Netflow top-talkers configuration

Hello
I would like to know the purpose of these configuration commands :
ip flow-top-talkers
top 50
sort-by packets
cache-timeout 2000
match source address 192.1.1.97/32
match destination address 192.1.1.110/32
This is extracted from a documentation from Cisco.
For me there is no sense to configure a top talkers : how do we know that this will be the top talkers ?
Thanks for help
Regards

Top talkers are based on the conversations or flows generating the heaviest traffic on your routing device. A flow refers to traffic from source A to source B through any interface of the router and "heaviest traffic" means volume of traffic generated. They can be sorted based on any one of the following criteria:
1. By the total number of packets in each top talker
2. By the total number of bytes in each top talker
There are further filter options, which can done using "match statements".
For eg, if you simply enable top talkers for 50 and set the sort feature based on packets, the 50 conversations who were sending the most traffic (volume - KB, MB, GB) will be taken and displayed. The displayed conversations will be sorted based on the packet counts in the flow.
If you add an match IP source statement to the above example, then the same as above is done but only flows whose source IP is the same as in the match statement is captured.
If you add a match source and destination IP, then only the top 50 flows between those 2 IP Addresses will be captured and displayed.
Regards,
Don Thomas Jacob
www.netflowanalyzer.com
NOTE: Please rate posts and close questions if you have got the answer.

Similar Messages

Netflow top talkers query

Hi Folks,
I was trying to use the top talkers feature to find the culprits hogging my bandwidth. I am pertty new top talker feature and its implemented on a 6500 with sup720. I have a couple of queries w.r.t this.
* tried to configure the cort by bytes feature got a warning that its not supported on the hardware based model.So is there any way to use sort by bytes on the sup 720?
* The O/P fileds of a show ip flow top-talkers are usually,
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts( had to use sort by packets due to warning)
Now is this pkts field the number of packets calculated between the cache-timeout value or is it the total seen so far? Will it be the same for sort by bytes too? Total bytes seen for this flow rather than a realtime bytes/sec or bytes/cache time-out value.
If this is the case then its actually not a real time top talker value right? Please help
Thanks,
Prakadeesh

The --command -- sh ip cache flow shows the cache-timeout value only not the collective bytes of data ; if you need the Total bytes seen for this flow you need to use the Crannog netflow Tracker kind of tools or you need to use " ip accounting " and clear the counter manually as and when required !!!
And it its actually a real time top talker value for that specifed cache-timeout value and i found most of the time it shows the correct top-talker many times !!!!!!!!!!!!!!!!!!!

Does WCCP skew results of 'ip flow top-talkers'?

I have a router that has been configured to show ip flow top-talker information. I recently added a WAAS to this site that is using WCCP redirection. The 'top-talkers' output on the router still works - but shows source/destination of the router and WAAS device as the talkers for all traffic that has been redirected. I'm not able to see that actual client IPs for that traffic .. and that is the majority of my traffic. Is there any way to still be able to view this traffic as I did before? If I dump netflow to an actual netflow server instead of using top-talkers will that work - or will it display the same thing?
Router configuration:
interface multilink1
ip flow ingress
interface gi0/0
ip flow ingress
ip flow-top-talkers
top 25
sort-by bytes
Now when I do a 'show ip flow top-talkers', here's what I see: 10.10.11.18 is WAAS and 10.10.255.11 is loopback of the router.
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes
Gi0/0.1       10.10.11.18     Mu1           10.10.255.11    2F 0000 0000   141M
Gi0/0.1       10.10.11.18     Mu1           10.10.255.11    2F 0000 0000    12M
Gi0/0.1       10.10.11.124    Gi0/0.1       10.10.10.53     06 1058 0A26 1801K
Gi0/0.1       10.10.11.54     Gi0/0.1       10.10.10.5      06 0E0C 0A26   882K
Gi0/0.1       10.10.11.107    Gi0/0.1       10.10.10.50     06 043D 05D6   736K
Gi0/0.1       10.10.11.60     Gi0/0.1       10.10.10.5      06 0409 0A26   723K
Gi0/0.1       10.10.11.103    Gi0/0.1       10.10.10.5      06 0407 0A26   713K
Gi0/0.1       10.10.11.120    Gi0/0.1       10.10.10.14     06 0456 05D6   531K
Gi0/0.1       10.10.11.237    Gi0/0.1       10.10.10.27     06 238C 110E   527K
Gi0/0.1       10.10.11.62     Gi0/0.1       10.10.10.53     06 C00E 05D6   463K
Gi0/0.1       10.10.11.125    Gi0/0.1       10.10.10.30     06 12A1 1F90   355K
Gi0/0.1       10.10.11.115    Gi0/0.1       10.10.10.14     06 042C 05D6   336K
Gi0/0.1       10.10.11.137    Gi0/0.1       10.10.10.6      06 04AC 0D3D   244K
Gi0/0.1       10.10.11.154    Gi0/0.1       10.10.10.53     06 0A0D 0A26   216K
Gi0/0.1       10.10.11.66     Gi0/0.1       10.10.10.6      06 C018 05D6   195K
Gi0/0.1       10.10.11.91     Gi0/0.1       10.10.10.5      06 0439 05D6   145K
Gi0/0.1       10.10.11.58     Gi0/0.1       10.10.10.14     06 0458 05D6   134K
Gi0/0.1       10.10.11.127    Gi0/0.1       10.10.10.30     06 0618 1F90   115K
Gi0/0.1       10.10.11.18     Local         10.10.255.11    11 0800 0800    96K
Gi0/0.1       10.10.11.147    Gi0/0.1       10.10.10.14     06 118F 0A26    88K
Gi0/0.1       10.10.11.95     Gi0/0.1       10.10.10.14     06 0C35 0D3D    84K
Gi0/0.1       10.10.11.105    Gi0/0.1       10.10.10.27     06 C98F 01BD    70K
Gi0/0.1       10.10.11.117    Gi0/0.1       10.10.10.53     06 CB1A 0D3D    41K
Gi0/0.1       10.10.11.65     Gi0/0.1       10.10.10.14     06 0EF9 05D6    40K
Gi0/0.1       10.10.11.112    Gi0/0.1       10.10.10.21     06 08D5 0D3D    37K
Thanks!

I believe the problem is caused because I have the WAAS appliance in the same subnet as users. I am using the 'egress-method negotiated-return intercept-method wccp' on the WAAS to send the traffic back to the router. This uses GRE, which is causing the cache flow data to show up the way it is.
I will have to move the WAAS to a different subnet and change the return method.

Ip flow-top-talkers support

So I stumbled upon the ip flow-top-talkers feature and attempted to configure it on a 3560-X running 12.2(58)SE2. It allowed me to configure this:
ip flow-top-talkers
top 5
sort-by bytes
cache-timeout 60000
Then on the interface I am interested in:
interface GigabitEthernet0/21
ip flow ingress
Which results is (drum roll please....)
Switch#show ip flow top
% Cache is empty
No joy. So I checked the config guide for unsupported commands, these are not listed.
Then I thought maybe it had to be on a layer 3 interface (g0/21 is layer 2) so I did "ip flow ingress" on an SVI, same results.
So then I checked feature navigatore for "Flexible Netflow - Top N Talkers Support". 12.2SE is not listed, but 15.0(2)SE is.
Questions:
- Is the existence of the commands in 12.2(58)SE just an oversight? Functionality seems to almost be there, just not quite.
- Does neflow need to be enabled on a layer 3 interface or will it work on layer 2 (assuming platform support of course)
Thanks,
-Jeff

Does your switch have a network services module installed?
Note Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image.

Cannot config "ip flow-top-talkers" on 7606-S

We have a router 7606-S is running IOS 12.2 (33r) SRD2 and Internet BGP protocol.
I tried to enable Flow Top Talkers on it to check Top 10 flow talkers.
1.configure interface:
Router(config-if)#ip flow ingress
2.configure
Router(config)#ip flow-top-talkers
but it shows:
Router((config)#ip flow-top-talkers
^
% Invalid input detected at '^' marker.
Router(config)#ip flow-?
flow-aggregation flow-cache flow-capture flow-egress flow-export
I then tried command
Router#show ip flow top-talkers
% Top talkers not configured
Can anyone advice if anything I miss please?
Thanks in advance.

Does your switch have a network services module installed?
Note Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image.

Cisco2821 - ip flow top talkers = cache is empty

Hi Everyone,
I've been fighting an issue with a 2821 router for some time now. I'm trying to pull the top talkers from an interface, however the cache is empty. I verified the configuration with a known working 2821 and the output for the interfaces are the same. Any help would be greatly appreciated!
NON-WORKING:::
interface GigabitEthernet0/0
description P2P Comcast NLAN to ENET
ip address 10.103.2.6 255.255.255.0
ip flow ingress
ip flow egress
duplex full
speed 100
interface GigabitEthernet0/1
description connect to JDR_3560_2
ip address 10.200.12.1 255.255.255.0
duplex auto
speed auto
interface Serial0/1/0
no ip address
shutdown
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
no ip http server
no ip http secure-server
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination 10.100.1.58 2055
ip flow-top-talkers
top 25
sort-by bytes
logging 10.100.1.17
logging 10.100.1.119
WORKING CONFIG:
interface GigabitEthernet0/0
description Comcast MetroEthernet CID: 54.VLXP.006454.CPLC
ip address 10.103.2.5 255.255.255.0
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
ip igmp query-interval 125
duplex full
speed 100
service-policy output WAN-EDGE
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/0
ip flow-export version 5
ip flow-export destination 10.100.6.111 2055
ip flow-export destination 10.100.1.58 2055
ip flow-top-talkers
top 30
sort-by bytes
ip mroute 0.0.0.0 0.0.0.0 10.103.2.240
logging 10.100.1.17
logging 10.100.1.40
logging 10.100.1.119

Hi,
I'm not a Netflow expert by let's try; config seems to be correct, could you post the output of
sh ip flow export
sh ip flow top-talker
sh ver
enrico

Show ip flow top-talkers

what happened to this command in the new IOS 15.1(1) with flexflow;
sh ip flow top-talkers...
Thanks,
Sinan

Hi Maicon,
Under "ip flow-top-talkers", you need to configure "sort-by" as it's required to run top-talkers command.
Yoong Seong

How to get Top Talkers on ASA ?

hi Friends,
We ahave ASA 5510 and 5520 @ our office. We are not using any netflow tools in order to get the talk talklers.
As this firewalls are shared firewall (used by different Projects), we are not able to get , which project is using more traffic and which is less.
Can someone help me out in this ?
Regards
Nirav Bhatt

I know this is an old thread, but I'm hoping this will come in handy for anyone doing a search.
All our 5505's and 5510's are on ASA 8.2(5) and didn't get some of the nicer "top 10" features that come with later versions. I always assumed it was due to the ASA version, but I built an ASA recently on 8.2(5) which has ASDM 7.1(2) on it and the pie charts for top talkers is there now.
I'm in the process of updating all our devices to ASDM 7.1(2) and it's given us a lot more visibility of the network.

"show ip flow top-talkers" output question

Hello all,
I have a question about the "show ip flow top-talkers" command. The top enry for this 1841 router with a T1 connection is always this line:
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes
Se0/1/0 64.32.253.138 Local 71.16.240.14 32 6EB0 306B 2366K
How do I get more information about this connection? I looked at ip protocol 32 and it says it is the MERIT Internodal Protocol. Also what does the bytes field mean? Is that bytes per second or per "flow"?

Hello,
protocol is 0x32 (in hex) = 50 (dec). This protocol is ESP. I assume, this flow is an IPSEC tunnel.
The endpoint is your device (regarding to dest interface = local). The "Bytes" field means number of
bytes in the flow. It is not releated to bytes/sec. Please, feel free to contact me if you need more
information.
Kind regards,
Jan Nejman
Caligare, co.
http://www.caligare.com/

6500 ip flow top-talkers

Hi All,
i would like to enable "ip flow-top-talkers" in 6500 in native mode.
this command is not supported in current version.
is there any alernative command or it won't support.
running ios is s72033-pk9sv-mz.122-18.SXD5.bin
Thanx in advance for the response.
Regards,
Rajesh

This command was introduced only from 12.2(25)S and this feature was integrated into 12.3(11)T. So,if you are using any lower version other than this,this command will not work at all.If possible,better download any of the above 2 versions from cisco website and upgrade your IOS.

Top level configuration

Hello,
I am newbie in the portal admninistration and I'd like to reorganize the top level navigation in the portal (containing for example the "Portal content" thumbnail + my custom roles).
I'd like to sort the 1st level by alphabetical order.
How can I do that?
Regards

Here is the link for sorting the navigation:
[Sort|http://help.sap.com/saphelp_nw70/helpdata/en/92/3e703e632c7937e10000000a114084/content.htm]
For Merging Navigation nodes and defining their sequence
[Merge|http://help.sap.com/saphelp_nw70/helpdata/en/53/89503ede925441e10000000a114084/content.htm]

Statistic collection Netflow and SNMP, peak, average

SNMP
We have an Orion device that is collecting via SNMP polls on hundreds of switches and routers. The collection for each device is about once every 15 minutes.
I am wondering how the data is represented on the graph, if the coellection only happens every 15 minutes.
Would the graphing tool just draw straight lines between the points fifteen minutes apart?
For example, if the collection is taken and the interface utilization is at 50% when taken, then utilization shoots up to 100% for fourteen minutes, then goes back down to 50% when the next poll is taken, will I totally miss the period of 100% utilization?
Do routers and switches have any type of SNMP buffer that will show the peaks that can be collected?
Does the "load-interval" comman on the interface affect this at all?
Netflow
We also have all devices sending information to a netflow collector. The collector is showing that the update is every minute.
Do routers and switches constantly send netflow information to the collector in real time?
The routers have top talkers configured on each interface:
ip flow top-talkers
top ten
sort-by bytes
cache-timeout 3600000
My understanding is that the cache-timeout in in milliseconds, which would be an hour.
Does this mean I can do "sh ip flow top-talkers" and the device will not update this information for an hour?
Also, how does this affect the information received ny the collector, if it does?

Create your own collection rule, to mirror the sample times, and what not. Look at the data from your rule vs the mp default rule. It probably has to do with the chart scale imho.
Regards, Blake Email: mengotto<at>hotmail.com Blog: http://discussitnow.wordpress.com/ If my response was helpful, please mark it as so, if it answered your question, then please also mark it accordingly. Thank you.

5505 - netflow style data??

I need to know if I can pull Netflow style data (Top Talkers, Top Sessions, etc) from ASA 5505s? We are looking at buying some but I need to be able to export this kind of data to my managment station which is also a collector. I have read on this forum that 8.2 and above should support Netflow but I have read conflicting information. Can anyone verify this for me? Also, if there are other options to get this information, I would like to know as well.
Thank you,

Hi Bro
Yes, Cisco ASA FW running on software image code 8.2 and above support netflow, but version 9 only. Hence, third party tools such as Solarwinds Real-Time Netflow Analyzer cannot be used here, as this tool supports Netflow version 5 only.
Cisco’s NetFlow collector doesn’t support Cisco ASA as stated in this link;
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html
For this reason, you might wanna look into ManageEngine Netflow Analyzer. This product supports Netflow version 9. Hence, you can configure your ASA to export NetFlow version 9 packets to this tool instead.
Cisco ASA configuration via ASDM for NetFlow can be seen from the below link;
http://blogs.manageengine.com/netflowanalyzer/2010/07/22/configuring-cisco-asa-netflow-via-asdm
Cisco ASA configuration via CLI for NetFlow can be seen from the below link;
https://supportforums.cisco.com/docs/DOC-6113
http://www.cisco.com/en/US/docs/security/asa/asa82/netflow/netflow.html
For further details on this subject, you could also refer to https://supportforums.cisco.com/thread/2071273
P/S: If you think this comment is useful, please do rate them nicely :-)

Netflow issue

whats the difference between ipbase ios and ipservices.
Even i updated the WS-C3750E-48TD-S with ip base on cisco switch and configured the swtich wiht net flow commands
ip net flow commands working fine but i am unable to see the packets from switch and unable to monitor the net flow.
interface Vlan1
ip route-cache flow
ip flow ingress
ip address 10.144.108.1 255.255.255.0
ip access-group TEST in
ip access-group TEST out
ip accounting output-packets
interface Vlan2
ip route-cache flow
ip flow ingress
ip flow egress
ip address 10.144.0.100 255.255.255.0
ip flow-export version 5
ip flow-export destination 10.144.108.212 2055
ip flow-top-talkers
top 50
sort-by packets
ip route 0.0.0.0 0.0.0.0 10.144.0.1
ip access-list extended TEST
permit icmp any any log
permit tcp any any log
permit udp any any log
permit ip any any log
l
snmp-server community private RW
snmp-server enable traps syslog
snmp-server host 10.144.108.212 version 2c private
snmp ifmib ifindex persist
whats the issue please help me out!

Re the image difference, here is a quote from the data sheet:
IP Base software includes advanced quality of service (QoS), rate limiting, access control lists (ACLs), Open Shortest Path First (OSPF) for routed access, and IPv6 functionality.
IP Services software provides a broader set of enterprise-class features, including advanced hardware-based IP Unicast and IP Multicast routing, as well as policy-based routing (PBR).
Re Netflow, I've never had good luck getting NetFlow from a L2/L3 switch other than a higher-end model with the hardware support - i.e., 4500 with Netflow Feature card, 6509 or 3750X with the Netflow network service module installed. I beleive the new 2960X models also have the necessary hardware support.
On other switches, the SVIs do not export the flow correctly even though the IOS allows you to enter the commands. I'm told it's due to hardware limitations as there need to be ASICs supporting the flow sampling. Reference.

Cannot get NAT & Firewall configured correctly.

Hi,
I have spent days reading and trying to get this to work with no luck.
I am trying to open port 3389 for RDP to an internal PC.
I am also trying to get a H.323 IP phone to communicate to the PBX. I have tried allowing all communications from my home office IP addrerss through the dialer1 interface, but still no go.
Info regarding the installation:
Cisco 880 Series Router
DSL service into the building - PPPoe Dialler1 Interface
VLAN1 - Internal Network 1 - Gateway 192.168.1.1
VLAN2 - Internal Network 2 (currently no devices on network) - Gateway 192.168.2.1
VLAN3 - Wireless Network - Gateway 192.168.3.1
PBX is on VLAN1 - 192.168.1.10
Current config:
show run
Building configuration...
Current configuration : 6141 bytes
! Last configuration change at 22:11:10 PCTime Sat Jan 3 2015 by nathan
version 15.2
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname BladePile
boot-start-marker
boot-end-marker
logging buffered 51200
enable secret 5 XXXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXXXXX
no aaa new-model
memory-size iomem 10
clock timezone PCTime 10 0
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-3103805736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3103805736
revocation-check none
rsakeypair TP-self-signed-3103805736
crypto pki certificate chain TP-self-signed-3103805736
certificate self-signed 01
XXX
quit
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.2.1 192.168.2.50
ip dhcp excluded-address 192.168.3.1 192.168.3.50
ip dhcp pool vlan1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 203.134.64.66 203.134.65.66
lease 7
ip dhcp pool vlan2
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 203.134.64.66 203.134.65.66
lease 7
ip dhcp pool vlan3
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 203.134.64.66 203.134.65.66
no ip bootp server
ip name-server 203.134.64.66
ip name-server 203.134.65.66
ip cef
no ipv6 cef
ipv6 spd queue min-threshold 30
ipv6 spd queue max-threshold 31
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn XXXXX
archive
log config
hidekeys
username XXXXX privilege 15 password 7 XXXXXXXXXXXXXXX
controller VDSL 0
ip tcp synwait-time 10
interface Ethernet0
description $ETH-WAN$
ip address dhcp client-id Ethernet0
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
shutdown
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
hold-queue 224 in
pvc 0/16 ilmi
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface FastEthernet0
switchport trunk allowed vlan 1-3,1002-1005
switchport mode trunk
no ip address
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
switchport access vlan 2
no ip address
spanning-tree portfast
interface FastEthernet3
switchport access vlan 3
no ip address
spanning-tree portfast
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
hold-queue 32 in
hold-queue 100 out
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly in
hold-queue 32 in
hold-queue 100 out
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly in
hold-queue 32 in
hold-queue 100 out
interface Dialer0
no ip address
no cdp enable
interface Dialer1
ip address negotiated
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXX
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip flow-top-talkers
top 10
sort-by bytes
ip nat inside source list 100 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.20 3389 interface Dialer1 22000
ip nat inside source static tcp 192.168.1.55 3389 interface Dialer1 22001
ip route 0.0.0.0 0.0.0.0 Dialer1
logging trap debugging
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny   ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip any any
access-list 103 deny   ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 deny   ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
exec-timeout 40 0
privilege level 15
password 7 XXXXXXXXXXXXXXXXXX
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 192.189.54.17
end

Thanks for the additional information which does clarify several things. I am glad that the RDP issue is resolved and that it was not a router issue.
It is helpful to know that the phones that are in vlan 1 are working. And it is not surprising that a phone at your home office accessing via the Internet is not working. The essence of the problem with the phone at the home office is what IP address does it attempt to access? The config that you posted shows that devices inside (which should include the phone system) are getting dynamic address translation. So it is not feasible for a device from outside to initiate traffic to an inside device. I would suggest that this is essentially the problem that you faced in trying to support RDP from outside. So the solution for your home office phone would be similar to the solution for RDP (but will be more complex because of the greater number of ports involved).
To answer your question about whether the ports can be opened only to one IP address depends on how the network in your home office is working. Does it ALWAYS have the same IP going to the Internet. If so then you could do a static translation for the ports specifying the source address and the destination address. If it is variable they you need to do the translation for any source address.
HTH
Rick

Netflow top-talkers configuration

Similar Messages

Maybe you are looking for