Reset Cisco IP phone in branch office
Hi,
I have remote side and I need to do factory reset to the phones there. How can i do remote factory reset on those phones without going there and do it manually?
Regards,
As Jaime mensions you may want to look at a 3rd Party application to send keypresses in bulk to IP Phones.
I suggest you have a look at PhoneView from UnifiedFX, it is a full endpoint management product that can interact with IP phones remotely in bulk.
Also, PhoneView recently passed Cisco IVT testing, which means PhoneView is now the only Cisco Compatible 3rd Party product for endpoint management.
This video provides an short introduction to PhoneView
http://youtu.be/HYwhKw7UAMY
Kind Regards.
Stephen Welsh
CTO
http://www.unifiedfx.com
Similar Messages
-
Which is better for Branch Office Cisco ASA or Cisco 1900 router for Branch Office?
Which is a better solution ?
Using ASA55XX or 1900 series router for WAN and Internet access for 25 - 100 users?Without knowing more about the environment and what the real requirements are, it is difficult to give a really good answer. If your main concern is effective stateful inspection of traffic entering and leaving the site then the ASA is optimized for that. If you want redundancy (active/active or active/standby) then the ASA is better for this. There are other potential requirements which may make the router the better choice:
- what is the connection to the Internet? If it is Ethernet then either ASA or router will do fine. But if it is something other than Ethernet then you may need the router.
- is there a need for services such as Policy Based Routing? These are available on the router and not on the ASA.
- is there a need for load balancing on outbound traffic? This is available on the router and not on the ASA.
- will there be a need to do routing on the inside network? The range of available options is wider on the router than on the ASA.
- is there a need to run a routing protocol with the Internet provider? The usual choice for this is BGP and that is available on router and not on ASA.
So consider these criteria as you make your choice. Or provide more detail about your environment and what your real requirements are and we may be able to give better advice.
HTH
Rick -
Cisco 7941G phones will not boot up after factory reset.
Cisco 7941G phones will not boot up after factory reset.
The following happens.
1. Speaker light lit (Green)
2. Phone displays a firmware upgrade page (see attachment) for a few minutes. (Doesn't seems to be upgrading, but it "saids" upgrading)
3. Saw Cisco logo with a Java Powered page.
4. The whole thing loops again and again...
I think the reason why the phone isn't booting up is because the phone needs to know where to find the configuration/firmware files from a tftp server. I do have a TFTP server, but normally I need to go in settings to change the alternative tftp server, but the thing is that now I can't even press the settings button...
Please help.How many phones were reset and upgrading at one time? What is the setting of the TFTP Maximum Serving Count (Advanced TFTP Service Parm) on each of the TFTP servers?
Sounds like too many devices trying to use TFTP at once. -
Cisco IP Phone 7912 reset to factory defaults
Hi to all
Please I ned some advice , I was try to reset to factory defaults a Cisco IP Phone 7912 and I was Ciscfailed .
Please can you help me ?
Thanks a lot !
Hugo BaezHi to all
Please I ned some advice , I was try to reset to factory defaults a Cisco IP Phone 7912 and I was failed .
Please can you help me ?
Thanks a lot !
Hugo Baez -
VPN Site-to-Site or VPN Client Server with Cisco IP Phone 8941 and 8945
Hi everyone,
I decide to deploy a CUCM (BE6K platform), SX20, and IP Phone 8941/8945 on Head Office and Cisco SX10 and IP Phone 8941/8945 for branch offices (actually 9 branch offices).
The connection will use internet connection for HO and each branch offices.
And the IT guy want to use kind a VPN client server or VPN site-to-site for the connection through internet,
what kind of VPN client server or VPN site-to-site that recommended for this deployment?
and what type of Cisco router that support that kind of VPN (the cheapest one will be great)?
So the SX10 and IP Phone 8941/8945 in branch offices can work properly through internet connection?
please advise
Regards,
OvindoHi Leo,
technically, the ipsec users will not use up any premium license seats, so if you have 10 ipsec users connecting first, the premium seats are still free and so you can then still have 10 phones/anyconnect users connect.
However, the 250 you mention is the global platform limit, so it refers to the sum of premium and non-premium connections. Or in other words, you can have 240 ipsec users and 10 phones, but not 250 ipsec users and 10 phones.
If 250 ipsec users and 10 phones would try to connect, it would be first-in, first-served, e.g. you could have 248 ipsec users and 2 phones connected.
Note: since you have Essentials disabled I'm assuming you are referring to the legacy "Cisco vpnclient" (IKEv1 client) which does not require any license on the ASA. But for the benefit of others reading this thread: if you do have Anyconnect clients (using SSL or IPsec/IKEv2) for which you currently have an Essentials license, then note that the Essentials and Premium license cannot co-exist. So for e.g. 240 Anyconnect users and no phones, you can use Essentials. For 240 Anyconnect users and 10 phones, you need a 250-seat Premium license (and a vpn phone license).
hth
Herbert -
Branch Office VOIPs do not register.
Hi:
I've been breaking my head on this for a few weeks and nothing seems to be working.
I have three PIX 515e, one at each office.
ALL VOIPs are Polycom 300IP phones.
We have a main office (called PB) with 15 VOIP phones.
We have a branch office (called JAX) with 2 VOIP phones.
We have a branch office (called JADE) with 2 VOIP phones.
All site VOIPs must register with a hosted PBX outside of all three offices (called TN).
All 15 VOIPs at PB are registering and working with TN.
Only one of two VOIPs at JAX is registering with TN.
No VOIPs at JADE are registering with TN.
VPN Tunnels are up and functioning between PB and JAX and PB and JADE. Able to ping both ways and users in both branch sites are able to map folders to our servers.
I have opened UDP 5060 (SIP) on all interfaces. It seems there is initial conversation between TN and JAX and JADE but receiving following errors at both branches.
Pre-allocate SIP for secondary channel blah blah blah and followed immediately with a
Teardown UDP connection blah blah blah
I have attached configs for all three PIX 515e boxes (edited for security).
Could somebody take a gander at this and help me out. I'm at a complete loss.
Thank you so much in advance and have a great day!Thank you for the feedback and suggestion GTG! I went ahead and posted it on the "security" bb and I'm going to look into SIP inspection.
Can you please MOVE this thread to the Security section and delete the duplicate post you've created?
Here's the link to your duplicate post: https://supportforums.cisco.com/thread/2260989 -
SPA8800 and SRST for small branch office?
Hi All,
Need some help. I have a central site that will be running Cisco BE 5000. I have a small branch office I would like to place IP phones in so we can just dial an extension to call each other. The branch will have its own connection to the PSTN with a couple of POTS lines from the phone company.
So I am wondering how I can connect branch and HQ for intra-office calling and let the branch office use their PSTN connection for their local calls. I would think I could place a gateway such as the SPA8800 in the branch and connect the PSTN lines to it.
My concern is, what happens if I lose the WAN connection between HQ and branch? Then the branch could not make any calls right? I know a little about SRST and how that solves the issue of losing WAN connection with the central Call Manager site, but I what I don't understand is SRST something that can run on a device like the SPA8800 or do I need an ISR router in the branch that can run SRST if I want the branch to be able to make phone calls without a connection to HQ?
Thanks for any help!u may but any plane wireless device and run it in bridge mode (shouldd run by default i beleive). Then connect one of its lan port to any one of the lan ports available on the DPC3829 thing.
you are correct in what you want to do, and it can be done no problem.
Regards
Please mark answer as correct if it helps. -
Cisco SIP Phone 9971 won't register on CME 8.6
Hello,
I'm facing a very strange problem:
a Cisco SIP Phone 9971 won't register on CME 8.6 running on a 2811
I have read all the related-postings to this and other Forum, but I have not been able to solve it.
One of the "potential solutions" was to make sure that the Phone had a Line configured.
But I think that the commands voice register dn and voice register pool are properly configured (see config below)
So frankly, I have no idea what I could be missing.
I'm pasting the Router's config.
I hope somebody is able to point me in the right direction.
Here is the config. Thank you!
C2811#sh run
Building configuration...
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname C2811
no aaa new-model
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 172.25.140.1 172.25.140.10
ip dhcp excluded-address 172.35.140.1 172.35.140.10
ip dhcp pool Data
network 172.25.140.0 255.255.255.0
default-router 172.25.140.1
option 150 ip 172.25.140.1
dns-server 172.25.140.1
ip dhcp pool Voice
network 172.35.140.0 255.255.255.0
default-router 172.35.140.1
option 150 ip 172.35.140.1
dns-server 172.35.140.1
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
voice service voip
allow-connections sip to sip
sip
registrar server expires max 3600 min 120
voice register global
mode cme
source-address 172.25.140.1 port 5060
max-dn 40
max-pool 42
load 9971 sip9971.9-4-1-9.loads
authenticate register
authenticate realm cisco
tftp-path flash:
create profile sync 0004820400584603
voice register dn 1
number 1010
allow watch
name Phone10
label Phone10
mwi
voice register pool 1
id mac 189C.5DB6.BD09
type 9971
number 1 dn 1
presence call-list
dtmf-relay rtp-nte
username adm password adm
call-forward b2bua busy 68600
codec g711ulaw
no vad
camera
video
voice-card 0
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1879153754
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1879153754
revocation-check none
rsakeypair TP-self-signed-1879153754
crypto pki certificate chain TP-self-signed-1879153754
certificate self-signed 01
(details ommited)
license udi pid CISCO2811 sn FTX1146A44H
username admin privilege 15 password 0 admin
redundancy
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.25
description Data VLAN
encapsulation dot1Q 25
ip address 172.25.140.1 255.255.255.0
interface FastEthernet0/0.35
description Voice VLAN
encapsulation dot1Q 35
ip address 172.35.140.1 255.255.255.0
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
tftp-server flash:P00308010200.bin
tftp-server flash:P00308010200.sbn
tftp-server flash:P00308010200.sb2
tftp-server flash:P00308010200.loads
tftp-server flash:SCCP42.9-3-1SR3-1S.loads
tftp-server flash:apps42.9-3-1ES19.sbn
tftp-server flash:cnu42.9-3-1ES19.sbn
tftp-server flash:cvm42sccp.9-3-1ES19.sbn
tftp-server flash:dsp42.9-3-1ES19.sbn
tftp-server flash:jar42sccp.9-3-1ES19.sbn
tftp-server flash:term42.default.loads
tftp-server flash:term62.default.loads
tftp-server flash:SCCP45.9-3-1SR3-1S.loads
tftp-server flash:apps45.9-3-1ES19.sbn
tftp-server flash:cnu45.9-3-1ES19.sbn
tftp-server flash:cvm45sccp.9-3-1ES19.sbn
tftp-server flash:dsp45.9-3-1ES19.sbn
tftp-server flash:jar45sccp.9-3-1ES19.sbn
tftp-server flash:term45.default.loads
tftp-server flash:term65.default.loads
tftp-server flash:/Ringtones/Ringlist.xml alias Ringlist.xml
tftp-server flash:/Ringtones/DistinctiveRingList.xml alias DistinctiveRingList.x
ml
tftp-server flash:sip9971.9-4-1-9.loads
tftp-server flash:kern9971.9-4-1-9.sebn
tftp-server flash:rootfs9971.9-4-1-9.sebn
tftp-server flash:dkern9971.100609R2-9-4-1-9.sebn
tftp-server flash:sboot9971.031610R1-9-4-1-9.sebn
tftp-server flash:skern9971.022809R2-9-4-1-9.sebn
tftp-server flash:/g4-tones.xml alias United_States/g4-tones.xml
tftp-server flash:/gd-sip.jar alias English_United_States/gd-sip.jar
control-plane
mgcp profile default
telephony-service
max-ephones 24
max-dn 48
ip source-address 172.25.140.1 port 2000
cnf-file location flash:
load 7960-7940 P00308010200
load 7942 SCCP42.9-3-1SR3-1S.loads
load 7945 SCCP45.9-3-1SR3-1S.loads
load 7962 SCCP42.9-3-1SR3-1S.loads
load 7965 SCCP45.9-3-1SR3-1S.loads
max-conferences 8 gain -6
dn-webedit
transfer-system full-consult
create cnf-files version-stamp 7960 Feb 11 2014 07:18:32
ephone-dn 1
number 1001
description Phone 1
name Phone 1
hold-alert 30 originator
ephone-dn 2
number 1002
description Phone 2
name Phone 2
hold-alert 30 originator
ephone-dn 3
number 1003
description Phone 3
name Phone 3
hold-alert 30 originator
ephone 1
device-security-mode none
mac-address 001C.58FB.6E0F
button 1:1
ephone 2
device-security-mode none
mac-address 0014.A981.7F8A
button 1:2
ephone 3
device-security-mode none
mac-address 0006.5356.A4B8
button 1:3
alias exec con conf t
alias exec sib show ip int brief
alias exec srb show run | b
alias exec sri show run int
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
scheduler allocate 20000 1000
ntp master 1
end
C2811#Thank you for your reply.
I did some debugs and the results are very strange!
This is what I got:
Feb 24 18:01:12.219: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 400 Bad Request
Via: SIP/2.0/UDP 172.35.140.12:5060;branch=z9hG4bK08011844
From: ;tag=189c5db6bd09000260cf3daf-289a76d1
To: ;tag=52488-160A
Date: Mon, 24 Feb 2014 18:01:12 GMT
Call-ID: [email protected]
CSeq: 1000 REFER
Content-Length: 0
Contact:
Feb 24 18:01:12.291: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
REGISTER sip:172.25.140.1 SIP/2.0
Via: SIP/2.0/UDP 172.35.140.12:5060;branch=z9hG4bK1e9ad079
From: ;tag=189c5db6bd0900032df02e9c-25d79707
To:
Call-ID: [email protected]
Max-Forwards: 70
Date: Fri, 01 Jan 1982 00:02:41 GMT
CSeq: 101 REGISTER
User-Agent: Cisco-CP9971/9.4.1
Contact: ;+sip.instance="
000000-0000-0000-0000-189c5db6bd09>";+u.sip!devicename.ccm.cisco.com="SEP189C5DB
6BD09";+u.sip!model.ccm.cisco.com="493";video
Supported: replaces,join,sdp-anat,norefersub,resource-priority,extended-refer,X-
cisco-callinfo,X-cisco-serviceuri,X-cisco-escapecodes,X-cisco-service-control,X-
cisco-srtp-fallback,X-cisco-monrec,X-cisco-config,X-cisco-sis-6.0.2,X-cisco-xsi-
8.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:22 Name=SEP189C5DB6BD09 ActiveLoad=sip99
71.9-4-1-9.loads InactiveLoad=sip9971.9-3-2SR1-1.loads Last=reset-reset"
Expires: 3600
Feb 24 18:01:12.395: voice_reg_get_reg_expires_timer: no voice register pool found
Feb 24 18:01:12.395: VOICE_REG_POOL: Register request for (1010) from (172.35.140.12)
Feb 24 18:01:12.395: VOICE_REG_POOL: Contact matches pool 1 number list 1
Feb 24 18:01:12.395: VOICE_REG_POOL: No entry for (172.35.140.12) found in srst contact table
Feb 24 18:01:12.395: VOICE_REG_POOL: key(1010) contact(172.35.140.12:5060) add to contact table
Feb 24 18:01:12.395: VOICE_REG_POOL: No entry for (1010) found in contact table
Feb 24 18:01:12.399: VOICE_REG_POOL: key(1010) contact(172.35.140.12) added to contact table
Feb 24 18:01:12.399: VOICE_REG_POOL: key(172.35.140.12) contact(1010) add to srst contact table
Feb 24 18:01:12.399: VOICE_REG_POOL: No entry for (172.35.140.12) found in srst contact table
Feb 24 18:01:12.399: VOICE_REG_POOL: key(172.35.140.12) contact(1010) added to srst contact table
Feb 24 18:01:12.399: VOICE_REG_POOL pool->tag(1), dn->tag(1), submask(1)
But right after these errors, I get the following:
Feb 24 18:01:12.399: VOICE_REG_POOL: Creating param container for dial-peer 4000
1.VOICE_REG_POOL pool->tag(1), dn->tag(1), submask(1)
VOICE_REG_POOL pool_tag(1), dn_tag(1)
Feb 24 18:01:12.399: VOICE_REG_POOL: Created dial-peer entry of type 0
Feb 24 18:01:12.399: VOICE_REG_POOL: Registration successful for 1010, registration id is 1
Feb 24 18:01:12.411: VOICE_REG_POOL: Contact matches pool 1 number list 1
Feb 24 18:01:12.411: VOICE_REG_POOL: GW SIS: X-cisco-cme-sis-1.0.0
Feb 24 18:01:12.411: VOICE REGISTER POOL-1 has registered.
Name:SEP189C5DB6BD09 IP:172.35.140.12 DeviceType:Phone
Feb 24 18:01:12.411: VOICE_REG_POOL: Pool[1]: service-control (reset type: 2) message sent to sip:[email protected]
Feb 24 18:01:12.411: voice_reg_privacy_update_to_phone: delay sending privacy update during bulk registration
Feb 24 18:01:12.415: //1/7B0070C28003/SIP/Msg/ccsipDisplayMsg:
====================
And when I do a sh voice register pool, I get the following:
C2811#sh voice register pool 1
Pool Tag 1
Config:
Mac address is 189C.5DB6.BD09
Type is 9971
Number list 1 : DN 1
Proxy Ip address is 0.0.0.0
Current Phone load version is Cisco-CP9971/9.4.1
DTMF Relay is enabled, rtp-nte
Call Waiting is enabled
DnD is disabled
Video is enabled
Camera is enabled
Busy trigger per button value is 0
call-forward b2bua busy 68600
keep-conference is enabled
registration expires timer max is 3600 and min is 120
username adm password adm
kpml signal is enabled
Lpcor Type is none
blf call list is enabled
Transport type is udp
service-control mechanism is supported
registration Call ID is [email protected]
Registration method: per line
Privacy feature is not configured.
Privacy button is disabled
active primary line is: 1010
contact IP address: 172.35.140.12 port 5060
Phone SIS Version: 6.0.2
GW SIS Version: 1.0.0
Dialpeers created:
Dial-peers for Pool 1:
dial-peer voice 40001 voip
destination-pattern 1010
session target ipv4:172.35.140.12:5060
session protocol sipv2
dtmf-relay rtp-nte
digit collect kpml
codec g711ulaw bytes 160
no vad
call-fwd-busy 68600
after-hours-exempt FALSE
Statistics:
Active registrations : 4
Total SIP phones registered: 1
Total Registration Statistics
Registration requests : 4
Registration success : 4
Registration failed : 0
unRegister requests : 0
unRegister success : 0
unRegister failed : 0
Attempts to register
after last unregister : 0
Last register request time : 18:11:43.551 UTC Mon Feb 24 2014
Last unregister request time :
Register success time : 18:11:43.551 UTC Mon Feb 24 2014
Unregister success time :
C2811#
So apparently the Phone is actually registered!
However, the Phone screens still shows this message: Phone Not Registered.
So frankly I don't understand what's going on!
I really hope somebody can help. Thanks! -
VPN CLient TO access HO through BRanch office
We have a branch office using cisco 1841 , which makes vpn to HO (ASA 5505)
, both (1841 and asa )have VPN CLient Configured .we need Branch office VPN software client users to Connect to HO netword.i have tried but iam missimg out some where. I've attached some configs of both devices.can any one help ASAP.Here is the URL for the Configuring and Managing Connection Entries for the VPN follow the steps for configuration which will help you :
http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015e271.html -
My computer crashed and I need to reset up my phone. I do not have a backup. Iphone 3 running software Version 4.2.1
After researching this, I understand that I will need to reload iTunes on a new computer, deactivate the prior computer and authorize the new computer with iTunes. I can then restore any apps and music purchased through iTunes. (Insert Question 1 Here.) Then Sync the phone with the new account, taking care to do it manually so as not to overwrite the information on the phone. This should restore the apps and music to my phone. (Insert Question 2 Here.) This process will not restore photos (Insert Question 3 Here.) I would like to over write my current phone calendar (start fresh remove all appointments) and have it sync with a different iTunes. (Insert Question 4 Here) .
Am I forgetting anything or misunderstanding anything? Thank You!
Question 1: Apple help states that you can download previous purchases directly to phone with iOS4.3.3. Then later states that iOS 5 or later is required for iPhone (CDMA Model). ON this page http://support.apple.com/kb/HT2519 I am still running Version 4.2.1 on my iPhone 3. Will this cause difficulty with restoring apps and music (purchased through iTunes) to my phone?
Question 2: What happens to data stored in the apps within the phone? Like password information stored in Splash ID, Files Stored in Air Sharing, or photos stored in a separate app (not the standard photo library)?
Question 3: Will the photos in my iPhone standard library be deleted when I sync? Does anyone know of a way to save them other than emailing them to the computer, prior to syncing?
Question 4: Is it possible to have my calendar and contacts sync at my office computer and have the other items sync to my personal home computer? How does that affect my restore process? I want to ensure the contacts are NOT deleted, but I want the calendar to be overwritten and start fresh.The software update process does not touch any user data or settings. Fact is, merely updating your software should not have deleted your contacts. Something else is going on here. First of all, the only signed firmware available for your phone is iOS 4.3. So, how were you able to update to iOS 4.2.1, since that is no longer available from Apple? First thing done when you update software is an iPhone backup. Included in that backup are your contacts. Connect your phone, iTunes running, DO NOT SYNC, right-click your phone in the left device pane & select "Restore from Backup". Select the backup made when you started to update your phone. Note: this will also install iOS 4.3 on your phone.
-
hi
we have firewall setup in our main office with following setup:
we are running DC on Windows 2008 Servers with MS Exchange 2010, lync 2010 and ip phone as well.
planning to setup AD replication to our branch offices for network drive access and group policy update; kindly advice on this.
Best Regards,
Ramesh TPHi
i think you mean about best practice topology.
First of all,you will add Additional Domain Controllers on your branch offices.Also This ADC will have DNS,DHCP role based.And will deploy a File server.
Important point is structure you want to build.
This is a detailed article about domain topologies, So please check this article about your questions;
https://msdn.microsoft.com/en-us/library/cc749945.aspx?=255&MSPPError=-2147217396 -
Hi,
Supposingly we have many branch offices with good internet speed but no dedicated bandwidth between individual locations.
We need to enable VoIP calling using Internet, can we use any skype product to tie all standalone EPABX system for branch office communications.
Can we have SIP trunks on skype gateway from each location and enable interoffice calling.
Please suggestHello Rahul,
I see you are asking about connecting your offices together for calling and comminucations.
Well, Connecting the offices together will require a Communication Server of some sort. Manufacturers like Nortel, Avaya, Cisco, and many others have these type of devices available to accomplish the "link" between your offices, as long as the equipment is all compliant with the Communication Server. I suggest you contact a local agent for these manufacturers and have them take a look at what you have. They will provide you with a quote to get you connected.
As for Skype, making and receiving calls is a snap for us. We provide these services 24/7. We can get you connected in miinutes and have you making cheap calls all day long. The cost just depends on where in the world you are calling. Our "minutes" bundles are very cost effective to use. And, all of your incoming calls are free. All you would need, would be a Skype Online Number, a Managed User for the Skype Clients that want to call you, and SIP Channels to connect to your PBX to talk on.
That's pretty much it. I hope this helps you in your research to get your offices connected and to start using Skype. I have provided a few links for you to look at below.
http://www.skype.com/intl/en-us/business/skype-connect/
http://www.skype.com/intl/en-us/business/skype-manager/
http://download.skype.com/share/business/guides/skype-connect-rates.pdf
http://skypeconnect.voxygen.com/#stage1
Thank You for considering Skype and using the Skype Community Forums.
Regards,
Victor S.
Skype Enterprise Support -
Branch Office CME design Verification
Hi All,
Please refer to the attached network diagram.
I need to verify this can be implemented and would work.
We have a branch office moving to a new location and they intend to keep their existing CME (for business reasons), provided by their local service provider with ISDN line for calls to the PSTN. This is managed by the service provider and we have no access to it. However we would like to grant them connectivity to the existing corporate voice network via an IP VPN connection, which shall be put in place soon. This will enable the branch make site to site calls within the corporate network
With a SIP trunk between the internal and external CME, I intend to make all the phones register with the Call Manager, however on the call manager , set a route pattern for calls going out to the PSTN from this branch back to the internal CME and this will then be matched by a SIP dial peer directing the call to the external CME out to the PSTN.
My worry is with the delay that might be introduced when making a PSTN call as the internal CME has to first contact the call manager in order to know where to send the call.
So my questions are as follows,
1. Is this solution feasible especially in terms of delay? If not,
2. Are there any other ways to achieve the same scenario
Thanks,
YomiAre the phones at the branch office going to register to the Internal CME? If so, all configuration for outbound dialing will be done on the Internal CME, not on UCM. ie. dial-peer on the Internal CME for outbound dialing. For phone connectivity back to UCM, you will have a SIP trunk between UCM and internal CME and that is perfectly acceptable. You "might" see some quality degradation but that is to be expected from Internet based WAN connectivity. If your RTT delay is greater than 150ms, then you might see some quality issues.
-
Branch office setup with L3 switch and router with IOS security
Hello,
I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
Any input would be appreciated.
Thanks,
AustinThanks for the input.
1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3.
3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid. -
New Branch Office - High Security
Hello
we plan to have 5 branch offices each with around 40 users. All branches will be in different geographical locations. Best Security needs to be implemented in all branches. All services email, SAP, Portals are hosted in the HeadOffice Datacenter. Each Branch will have dedicated internet 5MB for Voice and DATA
Guidelines for security -
ensure users cannot insert usb or cd on laptops /desktops
laptops/desktops are allowed to access restrictive internet from Office
Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
vendors proposed following ;-
3921 router for branch
ASA 5510 for branch
3945 router for HeadOffice ( VPN )
Filtering - Web Washer - Mcafee
Experts can advice what hardware will best fit on branches, what other devices I need to achieve the above goals
Thanks
VishalHello Vishal,
I would recommend the following:
For Branches:
1- Cisco : 2921 : Voice Licensed (you dont need a higher end above this series for 40 users).
2- Cisco ASA 5510: (This will be your Security appliance at each branch).
For Head Quarter:
1- Cisco ASA 5520: (This Will be Your HQ Security Appliance).
2- Cisco 3925 or 3945 router (Voice Licensed).
For Your Security Guidelines, here is my answers:
ensure users cannot insert usb or cd on laptops /desktops
FOr this purpose, you Can disable the administrative privelege on the Notebooks and PCs for All users and remove the software driver for thier USPs.
laptops/desktops are allowed to access restrictive internet from Office
FOr this Purpose, I would recommend using Cisco IronPort WebFiltering, it Can be easily Integrated with your Active Directory and Enforces all Filtering Policy you would require.
Outside Laptops / Tablets not allowed to connect to network but allowed internet via wireless using Guest
For this Purpose, I would recommend deploying Wireless LAN Controller at your HQ to have benefit and full advantage of managing your Wireless Infrastructure.
to access internet from home or Cafe users needs to connect to office VPN and then access from local Internet server (Proxy)
FOr this Purpose , I would also say Your Best Option is to have Remote Access VPN & (VPN Client) deployed at all employee's Notebook. Though, You Can have another Option which to have SSL-VPN deployed at your HQ, but this will have additional cost as its added value featured licensed per number of users.
Let me Know if this answers your Question Or if you require additional assistance.
Regards,
Mohamed
Maybe you are looking for
-
I want to add more songs, but I cannot figure out how to sync my iPod to actually transfer my mp3s. I had done it before, which is how I have most of my songs, but I don't know what I can do without totally erasing everyhing and starting over... Whic
-
JCO_COMMUNICATION_FAILURE
Can anybody explain the cause of this error and how to fix it? <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1"> <SAP:Category>XIServer</SAP:Category> <SAP:Code
-
Web layout in Illustrator CS4 and import to DreamWeaver
I'm much more comfortable working in Illustrator CS4 than in DreamWeaver CS4. I'd like to lay out my web pages in Illustrator and then transfer those layouts to DreamWeaver. Does anyone know of tutorial on how to do this, or have any suggestions o
-
Solution Manager and Content Server / KW
Hey guys, Im supposed to assess the advantages of using a content server instead of the database used by SolMan to store documents. Found some articles about connecting the content server but got confussed about the whole knowledge warehouse thing th
-
Adjustments for soft proofing to avoid washed out look
Hi, I've downloaded and installed my photo lab's printing profile. When I soft proof, everything looks washed out and lacks defnition. Blacks look gray and have little detail. Kind of an overall washed out look. I've tried adjusting contrast and satu