SIP connection Through PIX
Hi ,
i have a CISCO PIX Firewall running version Version 7.2(4)......
i want to know how many connection of SIP can be handled by PIX firewall. what is the default limit.
Actually we have a two setup of sip , one with Juniper firewall and one with pix different location. earlier i was facing issue with juniper that the Dialer not able to send call to user,
during troubleshooting i found that in Juniper there is ALG which have sip enabled with 64 maximum limit.. so i diabled and all calls working fine.
Now the question is voice vendor telling me the the same issue facing by user behind PIX Firewall.
Hi ,
i have a CISCO PIX Firewall running version Version 7.2(4)......
i want to know how many connection of SIP can be handled by PIX firewall. what is the default limit.
Actually we have a two setup of sip , one with Juniper firewall and one with pix different location. earlier i was facing issue with juniper that the Dialer not able to send call to user,
during troubleshooting i found that in Juniper there is ALG which have sip enabled with 64 maximum limit.. so i diabled and all calls working fine.
Now the question is voice vendor telling me the the same issue facing by user behind PIX Firewall.
Similar Messages
-
XPunlimited connection through Pix 506e
I have a Pix506e that I need to open port 3389 for remote connection to a Win2003 server that is running XPunlimited for 2003 Servers. I have searched the internet and have tried numerous different access list commands to try and make this work. What I'm looking for is a CCNE that can help me get this going and maybe look at my existing configuration file to tell me what isn't set up properly.
You bet....here it is
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password wVolyRqUC55O9Zpf encrypted
passwd wVolyRqUC55O9Zpf encrypted
hostname TOS
domain-name
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list nat0 permit ip 172.20.10.0 255.255.255.0 172.20.11.0 255.255.255.0
access-list acl-out permit tcp any interface outside eq pcanywhere-data
access-list acl-out permit udp any interface outside eq pcanywhere-status
access-list acl-out permit tcp any host eq pcanywhere-data
access-list acl_out permit udp any host eq 5631
access-list acl_out permit tcp any host eq pcanywhere-data
access-list acl_out permit udp any host eq pcanywhere-status
access-list acl_out permit tcp any host eq 3389
access-list acl_out permit udp any host eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 172.20.10.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 172.20.11.1-172.20.11.10
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nat0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) tcp interface pcanywhere-data 172.20.10.51 pcanywhere-da
ta netmask 255.255.255.255 0 0
static (inside,outside) udp interface pcanywhere-status 172.20.10.51 pcanywhere-
status netmask 255.255.255.255 0 0
access-group acl-out in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set vpn1 esp-des esp-md5-hmac
crypto dynamic-map dynmap 1 set transform-set vpn1
crypto map seabrook 1 ipsec-isakmp dynamic dynmap
crypto map seabrook interface outside
isakmp enable outside
isakmp nat-traversal 20
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 1000
vpngroup sclient address-pool vpnpool
vpngroup sclient split-tunnel nat0
vpngroup sclient idle-time 1000
vpngroup sclient password ********
telnet 172.20.10.0 255.255.255.0 inside
telnet timeout 5
ssh 24.61.165.168 255.255.255.248 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
terminal width 80 -
Sporadic SIP phone connectivity through MBR1515a
I have an IP phone (SIP) connected through the MBR1515a. It works fine for roughly 6 hours. At that point it loses connectivity with the phone system which is on the internet. Restarting the phone makes no difference. Forcing the phone to get a different IP address enables it to work. Rebooting the MBR1515a also works. Both of these things are getting tedious. Sometime the router starts passing UDP packets again spontaneously I have packet captures from both the phone and the phone system. No SIP packets are being forwarded from the phone through the router to the phone system. I can ping the phone system from a terminal window through the router. Any suggestions would be appreciated.
John,
Just to qualify the re-register concept:
- Re-registering the phone on the same ip address, either forcing a
re-register, or rebooting the phone (which generally results in the same
ip address being DHCP assigned, based on MAC Address match). This does
not resolve the issue.
- Changing the ip address of the phone, simply by making the ip address
static instead of DHCP assigned, and incrementing it by one low-order
octet, will always resolve the issue.
In my test area, I have a laptop assigned as the .2 address, the router
is .1, and the phone starts off as .3, each time I have to increment the
phone's ip address I increase to .4, .5 etc. I haven't tried going back
to .3 however, which would be interesting.
A couple of wrinkles in attempting to isolate this issue are:
- On some occasions, the phone re-registers spontaneously (on the same
ip address) with no outside intervention some time later, where time is
measured in quanties of 10 minutes to 2 hours. For some reason, the
router decides to pass the register packet.
- the phone has now been registered for > 24 hours, which is
frustrating. I may have to reset back to DHCP to make it happen again.
I may have gotten the attention of VZW support, which makes me really
want to have a concise problem description, pcap files, etc.
I have another phone sitting next to it, configured the same, going out
over a Cradlepoint router with an analogous 4g modem. that's been
connected for 6 months. I've swapped phones a couple of times, and the
problem stays with the VZW router.
That's where it stands at present. Thanks for your review... It keeps me
honest and opens up new things to try
ronb-netweave-signature
Ron Byer Jr.
NetWeave Integrated Solutions, Inc.
+1 732.786.8830 x120
[email protected] -
Vpn connected to Pix but no Internet Access after connection
Hi,
We have just changed over our firewall to a Pix 515. The VPN Client (4.6) has been set up and remote users can connect ok and authenticate using Windows IAS. However, once they connect to the VPN they can no longer surf the internet. Our support company are saying that this is impossible because it can cause spoofing. Is this really impossible on the Pix? Is there a way that the remote user can surf the internet via their local connection when connected on the VPN?
Many thanks for looking.
PJ.Hello,
It is possible to connect through Cisco VPN client while keep using the internet. You have to use something called Split Tunneling. Below you can find a link how to configure split tunneling:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172787.html
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
Hope this helps,
Appreciate your rating,
Regards, -
Client connecting through firewall
Hi
We have two clustered servers.Our client is connecting through
firewall NAT. When iam connect to first server the response is very slow and
at the same time clustering is not working.If i stop the second server the
response fast .
The same configaration is working fine when my client is local.
Can you explain the reason for this problem ?
Presently iam using weblogic 6.1 version.
Thank you
OK I spoke too soon. The user looked like it was working but it was working because it matched another IAS policy further down the list. It seems as though the PIX refuses to use ms-chap of any sort. If I include the authentication type in the VPN policy conditions as ms-chap, it skips the VPN policy I am using to authenticate this. If I remove it, then it gives an invalid authentication type as if whatever the PIX is sending the IAS server does not understand as ms-chap.
It seems like the PIX authentication is totally wrong for use with IAS. What else do I need to add to this configuration to gewt it to work with ms-chap of any kind? I really don't get it. -
CME 7.1 with SCCP 7940G phones and SIP connection to a VOIP provider - inbound outbound fails
Here's a quick and dirty diagram of a CME 7.1 configuration. The phone can all call each other but something is not quite right with the SIP provider. The registrar and SIP registration pieces are working but most of the configuration examples that I've seen make me think that the CME router was being used as the edge device to the internet. From my drawing, you can see that is not the case here. My edge device is a Cisco ASA5505 with 9.2.x software running. I might be missing something in the SIP gateway knowledge department. Without diving into the configuration, I'm wondering if SIP messages are failing for calls because of NAT'ing? Trying to do searches has been tricky because I keep running into information that is more about setting up CME for SIP phones or just getting SIP to work between CME and a SIP provider. I have that part working. I'm just a bit unsure about how an SCCP 7940G gets an outbound call or even gets one to come in.
When I dial from my cell phone to the pilot number, there are no rings, it just goes to the VOIP provider's voice mail. When I try to dial out, I get a fast busy.
So, is NAT a consideration? Will the SIP gateway set up a call (forward) via the pre-established SIP connection? Yeah, I do sound like a newb.
If anyone has good information about, let's say, an inbound call and how that traffic flow works.
Thanks!Have you configured your ASA to either NAT the IP address of the CME router or to do port forwarding for port 5060?
-
Problem with socket connection through Java Embedding...
We are trying to create a simple socket connection to a socket server through BPEL PM using the Java Embedding component.
BPEL Process : Client makes an asynchronous request. Passes an input variable. The input variable is sent to the Server Program through a socket connection through the Java embedding component.
Server: We are running a simple Socket Server program from command prompt.
The code below works fine as long as we do not try to receive a response from the server (Commented Code).
If we uncomment the code and try to receive a response, it refuses to create an instance for the BPEL Process. And sometimes restarts the BPEL Server.
Client Code:
String msg="NONE";
try{
org.w3c.dom.Element input = (org.w3c.dom.Element) getVariableData("inputVariable","payload","/client:clientProcessRequest/client:input");
msg = input.getNodeValue();
Socket clientsoc=new Socket("ServerIP",1000);
PrintWriter out1=new PrintWriter(clientsoc.getOutputStream());
out1.write(msg);
out1.flush();
BufferedReader cin1=new BufferedReader(new InputStreamReader(clientsoc.getInputStream()));
msg=cin1.readLine();
setVariableData("outputVariable","payload","/client:result",new String(msg));
clientsoc.close();
catch(UnknownHostException e)
System.err.println("Don't know about host: dev.");
System.exit(1);
catch (IOException e)
System.err.println("Couldn't get I/O for "+ "the connection to: dev.");
System.exit(1);
}Repost
-
cannot get iPad to connect to WiFi because I can't find the password-and now i can't get the iPad to reset to be able to connect through iTunes--help
cannot get iPad to connect to WiFi because I can't find the password-and now i can't get the iPad to reset to be able to connect through iTunes--help
-
Help I purchased an ipad yesterday I am using internet connection through a wired up netgear router through my pc.Since then I cannot open my hotmail emails or access my online banking on wired pc and the navigator on ipad not working.
I would appreciate help I followed all directions that Orange provided with netgear routerSomething here may help
http://www.apple.com/uk/support/ipad/contact/
pick a subject from left hand panel
and this
http://manuals.info.apple.com/en_US/ipad_user_guide.pdf -
I have been able to get my MacBook Pro to print wirelessly through my Airport device. How do I make it so other computers (non-Mac) can also print wirelessly as well? They are able to connect through my wireless network but can't print.
Well, you could install the drivers to the wireless printer in you other computers.
blue apple > System Preferences... > sharing
check printer sharing. -
How can i airplay from my mac connected through ethernet to an aple tv 2 on wifi
Hi everyone..
im having troubles using Airplay on my mac.. i connect my mac to the internet and home network using an ethernet connection to my router (non apple branded router) .. my apple tv 2 is connected to my home wifi network from the same router.. when i first set up my apple tv.. i was able to see the Airplay icon on itunes and it would let me Airplay media from my mac to my apple tv.. however.. it disconnects after a little while.. same thing with viewing my itunes library from apple tv.. i was able to detect my shared library from the apple tv.. i was able to play some media but then it disconnected after some time.. but now.. the Airplay icon doesnt show up in itunes anymore.. and i cant see my shared library from my apple tv neither.. ive looked around for a solution and followed the tip to turn the ipv6 off.. it worked for some time but now the problem is back..
i know the obvious solution is to connect my mac to the same wireless network as my apple tv.. but i would like to keep it connected through ethernet..
Mac OS X Lion 10.7.4
Apple TV 2 software version 4.4.4
Thanks in advancethisguy. wrote:
......i know the obvious solution is to connect my mac to the same wireless network as my apple tv.. but i would like to keep it connected through ethernet.........
I wouldn't say that was the obvious answer at all, my Mac is connected by ethernet and 6 of my 7 Apple TV's are connected by wifi, I haven't had any of your problems. The problem is most likely on your network.
Intermittent problems
Intermittent problems are often a result of interference. Interference can be caused by other networks in the neighbourhood or from household electrical items.
You can download and install iStumbler (NetStumbler for windows users) to help you see which channels are used by neighbouring networks so that you can avoid them, but iStumbler will not see household items.
Refer to your router manual for instructions on changing your wifi channel or adjusting your multicast rate.
There are other types of problems that can affect networks, but this is by far the most common, hence worth mentioning first. Networks that have inherent issues can be seen to work differently with different versions of the same software. You might also try moving the Apple TV away from other electrical equipment.
Consistent Problems
A frequent cause of consistent failure to enable AirPlay or HomeSharing at all, is the service being blocked on the network. Make sure your network isn't hidden, has a unique name, that MAC address authentication is disabled, security is set to use WPA 2 Personal and that there is only one router/device acting as a DHCP server and providing NAT services.
Make sure your router/computer allows access over the following ports
Port
Type
Protocol
Used By
80
TCP
HTTP
AirPlay
443
TCP
HTTPS
AirPlay
554
TCP/UDP
RTSP
AirPlay
3689
TCP
DAAP
iTunes/AirPlay
5297
TCP
Bonjour
5289
TCP/UDP
Bonjour
5353
TCP/UDP
MDNS
Bonjour/AirPlay
49159
UDP
MDNS (Win)
Bonjour/AirPlay
49163
UDP
MDNS (Win)
Bonjour/AirPlay
Refer to your router manual/manufacturer for any settings that are specific to that model.
Another frequent cause of consistent failure to enable AirPlay or HomeSharing at all, is security software, in many cases configuring it correctly, disabling it or even uninstalling it can help, but in some cases the security software can cause problems that simply reconfiguring, disabling or uninstalling cannot reverse.
If you are consistently unable to activate AirPlay, have tried all the steps in this article and have security software installed on your system, you might benefit from contacting its provider or participating in any online forums they run to discuss the matter with them. -
My IPOD and Macbook Pro both will not connect to the Itunes store through Itunes says no internet connection, but I can connect through safari and I have a internet connection
As I mentioned above, I am not very tech savvy so I have no idea why a wireless protocol would be showing up there, I'm just listing everything I see in hopes that someone might know something I can try. This is why I am asking for help here - I'm not sure what has happened that has made me unable to connect, especially since it seemingly occured while nobody was using the computer.
I guess I should clarify that I'm not a total hillbilly- normally my firewall is set to 'on', but I set it to 'off' to try and troubleshoot the issues here as I was told that sometimes it can interfere with the computer's ability to connect to the internet. If this is not the case and firewall does not affect anything, I will turn it back on while I try to fix this.
I have tried the method you mentioned above a few times - I actually contacted my ISP earlier this week and they recommended resetting the router like that. They didn't mention any known network issues. -
I can print from my macbook pro using airport express usb connected printer, however my iPad and iphone are looking for an airprint printer. Can I direct the iPad/iphone to the usb connected printer. Macbook iphone and iPad confirm a wifi connection through the airport express.
You will need to install an App like Print Central on the iPad to try to print to the printer. It will allow you to print to most printers. Check with their support folks if you need more info.
PrintCentral for iPad on the iTunes App Store -
I have an airport express extending, through wireless, a network provided by an airport extreme. How can I know which clients are connected to my network through express and which are connected through extreme?
Here you can see both routers:
I would expect to some clients connected to the express, other than the extreme. And that's all I see: only the airport extreme appears as client of the airport express.
Below, one can see the summary of the config for both routers.
Would somebody explain it?
Thanks,
Marcelo
Message was edited by: Marcelãoplease disregard this answer.
Message was edited by: Marcelão -
Getting Creative Zen player to connect through amarok [SOLVED]
Edited 12-27 to include new info
I'm trying to get myCreative Zen player to connect through amarok but am having some problems. After some looking around I figured out the libmtp in the extra repository doesn't support this player, but the newest versions do. I made a new package for libmtp-0.2.4 and installed it since there's been some tweaks that affect this player since 0.2.2 which is in testing. I also had to recompile amarok since one of libs changed a name with the new libmtp. The instructions from libmtp mentioned udev rules needed to be defined, which was done by copying a file from the source code into /etc/udev/rules.d. That file (minus the parts relating to other players, which is pretty much the same as here):
# UDEV-style hotplug map for libmtp
# Put this file in /etc/udev/rules.d
ACTION!="add", GOTO="libmtp_rules_end"
ATTR{dev}!="?*", GOTO="libmtp_rules_end"
SUBSYSTEM=="usb", GOTO="libmtp_usb_rules"
# The following thing will be deprecated when older kernels are phased out.
SUBSYSTEM=="usb_device", GOTO="libmtp_usb_device_rules"
GOTO="libmtp_rules_end"
LABEL="libmtp_usb_rules"
# Creative ZEN 8GB
ATTR{idVendor}=="041e", ATTR{idProduct}=="4157", SYMLINK+="libmtp-%k", MODE="666"
GOTO="libmtp_rules_end"
LABEL="libmtp_usb_device_rules"
# Creative ZEN 8GB
ATTRS{idVendor}=="041e", ATTRS{idProduct}=="4157", SYMLINK+="libmtp-%k", MODE="666"
GOTO="libmtp_rules_end"
LABEL="libmtp_rules_end"
When I plug the player to my usb port dmesg gives
usb 5-1: new high speed USB device using ehci_hcd and address 8
usb 5-1: configuration #1 chosen from 1 choice
As my normal user amarok doesn't seem to recognize anything, and mtp-detect gives:
libmtp version: 0.2.4
Attempting to connect device(s)
usb_claim_interface(): Operation not permitted
LIBMTP PANIC: Unable to initialize device 1
LIBMTP PANIC: configure_usb_devices() error code: 7 on line 1561
Detect: There has been an error connecting. Exiting
As root mtp-detect gives me a bunch of output that seems like it's doing what it should, also while it's spitting this out the screen on the player changes to say it's docked, which wasn't happening as the normal user. This makes me think it's some permissions issue. I did find things from google telling me that sometimes the user needs to be added to a certain group to use libmtp, though it seemed somewhat distro dependent. My main user is in the following groups: dbus hal network audio optical storage scanner camera users thinkpad
However I don't think my problems are solely permission related, since even as root amarok won't recognize the player. I can use gnomad2 as root, which mostly works, though it crashes when I try and close gnomad after adding music and the player thinks it's still docked even after unplugging it. I had to use a pin to reset it just to turn it off. When I ran it from a console I got the following output at the end after the crash
PTP: Closing session
ERROR: Could not close session!
inep: usb_get_endpoint_status(): Protocol error
outep: usb_get_endpoint_status(): No such device
usb_clear_halt() on IN endpoint: No such device
usb_clear_halt() on OUT endpoint: No such device
usb_clear_halt() on INTERRUPT endpoint: No such device
The application 'gnomad2' lost its connection to the display :0.0;
most likely the X server was shut down or you killed/destroyed
the application.
Any suggestions for where to go from here?
Last edited by mcmillan (2008-01-11 05:38:14)I tried uploading onto my school website, but it doesn't seem accessable from there. However I just modified the version number from the regular Pkgbuild file from abs. What I have is:
# $Id: PKGBUILD,v 1.8 2007/05/20 19:11:05 travis Exp $
# Maintainer: damir <[email protected]>
#Contributor: Kevin Edmonds <[email protected]>
pkgname=libmtp
pkgver=0.2.4
pkgrel=1
pkgdesc="library implementation of the Media Transfer Protocol"
arch=("i686" "x86_64")
url="http://libmtp.sourceforge.net"
license=("LGPL")
depends=("libusb")
source=(http://easynews.dl.sourceforge.net/sourceforge/libmtp/$pkgname-$pkgver.tar.gz)
options=('!libtool')
#md5sums=('597b62d994d9491531b9e67190f6cfe7')
build() {
cd $startdir/src/$pkgname-$pkgver
./configure --prefix=/usr
make || return 1
make DESTDIR=$startdir/pkg install
If you still have trouble building it let me know some other way than that I can send you the package.
I've been meaning to post an update about my issues. I've figured out that when I connect the player it creates device nodes with the root group. Some have permissions set to 666, which seems to fit with the udev rules I posted. But some of them are only rw for owner and group, others only have read permissions. As a test I tried changing the permissions by hand to 666, and I can use gnomad as my regular user, though it's buggy and seems to crash randomly (not just when I transfer files like I originally thought). I haven't been able to test what amarok does, since for some reason it stopped working this weekend and I haven't had a chance to figure out what happened. It seems there some problem with the udev rules, but I don't know much about how that works to figure out what's going wrong.
Maybe you are looking for
-
Error while creating datasource from table MBEWH
Hi all, I am facing an error message while creating datasource from table MBEWH "Invalid extract structure template MBEWH of DataSource "; This operation failed, because the template structure quantity fields or currency fields, for example, field LB
-
EventOpen action play results in error when adding scripting parameters
Hi all, I have a setup that involves two plugins: A file format plugin which I've made scripting-aware and takes one parameter and, An automation plugin that opens a number of files of this format and which passes the parameter to the first plugin. F
-
Download of big tables ( 50000 rows)
Hello, i could not download CSV files from an interactive report if the results are very big, the same happens if i try to 'data unload' in text format. The downloads breaks after a while and my browser shows: connection interrupted. I use Apex 3.1 o
-
Using iLife '09 with 10.4... does any of it work?
I was about to pre-order iLife '09. I can use it on my MBP and iMac; they're both Leopard, but my wife still uses 10.4.11 on her MacBook. Will any components work for her? She's most interested in iPhoto. Thanks!
-
Film does not appear in Itunes Library
Itunes crashed during playback of a movie and now after a restarting both Itunes and my computer separately the film does not appear in my library. I (probably me being silly) cannot seem to find a method of re-downloading the product even though th