.255.0
network-object 172.16.10.0 255.255.255.0
network-object 172.16.20.0 255.255.255.0
network-object 128.162.1.0 255.255.255.0
network-object 128.162.10.0 255.255.255.0
network-object 128.162.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object host 98.22.121.x
object-group network Outside_access_in
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object gre
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x interface Outside eq https
access-list Outside_access_in extended permit tcp host 98.22.121.x object WEBCAM-01 eq www
access-list Outside_access_in extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389
access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
access-list dmz-access remark Permit ICMP to all devices in DC
access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 4096
logging asdm-buffer-size 100
logging asdm informational
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 747001
logging rate-limit 1 1 message 402116
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 1 message 313009
logging rate-limit 100 1 message 750003
logging rate-limit 100 1 message 750002
logging rate-limit 100 1 message 750004
logging rate-limit 1 10 message 419003
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 405003
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 337004
logging rate-limit 1 10 message 337005
logging rate-limit 1 10 message 337001
logging rate-limit 1 10 message 337002
logging rate-limit 1 60 message 199020
logging rate-limit 1 10 message 337003
logging rate-limit 2 5 message 199011
logging rate-limit 1 10 message 199010
logging rate-limit 1 10 message 337009
logging rate-limit 2 5 message 199012
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 1 message 447001
logging rate-limit 1 10 message 110003
logging rate-limit 1 10 message 110002
logging rate-limit 1 10 message 429007
logging rate-limit 1 10 message 216004
logging rate-limit 1 10 message 450001
flow-export template timeout-rate 30
flow-export active refresh-interval 1
mtu Inside 1500
mtu Outside 1500
mtu management 1500
mtu DMZ 1500
mtu VOIP 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Outside
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network ROUTER-2811
nat (Inside,Outside) static interface service tcp ssh 222
object network ROUTER-2821
nat (DMZ,Outside) static interface service tcp ssh 2222
object network WEBCAM-01
nat (Inside,Outside) static interface service tcp www 8080
object network ROUTER-3745
nat (VOIP,Outside) static interface service tcp ssh 2223
object network RDP-DC1
nat (Inside,Outside) static interface service tcp 3389 3389
nat (any,Outside) after-auto source dynamic PAT-SOURCE interface
access-group Outside_access_in in interface Outside
ipv6 dhcprelay timeout 60
router rip
network 10.0.0.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
route Inside 128.162.1.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.10.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.20.0 255.255.255.0 10.10.0.2 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action continue
no cts server-group
no cts sxp enable
no cts sxp default
no cts sxp default source-ip
cts sxp reconciliation period 120
cts sxp retry period 120
user-identity enable
user-identity domain LOCAL
user-identity default-domain LOCAL
user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 60
user-identity poll-import-user-group-timer hours 8
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 30 retry-times 5
no user-identity user-not-found enable
aaa authentication ssh console LOCAL
http server enable 443
http 0.0.0.0 0.0.0.0 Inside
http 98.22.121.x 255.255.255.255 Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no snmp-server enable traps syslog
no snmp-server enable traps ipsec start stop
no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
no snmp-server enable traps memory-threshold
no snmp-server enable traps interface-threshold
no snmp-server enable traps remote-access session-threshold-exceeded
no snmp-server enable traps connection-limit-reached
no snmp-server enable traps cpu threshold rising
no snmp-server enable traps ikev2 start stop
no snmp-server enable traps nat packet-discard
snmp-server enable
snmp-server listen-port 161
fragment size 200 Inside
fragment chain 24 Inside
fragment timeout 5 Inside
no fragment reassembly full Inside
fragment size 200 Outside
fragment chain 24 Outside
fragment timeout 5 Outside
no fragment reassembly full Outside
fragment size 200 management
fragment chain 24 management
fragment timeout 5 management
no fragment reassembly full management
fragment size 200 DMZ
fragment chain 24 DMZ
fragment timeout 5 DMZ
no fragment reassembly full DMZ
fragment size 200 VOIP
fragment chain 24 VOIP
fragment timeout 5 VOIP
no fragment reassembly full VOIP
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp Inside
no sysopt noproxyarp Outside
no sysopt noproxyarp management
no sysopt noproxyarp DMZ
no sysopt noproxyarp VOIP
service password-recovery
no crypto ipsec ikev2 sa-strength-enforcement
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec security-association replay window-size 64
crypto ipsec security-association pmtu-aging infinite
crypto ipsec fragmentation before-encryption Inside
crypto ipsec fragmentation before-encryption Outside
crypto ipsec fragmentation before-encryption management
crypto ipsec fragmentation before-encryption DMZ
crypto ipsec fragmentation before-encryption VOIP
crypto ipsec df-bit copy-df Inside
crypto ipsec df-bit copy-df Outside
crypto ipsec df-bit copy-df management
crypto ipsec df-bit copy-df DMZ
crypto ipsec df-bit copy-df VOIP
crypto ca trustpool policy
revocation-check none
crl cache-time 60
crl enforcenextupdate
crypto isakmp identity auto
crypto isakmp nat-traversal 20
crypto ikev2 cookie-challenge 50
crypto ikev2 limit max-in-negotiation-sa 100
no crypto ikev2 limit max-sa
crypto ikev2 redirect during-auth
crypto ikev1 limit max-in-negotiation-sa 20
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh 98.22.121.x 255.255.255.255 Outside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0
ipv6-vpn-addr-assign aaa
ipv6-vpn-addr-assign local reuse-delay 0
no vpn-sessiondb max-other-vpn-limit
no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
no remote-access threshold
l2tp tunnel hello 60
tls-proxy maximum-session 100
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 24.56.178.140 source Outside prefer
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication fca-timeout 2
webvpn
memory-size percent 50
port 443
dtls port 443
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
portal-access-rule none
no csd enable
no anyconnect enable
no tunnel-group-list enable
no tunnel-group-preference group-url
rewrite order 65535 enable resource-mask *
no internal-password
no onscreen-keyboard
no default-language
no smart-tunnel notification-icon
no keepout
cache
no disable
max-object-size 1000
min-object-size 0
no cache-static-content enable
lmfactor 20
expiry-time 1
no auto-signon
no error-recovery disable
no ssl-server-check
no mus password
mus host mus.cisco.com
no hostscan data-limit
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: # show import webvpn translation-table
: Translation Tables' Templates:
: PortForwarder
: banners
: customization
: url-list
: webvpn
: Translation Tables:
: fr PortForwarder
: fr customization
: fr webvpn
: ja PortForwarder
: ja customization
: ja webvpn
: ru PortForwarder
: ru customization
: ru webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
nac-settings none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
sso-server none
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
password-policy minimum-length 3
password-policy minimum-changes 0
password-policy minimum-lowercase 0
password-policy minimum-uppercase 0
password-policy minimum-numeric 0
password-policy minimum-special 0
password-policy lifetime 0
no password-policy authenticate-enable
quota management-session 0
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultRAGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultRAGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
match any
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
policy-map type inspect rtsp _default_rtsp_map
description Default RTSP policymap
parameters
policy-map type inspect ipv6 _default_ipv6_map
description Default IPV6 policy-map
parameters
verify-header type
verify-header order
match header routing-type range 0 255
drop log
policy-map type inspect h323 _default_h323_map
description Default H.323 policymap
parameters
no rtp-conformance
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no message-length maximum server
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
policy-map type inspect ip-options _default_ip_options_map
description Default IP-OPTIONS policy-map
parameters
router-alert action allow
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect rsh
inspect rtsp
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options _default_ip_options_map
inspect icmp
inspect icmp error
inspect pptp
class class-default
policy-map type inspect sip _default_sip_map
description Default SIP policymap
parameters
im
no ip-address-privacy
traffic-non-sip
no rtp-conformance
policy-map type inspect dns _default_dns_map
description Default DNS policy-map
parameters
no message-length maximum client
no message-leI ran those commands while I had the nat off on the router and here are the results. note, i didn't make any changes to the ASA as you only said to remove the router RIP which I did and reloaded and no change.
As long as the statements ip nat outside on the Fastethernet 0/0 is off and the ip nat inside is off on the vlan and the overload statement is taken out, I cannot hit the internet.
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#int
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#no ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#no ip nat outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#$nside source list 1 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]: y
CISCO-2811(config)#exit
CISCO-2811#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.1.1 202 c47d.4f3b.8ea6 ARPA FastEthernet0/0
Internet 10.10.1.2 - 0019.55a7.2ae8 ARPA FastEthernet0/0
Internet 172.16.10.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.1
Internet 172.16.10.3 238 0011.5c73.28c1 ARPA FastEthernet0/1.1
Internet 172.16.10.50 72 cc2d.8c78.065a ARPA FastEthernet0/1.1
Internet 172.16.20.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.2
Internet 172.16.20.3 196 0011.5c73.28c2 ARPA FastEthernet0/1.2
Internet 192.168.1.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.3
Internet 192.168.1.2 0 0024.e864.01a8 ARPA FastEthernet0/1.3
Internet 192.168.1.3 155 0011.5c73.28c0 ARPA FastEthernet0/1.3
Internet 192.168.1.5 61 4802.2a4c.1c74 ARPA FastEthernet0/1.3
Internet 192.168.1.20 0 5cf9.dd52.5fa9 ARPA FastEthernet0/1.3
Internet 192.168.1.50 0 308c.fb47.f2d9 ARPA FastEthernet0/1.3
Internet 192.168.1.51 1 ec35.8677.4057 ARPA FastEthernet0/1.3
Internet 192.168.1.52 1 b418.d136.ef72 ARPA FastEthernet0/1.3
Internet 192.168.1.53 1 8853.9572.e113 ARPA FastEthernet0/1.3
Internet 192.168.1.54 12 0009.b044.9f23 ARPA FastEthernet0/1.3
Internet 192.168.1.55 0 f47b.5e9a.7ae5 ARPA FastEthernet0/1.3
Internet 192.168.1.149 0 001e.4fc5.a199 ARPA FastEthernet0/1.3
Internet 192.168.1.174 0 b8ac.6fff.af83 ARPA FastEthernet0/1.3
CISCO-2811#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.10.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.10.1.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.1.0/30 is directly connected, FastEthernet0/0
L 10.10.1.2/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.10.0/24 is directly connected, FastEthernet0/1.1
L 172.16.10.1/32 is directly connected, FastEthernet0/1.1
C 172.16.20.0/24 is directly connected, FastEthernet0/1.2
L 172.16.20.1/32 is directly connected, FastEthernet0/1.2
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/1.3
L 192.168.1.1/32 is directly connected, FastEthernet0/1.3
ASA
ASA5510# sh arp
Inside 10.10.1.2 0019.55a7.2ae8 12342
Outside 199.195.168.113 000c.4243.581a 2
Outside 199.195.168.116 e05f.b947.116b 2436
Outside 199.195.168.120 0017.c58a.1123 9192
DMZ 10.10.0.2 0025.849f.63e0 3192
VOIP 10.10.2.2 000d.bcdc.fc40 7754
ASA5510# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 199.195.168.113 to network 0.0.0.0
S 172.16.20.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 172.16.10.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 128.162.1.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.10.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.20.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
C 199.195.168.112 255.255.255.240 is directly connected, Outside
C 10.10.0.0 255.255.255.252 is directly connected, DMZ
C 10.10.1.0 255.255.255.252 is directly connected, Inside
S 192.168.1.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S* 0.0.0.0 0.0.0.0 [1/0] via 199.195.168.113, Outside
ASA5510# show xlate
35 in use, 784 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
TCP PAT from DMZ:10.10.0.2 22-22 to Outside:199.195.168.x 2222-2222
flags sr idle 481:54:14 timeout 0:00:00
TCP PAT from Inside:10.10.1.2 22-22 to Outside:199.195.168.x 222-222
flags sr idle 51:06:46 timeout 0:00:00
TCP PAT from VOIP:10.10.2.2 22-22 to Outside:199.195.168.x 2223-2223
flags sr idle 687:32:27 timeout 0:00:00
TCP PAT from Inside:192.168.1.2 3389-3389 to Outside:199.195.168.x 3389-3389
flags sr idle 457:17:01 timeout 0:00:00
TCP PAT from Inside:192.168.1.5 80-80 to Outside:199.195.168.x 8080-8080
flags sr idle 52:18:58 timeout 0:00:00
NAT from Outside:0.0.0.0/0 to any:0.0.0.0/0
flags sIT idle 353:10:21 timeout 0:00:00
UDP PAT from any:10.10.1.2/52581 to Outside:199.195.168.x/52581 flags ri idle 0:00:00 timeout 0:00:30
UDP PAT from any:10.10.1.2/55389 to Outside:199.195.168.x/55389 flags ri idle 0:00:03 timeout 0:00:30
UDP PAT from any:10.10.1.2/51936 to Outside:199.195.168.x/51936 flags ri idle 0:00:04 timeout 0:00:30
UDP PAT from any:10.10.1.2/51345 to Outside:199.195.168.x/51345 flags ri idle 0:00:09 timeout 0:00:30
UDP PAT from any:10.10.1.2/55985 to Outside:199.195.168.x/55985 flags ri idle 0:00:18 timeout 0:00:30
UDP PAT from any:10.10.1.2/49368 to Outside:199.195.168.x/49368 flags ri idle 0:00:22 timeout 0:00:30
UDP PAT from any:10.10.1.2/52441 to Outside:199.195.168.x/52441 flags ri idle 0:00:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/57908 to Outside:199.195.168.x/57908 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57907 to Outside:199.195.168.x/57907 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57906 to Outside:199.195.168.x/57906 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57896 to Outside:199.195.168.x/57896 flags ri idle 0:09:09 timeout 0:00:30
TCP PAT from any:10.10.1.2/57879 to Outside:199.195.168.x/57879 flags ri idle 0:10:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/49441 to Outside:199.195.168.x/49441 flags ri idle 0:20:52 timeout 0:00:30
TCP PAT from any:10.10.1.2/57868 to Outside:199.195.168.x/57868 flags ri idle 0:25:28 timeout 0:00:30
TCP PAT from any:10.10.1.2/60519 to Outside:199.195.168.x/60519 flags ri idle 0:44:11 timeout 0:00:30
TCP PAT from any:10.10.1.2/60491 to Outside:199.195.168.x/60491 flags ri idle 0:44:20 timeout 0:00:30
TCP PAT from any:10.10.1.2/60484 to Outside:199.195.168.x/60484 flags ri idle 0:44:35 timeout 0:00:30
TCP PAT from any:10.10.1.2/60480 to Outside:199.195.168.x/60480 flags ri idle 0:44:51 timeout 0:00:30
TCP PAT from any:10.10.1.2/53851 to Outside:199.195.168.x/53851 flags ri idle 0:54:14 timeout 0:00:30
TCP PAT from any:10.10.1.2/57812 to Outside:199.195.168.x/57812 flags ri idle 0:58:30 timeout 0:00:30
TCP PAT from any:10.10.1.2/57810 to Outside:199.195.168.x/57810 flags ri idle 0:58:32 timeout 0:00:30
TCP PAT from any:10.10.1.2/53847 to Outside:199.195.168.x/53847 flags ri idle 1:00:18 timeout 0:00:30
TCP PAT from any:10.10.1.2/57808 to Outside:199.195.168.x/57808 flags ri idle 1:07:58 timeout 0:00:30
TCP PAT from any:10.10.1.2/60406 to Outside:199.195.168.x/60406 flags ri idle 1:42:13 timeout 0:00:30
TCP PAT from any:10.10.1.2/49259 to Outside:199.195.168.x/49259 flags ri idle 7:39:44 timeout 0:00:30
TCP PAT from any:10.10.1.2/49191 to Outside:199.195.168.x/49191 flags ri idle 7:42:39 timeout 0:00:30
TCP PAT from any:10.10.1.2/55951 to Outside:199.195.168.x/55951 flags ri idle 23:11:40 timeout 0:00:30
TCP PAT from any:10.10.1.2/55944 to Outside:199.195.168.x/55944 flags ri idle 23:15:19 timeout 0:00:30
TCP PAT from any:10.10.1.2/55942 to Outside:199.195.168.x/55942 flags ri idle 23:15:24 timeout 0:00:30
ASA5510# sh conn all
149 in use, 815 most used
TCP Outside 74.125.193.108:993 Inside 10.10.1.2:57879, idle 0:12:37, bytes 6398, flags UIO
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53879, idle 0:00:01, bytes 0, flags saA
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53878, idle 0:00:01, bytes 0, flags saA
TCP Outside 17.149.36.177:5223 Inside 10.10.1.2:60480, idle 0:16:53, bytes 4539, flags UIO
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53877, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53876, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53875, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53874, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53872, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53871, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53868, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53867, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53860, idle 0:00:17, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53859, idle 0:00:17, bytes 0, flags saA
TCP Outside 17.172.233.95:5223 Inside 10.10.1.2:49191, idle 0:18:48, bytes 7384, flags UIO
TCP Outside 17.178.100.43:443 Inside 10.10.1.2:57810, idle 0:56:21, bytes 5797, flags UFIO
TCP Outside 23.206.216.93:80 Inside 10.10.1.2:53847, idle 0:54:15, bytes 2683, flags UFIO
TCP Outside 143.127.93.90:80 Inside 10.10.1.2:49259, idle 0:12:20, bytes 13315, flags UIO
TCP Outside 74.125.225.53:443 Inside 192.168.1.20:53864, idle 0:00:11, bytes 0, flags saA
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49204, idle 0:00:04, bytes 67, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:50122, idle 0:00:07, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63275, idle 0:00:08, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63306, idle 0:00:18, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65059, idle 0:00:22, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64681, idle 0:00:30, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64661, idle 0:00:30, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:55618, idle 0:00:32, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65056, idle 0:00:33, bytes 48, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:59433, idle 0:00:41, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:52178, idle 0:00:42, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:61414, idle 0:00:43, bytes 34, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65438, idle 0:00:44, bytes 44, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63686, idle 0:00:44, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65416, idle 0:00:45, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:53047, idle 0:00:47, bytes 32, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:62213, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:52347, idle 0:00:46, bytes 92, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:58069, idle 0:00:46, bytes 64, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:50753, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65381, idle 0:00:50, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65082, idle 0:00:50, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64038, idle 0:00:50, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49309, idle 0:00:51, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64034, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49197, idle 0:00:51, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64728, idle 0:00:51, bytes 49, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64309, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63289, idle 0:00:51, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64174, idle 0:00:52, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:39286, idle 0:01:09, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63726, idle 0:01:09, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65482, idle 0:01:12, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65091, idle 0:01:13, bytes 61, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64976, idle 0:01:13, bytes 57, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63749, idle 0:00:51, bytes 103, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64043, idle 0:01:14, bytes 52, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64267, idle 0:01:24, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64467, idle 0:01:26, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65504, idle 0:01:26, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:38946, idle 0:01:35, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63701, idle 0:01:38, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63879, idle 0:01:46, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:58516, idle 0:01:49, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63227, idle 0:01:51, bytes 62, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:65446, idle 0:01:53, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49166, idle 0:01:55, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:56680, idle 0:02:01, bytes 33, flags -
UDP Outside 192.55.83.30:53 Inside 192.168.1.2:65073, idle 0:00:44, bytes 50, flags -
TCP Outside 74.125.193.109:993 Inside 10.10.1.2:57808, idle 0:39:33, bytes 6392, flags UFIO
TCP Outside 74.125.225.54:443 Inside 192.168.1.20:53863, idle 0:00:13, bytes 0, flags saA
TCP Outside 143.127.93.89:80 Inside 10.10.1.2:60519, idle 0:46:30, bytes 346, flags UO
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53881, idle 0:00:01, bytes 0, flags saA
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53880, idle 0:00:01, bytes 0, flags saA
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:60627, idle 0:00:39, bytes 78, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52088, idle 0:00:39, bytes 86, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50533, idle 0:00:39, bytes 76, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:63347, idle 0:00:39, bytes 80, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:62213, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52347, idle 0:00:40, bytes 46, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:58069, idle 0:00:40, bytes 32, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50753, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:50791, idle 0:01:25, bytes 35, flags -
TCP Outside 74.125.225.46:443 Inside 192.168.1.20:53870, idle 0:00:08, bytes 0, flags saA
TCP Outside 17.173.255.101:443 Inside 10.10.1.2:53851, idle 0:56:33, bytes 58, flags UfIO
TCP Outside 64.4.23.147:33033 Inside 10.10.1.2:55944, idle 0:44:45, bytes 558164, flags UFIO
TCP Outside 74.125.225.35:443 Inside 192.168.1.20:53869, idle 0:00:09, bytes 0, flags saA
UDP Outside 64.4.23.175:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 28, flags -
UDP Outside 192.54.112.30:53 Inside 192.168.1.2:65380, idle 0:00:44, bytes 49, flags -
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57908, idle 0:10:47, bytes 7895, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57907, idle 0:10:49, bytes 20323, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57906, idle 0:10:47, bytes 6539, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57868, idle 0:27:44, bytes 6395, flags UIO
TCP Outside 91.190.218.59:443 Inside 10.10.1.2:55942, idle 0:41:39, bytes 2727, flags UFIO
TCP Outside 17.172.233.123:5223 Inside 10.10.1.2:49441, idle 0:23:10, bytes 4409, flags UIO
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53862, idle 0:00:16, bytes 0, flags saA
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53861, idle 0:00:16, bytes 0, flags saA
TCP Outside 143.127.93.115:80 Inside 10.10.1.2:60406, idle 0:42:59, bytes 970, flags UFIO
TCP Outside 143.127.93.118:80 Inside 10.10.1.2:60484, idle 0:46:54, bytes 328, flags UO
TCP Outside 17.172.233.98:5223 Inside 10.10.1.2:57896, idle 0:11:28, bytes 5081, flags UIO
UDP Outside 111.221.74.16:33033 Inside 192.168.1.174:26511, idle 0:01:18, bytes 31, flags -
TCP Outside 17.149.36.103:5223 Inside 192.168.1.174:60729, idle 0:00:04, bytes 0, flags saA
UDP Outside 192.5.6.30:53 Inside 192.168.1.2:65317, idle 0:00:44, bytes 51, flags -
UDP Outside 192.12.94.30:53 Inside 192.168.1.2:65356, idle 0:00:44, bytes 54, flags -
TCP Outside 17.149.36.180:5223 Inside 10.10.1.2:55951, idle 0:46:08, bytes 14059, flags UFIO
UDP Outside 111.221.74.28:33033 Inside 192.168.1.174:26511, idle 0:01:20, bytes 33, flags -
TCP Outside 63.235.20.160:80 Inside 192.168.1.20:53873, idle 0:00:08, bytes 0, flags saA
TCP Outside 50.19.127.112:443 Inside 192.168.1.50:60678, idle 0:00:00, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60728, idle 0:00:14, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60727, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60726, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:443 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
TCP Outside 65.55.122.234:2492 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
UDP Outside 157.55.56.170:33033 Inside 192.168.1.174:26511, idle 0:01:21, bytes 37, flags -
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53866, idle 0:00:11, bytes 0, flags saA
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53865, idle 0:00:11, bytes 0, flags saA
UDP Outside 111.221.74.18:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 29, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55546, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:60277, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55618, idle 0:00:34, bytes 43, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:60627, idle 0:00:36, bytes 78, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:52088, idle 0:00:36, bytes 86, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:50533, idle 0:00:36, bytes 76, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:63347, idle 0:00:36, bytes 80, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:56958, idle 0:01:24, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:51360, idle 0:01:26, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:50791, idle 0:01:27, bytes 35, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:54134, idle 0:01:46, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:58516, idle 0:01:50, bytes 51, flags -
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59350, idle 0:00:02, bytes 0, flags saA
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59349, idle 0:00:16, bytes 0, flags saA
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:50122, idle 0:00:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:48088, idle 0:00:42, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:62213, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:52347, idle 0:00:45, bytes 92, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:58069, idle 0:00:45, bytes 64, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:50753, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:61414, idle 0:00:47, bytes 34, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:54481, idle 0:01:08, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:40285, idle 0:01:34, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:65446, idle 0:01:55, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:46155, idle 0:02:00, bytes 33, flags -
UDP Outside 66.104.81.70:5070 Inside 192.168.1.174:57609, idle 0:00:11, bytes 46, flags -
UDP Outside 64.4.23.156:33033 Inside 192.168.1.174:26511, idle 0:01:14, bytes 38, flags -
TCP Outside 65.54.167.15:12350 Inside 10.10.1.2:60491, idle 0:11:02, bytes 1405, flags UIO
TCP Outside 17.172.192.35:443 Inside 10.10.1.2:57812, idle 0:56:11, bytes 6116, flags UFIO
UDP Outside 157.55.56.176:33033 Inside 192.168.1.174:26511, idle 0:01:16, bytes 32, flags -
TCP Inside 192.168.1.20:53667 NP Identity Ifc 10.10.1.1:22, idle 0:00:00, bytes 37555, flags UOB
TCP Inside 10.10.1.2:53431 NP Identity Ifc 10.10.1.1:22, idle 0:09:03, bytes 20739, flags UOB
Ran on the ASA while overload statements were down on the router:
ASA5510# packet-tracer input Inside tcp 192.168.1.100 12345 8.8.8.8 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 Outside
Phase: 2
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1988699, packet dispatched to next module
Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow
Had to put these back in to get to the internet:
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#ip nat
CISCO-2811(config-if)#ip nat Outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#in
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#$de source list 1 interface FastEthernet0/0 overload
CISCO-2811(config)#
Screenshot of ASDM: -
Hi guys
I am currently trying to configure a 2811 with a PVDM2-36DM and a HWIC-1CE1T1-PRI to allow remote users to dial in using both ISDN and pstn modem access. Is this possible using this combination of WICS?this is the config we are running. we can dial a Windows XP machine in using PSTN no problem, however ISDN will authenticate the link, and then can't negotiate a PPP link
this is the config we are applying
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec show-timezone
service password-encryption
hostname xxx
boot-start-marker
boot-end-marker
card type e1 0 0
logging buffered 4096 informational
enable secret xxxxxx
aaa new-model
aaa authentication login default local
aaa authentication login console local
aaa authentication ppp default group radius
aaa session-id common
clock timezone GMT 0
clock summer-time GMT recurring
network-clock-participate wic 0
network-clock-select 1 E1 0/0/0
modem call-record terse
modem country v12 e1-default
modem recovery threshold 10
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp bootp ignore
ip dhcp pool dialinusers
network xxxxx xxxxxx
default-router xxxxx
dns-server xxxxxxx xxxx
no ip domain lookup
multilink bundle-name authenticated
isdn switch-type primary-net5
isdn voice-call-failure 0
username xxxxxx password xxxxxx
archive
log config
logging enable
logging size 200
hidekeys
path flash:archeived-config
maximum 14
write-memory
time-period 1440
controller E1 0/0/0
pri-group timeslots 1-31
interface FastEthernet0/0
description "xxxxxx"
ip address xxxx xxxxxx
no ip redirects
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
description "xxxxxx"
ip address xxxxx xxxxxx
no ip redirects
duplex auto
speed auto
no cdp enable
interface Serial0/0/0:15
description "D Channel interface for the Primary Rate ISDN"
no ip address
encapsulation ppp
ip mroute-cache
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
no fair-queue
no cdp enable
interface Dialer1
no ip address
encapsulation ppp
dialer in-band
dialer idle-timeout 2147482
dialer-group 1
no peer default ip address
no fair-queue
no cdp enable
ppp multilink
interface Group-Async1
description "Global Interface for PRI Dial-In Connections"
ip unnumbered FastEthernet0/0
encapsulation ppp
dialer in-band
dialer idle-timeout 0
async mode interactive
peer default ip address dhcp-pool dialinusers
no fair-queue
ppp authentication eap
no ppp chap wait
ppp multilink
group-range 0/386 0/421
ip route xxxx xxxx FastEthernet0/0
ip route 1xxxx xxxx FastEthernet0/0
ip route 1xxx xxx FastEthernet0/1
no ip http server
no ip http secure-server
dialer-list 1 protocol ip permit
no cdp run
radius-server host xxxxx auth-port 1645 acct-port 1646
radius-server timeout 10
radius-server key xxxxxx
control-plane
line con 0
login authentication local
line aux 0
exec-timeout 0 1
no exec
transport output none
line 0/386 0/421
login authentication console
modem Dialin
modem autoconfigure discovery
rotary 1
terminal-type length
transport input all
autoselect during-login
autoselect ppp
line vty 0 4
exec-timeout 0 1
no exec
transport input none
transport output none
scheduler allocate 20000 1000
many thanks in advance -
CME 3.3 on 2811 with Polycom VSX 7000
All -
I have a polycom VSX7000 without the integrated MCU.
I also have a 2811 running CME 3.3 with about 20 IP phones attached.
I'd like to come up with a solution so that my IP phone users could participate in a video conference as audio-only users.
Is there any chance that transcoding on the 2811 using spare PVDM2 resources could do this?
I've already gotten an IP phone to call the VSX7K using an H.323 dialpeer, but as soon as the call is answered - it disconnects - presumably due to a codec mis-match.
The IPVC products seem to be overkill for my needs (and budget).
Suggestions?I do not have an MCU or bridge in the network. The other video endpoints that may be involved are IP devices external to the network.
Our original design intent is that we are a single endpoint and would not have bandwidth available to support multiple external connections. The places to where we would connect on a video conference are larger, fixed sites more able to provide bridging services.
Then came the idea of supporting audio-only access of our local IP phones to the conference.
I'll definitely try the codec command on the H.323 dial peer.
I think I mentioned that the call would signal each end, but would fail to connect once the user tried to answer. -
CUCM 9 & AS5850, Using MGCP Gateways not found in "Gateway Type" list...
I have an application where I need to control a large, AS5850 gateway using MGCP. CUCM version is 9.1, soon to be 10.0. The gateway is populated with CT3 cards.
We have confirmed that the AS5850 does in fact support MGCP, however it is not listed as an option in the list of gateway product choices when adding a new gateway in CUCM. So my first question:
1) How do you add an MGCP gateway in CUCM when it is not listed in the "gateway type" drop-down list? It seems there must be a way to do this. Other well known gateways such as the AS5300, AS5400 etc.. are also notably absent from the list of gateway choices. Perhaps there is a template that can be edited?
If anyone has experience utilizing an AS5850 gateway with CUCM & MGCP, it would be very useful to see sample configuration programming from your gateway.
Many thanksHi,
As per the datasheet, the Cisco AS5850 Universal Gateway supports H.323, SIP, and MGCP call-control protocols with extensive SNMP management and debugging capabilities. It works with the Cisco PGW 2200 Softswitch, the Cisco BTS 10200 Softswitch, and many partner softswitches as well.
http://www.cisco.com/en/US/prod/collateral/iad/ps509/ps512/product_data_sheet09186a008007cc48.html
It looks like that its not supported with CUCM.
HTH
Manish -
MGCP T1 PRI shows Unregistered on CUCM
CUCM: 8.6.2.21900-5
Call Manager page shows PRI as unregistered, however on gateway ISDN status is Multiple Frame Established
ISDN Serial0/0/1:23 interface
dsl 1, interface ISDN Switchtype = primary-qsig
**** Slave side configuration ****
L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 1 CCBs = 0
The Free Channel Mask: 0x807FFFFF
Number of L2 Discards = 0, L2 Session ID = 39
Total Allocated ISDN CCBs = 0
Additional Information:
1. Calls go through the PRI 0/0/1 even if the CCM shows it unregistered
Troubleshooting Done:
1. Reset the gateway from Call manager and MGCP gateway
Resetting the gateway didn't make any difference.Hi Amit,
This might be an issue with RISDC on the cluster. This service is responsible for distributing updates about device statuses in the cluster from one server to another. How many servers do you have on the cluster?
Does the gateway appear unregistered to ALL servers in the cluster? Can you take a look at this from the other subscribers?
You could try giving RISDC a reset on all subscribers first, followed by resetting it on the publisher. You will find this under Serviceability -> Control Center - Network services.
Thanks -
AS5400 Performance runining Both H323 and SIP
Dear All,
Is there any way to run Voice Gateway like AS5400 with two protocol H323 and SIP simultaneously? Any voice gateway performance afftected? or Voice quality affected? if we run both protocol in only one gateway?
Best Regards,
DanethAS5400 supports H.323 and SIP dial-peer at the same time without problems.
I've used AS5400 in IP2IP gateway mode to convert SIP in H.323 and vice versa with about 150 concurrent calls.
In lab I also tested SIP, H.323 and MGCP at same time.
In default configuration SIP and H.323 are both active.
AS5400 uses H.323 like default signalling protocol. Is sufficient create a voip dial-peer. To specify SIP you must use the command "session protocol sipv2" under a dial-peer.
To shut down SIP use
voice service voip
sip
call service stop
To shut down H.323 use
no gateway
Maybe you are looking for
-
Can i edit my game center account to stop sharing friends and games from another apple id that associated with my own new apple id.how to reset it without losing my apple id and i can stiil use it? Because i've made lot of paid purchases using this a
-
Need help to create export table procedure
Hi, I have created a procedure, which may use to do following things: 1. first create a duplicate table of sys.aud$ records 2. export that duplicate table here I am enclosing my code: 1. create or replace procedure crt_tab 2. is 3. sqlstring varchar2
-
Windows 7, Adobe Reader 9.0 - Print to PDF
How do I add an Adobe PDF printer driver. I just bought this new laptop with windows 7. I haven't even installed a printer yet because I had to buy this "on the road" when my last laptop failed. I want to "add a printer" to make it an available se
-
OpenJPA is firing separate query for embedded class in the entity
Hello experts, I have an Embedded class in my entity which has some common similar columns for all the tables. e.g @Entity @Table(name = "MY_TABLE") public class MyTable implements Serializable { //... some specific fields here @Embedded
-
Help with PS CS4 for Mac (Lion 10.7.3)
I bought Photoshop CS4 about a year and a half ago and it worked on my old Macbook (10.5.8) absolutely fine. I recently upgraded to a Macbook Pro (Lion 10.7.3) and now Photoshop crashes about every ten minutes for no apparent reason. By "crashes" I m