Site to Site calling issue - Cisco 2911 Dial Peer Configuration
My customer dials from remote site to main site to their main site number, the call by-passes their auto attendant and goes directly to any random available party.
At first fingers were pointing to the their PBX, however we noticed one of their sites that wasn't managed by our company did not have the issue. We cut that site over to our service and the issue started right up. I believe it is possibly due to the way the dial peers are configured and how the calls route into the PBX. Unfortunately I do not understand much about them and curious to know if anyone has any history on a issue similiar to this or any input whatsoever?
Cisco equipment/Dialpeer config below ........
co IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2) - Cisco CISCO2911/K9
dial-peer voice 100 voip
description --- VoIP Dial-Peer ---
translation-profile outgoing 7digit
huntstop
preference 1
service session
destination-pattern .T
progress_ind setup enable 3
session protocol sipv2
session target sip-server
incoming called-number .T
voice-class codec 99
dtmf-relay rtp-nte
fax-relay ecm disable
fax rate 14400
fax nsf 000000
ip qos dscp af41 signaling
no vad
dial-peer voice 150 voip
permission none
description 900 block
huntstop
destination-pattern 1900T
session protocol sipv2
session target sip-server
voice-class codec 99
dtmf-relay rtp-nte
ip qos dscp af41 signaling
no vad
dial-peer voice 151 voip
permission none
description 900 block
huntstop
destination-pattern 900T
session protocol sipv2
session target sip-server
voice-class codec 99
dtmf-relay rtp-nte
ip qos dscp af41 signaling
no vad
dial-peer voice 101 pots
description --- INCOMING Calls from PBX ---
incoming called-number .T
direct-inward-dial
dial-peer voice 1001 pots
description --- Calls to the PBX ---
preference 3
destination-pattern .T
port 0/0/1:23
forward-digits 4
Here is some ISDN debug information
BAD CALL
Protocol Profile = Networking Extensions
0xA11C0201420201008014484152545F20484F54454C535F434C4159544F4E
Component = Invoke component
Invoke Id = 66
Operation = CallingName
Name Presentation Allowed Extended
Name = XXXXXXXXXXX
Display i = ''XXXXXXXXXXX''
Calling Party Number i = 0x2180, ''XXXXXXXXXX''
Plan:ISDN, Type:National
Called Party Number i = 0x80, ''6551''
Plan:Unknown, Type:Unknown
Aug 19 16:10:47.242 GMT: ISDN Se0/0/1:23 Q931: RX <- ALERTING pd = 8 callref = 0xAB15
Channel ID i = 0xA98381
Exclusive, Channel 1
Aug 19 16:11:02.634 GMT: ISDN Se0/0/1:23 Q931: RX <- CONNECT pd = 8 callref = 0xAB15
Channel ID i = 0xA98381
Exclusive, Channel 1
Aug 19 16:11:02.634 GMT: ISDN Se0/0/1:23 Q931: TX -> CONNECT_ACK pd = 8 callref = 0x2B15
GOOD CALL
Protocol Profile = Networking Extensions
0xA116020144020100800E475245454E204D4F554E5441494E
Component = Invoke component
Invoke Id = 68
Operation = CallingName
Name Presentation Allowed Extended
Name = XXXXXXXXXXXXXXXXXX
Display i = ''XXXXXXXXXXX''
Calling Party Number i = 0x2180, ''XXXXXXXXXX''
Plan:ISDN, Type:National
Called Party Number i = 0x80, 'XXXX''
Plan:Unknown, Type:Unknown
Aug 19 16:15:07.999 GMT: ISDN Se0/0/1:23 Q931: RX <- ALERTING pd = 8 callref = 0xAB17
Channel ID i = 0xA98381
Exclusive, Channel 1
I done the configration via CCA and the running conf i can see two voip dial peer. this is the site where all trunk line roured. Customer from other site2 needs to call outside by taking line from site1.
dial-peer voice 2100 voip
corlist incoming call-internal
description **CCA*INTERSITE inbound call to SITE 1
translation-profile incoming multisiteInbound
incoming called-number 82...
voice-class h323 1
dtmf-relay h245-alphanumeric
fax protocol cisco
no vad
dial-peer voice 2101 voip
corlist incoming call-internal
description **CCA*INTERSITE outbound calls to SITE2
translation-profile outgoing multisiteOutbound
destination-pattern 81...
session target ipv4:192.168.50.1
voice-class h323 1
dtmf-relay h245-alphanumeric
fax protocol cisco
no vad
no dial-peer outbound status-check pots
Similar Messages
-
Can't establish a Voice gateway (cisco 2911) using SIP with CUCM 9.1
I have configured a Cisco 2911 as a Voice Gateway using SIP (the configuration is attached), but unfortunately can't establish a test call to a phone (CUPC 8.6 SCCP) using csim start. I have done logging the ccsip debug and ccapi debug and attached them. Could anyone help me to solve this problem?
I just did some research on my end and csim is not supported for SIP. The Invite will never be created and sent to the CUCM to initate the call. It disconnects in the router itself with normal cause.
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPIOutgoingCallSDP:
Could not create source SDP for Outgoing Call
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/sipSPICreateOutboundSDP:
Error in creating an SDP for the outbound call - Check for supported codecs
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Error/preprocessSetup:
Error during outbound SDP creation
*Apr 18 08:58:48.086: //40/7D08458F8077/SIP/Info/sipSPIInitiateDisconnect: Initiate call disconnect(16) for outgoing call
Please use an actual call to test your dial-peer and integration with call manager. csim will not work.
Hantale
Sree -
How to configure a virtual dial-peer destination pattern?
There is a virtual dial peer, 22501, that is configured with a destination pattern. When that call comes in the (H323) gateway from the PRI, it, of, course fails. There is a voip dial peer, 301, of 8345.... which it's supposed to hit. But the virtual dial peer is a specific match. How do I take that destination pattern off of dial peer 22501? I can't get in the dial peer like the other, normal, dial peers? I get "invalid command" when trying. Need help getting it out.
301 voip up up 8345.... 0 syst ipv4:10.208.11.251
89900- voip up up 0 syst 000
98765- voip up up 0 syst 4
91919- voip up up 0 syst 191
92929- voip up up 0 syst 292
22501 pots up up 83452342$ 0 50/0/1
22502 pots up down 1 50/0/2
22503 pots up down 0 50/0/3Hi Anthony,
The voice-ports start from 50/0/x created when we configure an ephone-dn on the CME.
Since, i do not see any CME configuration on your gateway, that means you must be using this as SRST.
When IP phones registered on the CUCM loose connectivity, and they register to SRST, these voice ports and dial-peer are dynamically created. And the extension on the IP phone is automatically configured at destination pattern.
Please check if this IP phone(with extension 83452342) is still registered in the SRST mode.
If not, then probably the dynamic configuration has not been washed out completely.
There is no way you can enter in these dial-peer configuration and remove it.
At the moment, you need to reload the gateway to remove this configuration.
Hope this helps.
~Amit -
Cisco site to site vpn issue,
HI, i am trying to configure site to site VPN on a cisco 2911 router.
I am unable to get the tunnel up, after some research i have narrowed down the cause to NAT or default route.
Can someone help me
I have posted mt config below
Router Config
Router#s
*Jun 3 20:05:05.474: %SYS-5-CONFIG_I: Configured from console by consoleh run
Building configuration...
Current configuration : 5499 bytes
! Last configuration change at 15:05:05 PCTime Tue Jun 3 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable password XXXXX
no aaa new-model
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
ip dhcp pool TEST
network 192.168.x.x 255.255.255.0
default-router 192.168.x.x
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 10
network 192.168.xxx.xx 255.255.255.0
default-router 192.168.xxx.xx
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 1
network 10.100.xx.xx 255.255.255.0
default-router 10.100.xx.xx
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 2
network 10.100.xxx.xx 255.255.255.0
default-router 10.100.xxx.xx
dns-server 64.71.255.198 64.71.255.204 8.8.8.8
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-1282495617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1282495617
revocation-check none
rsakeypair TP-self-signed-1282495617
crypto pki certificate chain TP-self-signed-1282495617
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323832 34393536 3137301E 170D3133 31303031 31393032
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383234
39353631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2E9 568B0B30 1BE35F55 BAF6F8C5 2525E808 23930CD9 81602A70 DAFAE355
35C7D946 DA8CB688 C1844F02 7AE8864D 80EE3355 27A7B1DC FA5329A0 2B44E434
478EFC47 7D92D8E7 46D6DA4B 5D477D90 E81AC837 3F62DE48 0D0937A0 286FE963
6D2F5DC8 0A2B70EC 5A9F5E3F 47D2A08F EC0A10BC 713507AD F24E042E 94CFB70D
47B30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14735FD7 7A1F7322 CE6A9645 7C73633D D8ED8915 77301D06
03551D0E 04160414 735FD77A 1F7322CE 6A96457C 73633DD8 ED891577 300D0609
2A864886 F70D0101 05050003 81810095 433FC9D1 464A9129 6C02E492 19963992
8A9C1549 A71F3E96 F89F4FE9 AAC3A748 1393CED4 8CEC5D99 71C5455F 5DE834D7
CB4B08A2 276C9DA5 012FAEE2 7EB921E9 4B42DCEA FCD1D04E 2C2C6633 D20D1BDB
133F7B0F ADEB7212 95C88B50 EB3D2854 C1BA8DD1 43B6BD3C C96C3E12 CF7025D1
12E1ACE9 D76791A5 96E88A28 CDCF3B
quit
license udi pid CISCO2911/K9 sn FGL173011EB
username admin privilege 15 password 0 XXXXXX
username rahul privilege 15 password 0 XXXXXXX
username xxxx privilege 15 secret 4 VWq946KBE6gESOmM2hYcakgfruaB4GfVtlGBulc8F7k
redundancy
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
policy-map sdm-qos-test-123
class class-default
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 55
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxx address 198.161.xxx.xxx
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set OES esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
mode tunnel
crypto map tunnel 100 ipsec-isakmp
set peer 198.161.xxx.xxx
set transform-set OES
match address 101
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 69.17.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
crypto map tunnel
interface GigabitEthernet0/1
description WEEE.LOCAL
ip address 10.100.xx.xx 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output CCP-QoS-Policy-1
interface GigabitEthernet0/2
description voip
ip address 10.100.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/0 overload
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip nat inside source list 99 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 69.17.xxx.xxx
access-list 1 permit 10.100.xx.xx 0.0.0.255
access-list 2 permit 10.100.xxx.xxx 0.0.0.255
access-list 10 permit 192.168.xxx.xx 0.0.0.255
access-list 99 permit 192.168.x.x 0.0.0.255
access-list 101 permit ip 10.100.xxx.xxx 0.0.0.255 10.252.xxx.xxx 0.0.0.255
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXX
login
transport input all
scheduler allocate 20000 1000
End
Router#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Router#sh crypto map
Crypto Map IPv4 "tunnel" 100 ipsec-isakmp
Peer = 198.161.xxx.xxx
Extended IP access list 101
access-list 101 permit ip 10.100.xxx.xxx 0.0.0.255 10.252.xxx.xxx 0.0.0.255
Current peer: 198.161.xxx.xxx
Security association lifetime: 4608000 kilobytes/86400 seconds
Responder-Only (Y/N): N
PFS (Y/N): N
Transform sets={
OES: { esp-aes 256 esp-sha-hmac } ,
Interfaces using crypto map tunnel:
GigabitEthernet0/0
Router#show crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: tunnel, local addr 69.17.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (10.100.xxx.xxx/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.252.xxx.xxx/255.255.255.0/0/0)
current_peer 198.161.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 69.17.xxx.xxx, remote crypto endpt.: 198.161.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:Thanks, i will apply those changes today after work and see if i can get the tunnel up.
I did some changes to the config last night, out of frustration. i decided to use Cisco configuration profession which ran performed debugging on the tunnel and added some nat rules and Access-lists. the tunnel is till not up.
I will post the new config below
Router#sh run
Building configuration...
Current configuration : 6615 bytes
! Last configuration change at 11:49:56 PCTime Wed Jun 4 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable password XXX
no aaa new-model
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
ip dhcp pool TEST
network 192.168.XX.XX 255.255.255.0
default-router 192.168.AA.AA
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 10
network 192.168.XXX.XXX 255.255.255.0
default-router 192.168.XXX.XXX
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 1
network 10.100.XX.XX 255.255.255.0
default-router 10.100.XX.XX
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 2
network 10.100.XXX.XXX 255.255.255.0
default-router 10.100.XXX.XXX
dns-server 64.71.255.198 64.71.255.204 8.8.8.8
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-1282495617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1282495617
revocation-check none
rsakeypair TP-self-signed-1282495617
crypto pki certificate chain TP-self-signed-1282495617
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323832 34393536 3137301E 170D3133 31303031 31393032
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383234
39353631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2E9 568B0B30 1BE35F55 BAF6F8C5 2525E808 23930CD9 81602A70 DAFAE355
35C7D946 DA8CB688 C1844F02 7AE8864D 80EE3355 27A7B1DC FA5329A0 2B44E434
478EFC47 7D92D8E7 46D6DA4B 5D477D90 E81AC837 3F62DE48 0D0937A0 286FE963
6D2F5DC8 0A2B70EC 5A9F5E3F 47D2A08F EC0A10BC 713507AD F24E042E 94CFB70D
47B30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14735FD7 7A1F7322 CE6A9645 7C73633D D8ED8915 77301D06
03551D0E 04160414 735FD77A 1F7322CE 6A96457C 73633DD8 ED891577 300D0609
2A864886 F70D0101 05050003 81810095 433FC9D1 464A9129 6C02E492 19963992
8A9C1549 A71F3E96 F89F4FE9 AAC3A748 1393CED4 8CEC5D99 71C5455F 5DE834D7
CB4B08A2 276C9DA5 012FAEE2 7EB921E9 4B42DCEA FCD1D04E 2C2C6633 D20D1BDB
133F7B0F ADEB7212 95C88B50 EB3D2854 C1BA8DD1 43B6BD3C C96C3E12 CF7025D1
12E1ACE9 D76791A5 96E88A28 CDCF3B
quit
license udi pid CISCO2911/K9 sn FGL173011EB
username admin privilege 15 password 0 XXXXXXXXX
username rahul privilege 15 password 0 XXXXXXXXXXX
username XXXX privilege 15 secret 4 VWq946KBE6gESOmM2hYcakgfruaB4GfVtlGBulc8F7k
redundancy
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
policy-map sdm-qos-test-123
class class-default
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 55
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXX address 198.161.XXX.XXX 255.255.255.248
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set OES esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
mode tunnel
crypto map tunnel 100 ipsec-isakmp
set peer 198.161.XXX.XXX
set transform-set OES
match address 101
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 69.17.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
crypto map tunnel
interface GigabitEthernet0/1
description WEEE.LOCAL
ip address 10.100.AA.AA 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output CCP-QoS-Policy-1
interface GigabitEthernet0/2
description voip
ip address 10.100.XXX.XXX 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 69.17.AAA.AAA
access-list 1 remark CCP_ACL Category=16
access-list 1 permit 10.100.AA.AA 0.0.0.255
access-list 2 remark CCP_ACL Category=16
access-list 2 permit 10.100.XXX.XXX 0.0.0.255
access-list 10 remark CCP_ACL Category=16
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 99 remark CCP_ACL Category=16
access-list 99 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 100 permit ip 10.100.AA.AA 0.0.0.255 any
access-list 101 permit ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 102 remark CCP_ACL Category=2
access-list 102 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 102 permit ip 10.100.XXX.XXX 0.0.0.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 103 permit ip 192.168.XXX.XXX 0.0.0.255 any
access-list 104 remark CCP_ACL Category=2
access-list 104 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 104 permit ip 192.168.XX.XX 0.0.0.255 any
route-map SDM_RMAP_4 permit 1
match ip address 104
route-map SDM_RMAP_1 permit 1
match ip address 100
route-map SDM_RMAP_2 permit 1
match ip address 102
route-map SDM_RMAP_3 permit 1
match ip address 103
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXX
login
transport input all
scheduler allocate 20000 1000
end -
Calling issue with Cisco 7937 conference station
Hi Friends,
I am facing issue wiht Cisco 7937 conference station, our customer have various branch offices accross the world. All branches are connected over MPLS through service provider( SIP service provider) . there is a centralized CUCM and remote office have SIP Voice gateways .
When making calls from once remote site to another using Cisco 6921 phones calls working fine
When making calls from once remote site to another using Cisco 7937 conference station to make call any phone at remote office, calls are getting disconneted, remote phone rings when calls, but its gets fast busy tone when other party picks up the phone and not able to talk.
I suspect the issue with Codec but we have configured transcoders in VG and registered with CUCM
Please help me if any one experience such issue earlier.
Regards
Sivahi Basant,
1. Actually tow phones A and B are registerd with centralized CUCM, A and B are located in two different locations, RTP traffic between And B pass through service provider.
Call Flow --> Phone A ---->CUCMRouterpattern--> SIP trunk ----> Voice gateway--->Service provider cloud---> Respective Voice Gateway---> CUCM -- Phone B
Show Run
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.27 15:14:52 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 12139 bytes
! Last configuration change at 06:35:59 UTC Tue Feb 25 2014
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname eucamvgw01
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M5.bin
boot-end-marker
card type e1 0 0
logging buffered 51200 warnings
no logging console
no aaa new-model
no network-clock-participate wic 0
no ipv6 cef
ip source-route
ip traffic-export profile cuecapture mode capture
bidirectional
ip cef
ip multicast-routing
ip domain name drreddys.eu
ip name-server 10.197.20.1
ip name-server 10.197.20.2
multilink bundle-name authenticated
stcapp ccm-group 2
stcapp
stcapp feature access-code
stcapp feature speed-dial
stcapp supplementary-services
port 0/1/0
fallback-dn 5428025
port 0/1/1
fallback-dn 5428008
port 0/1/2
fallback-dn 5421462
port 0/1/3
fallback-dn 5421463
isdn switch-type primary-net5
crypto pki token default removal timeout 0
voice-card 0
dsp services dspfarm
voice call send-alert
voice call disc-pi-off
voice call convert-discpi-to-prog
voice rtp send-recv
voice service voip
ip address trusted list
ipv4 10.198.0.0 255.255.255.0
ipv4 152.63.1.0 255.255.255.0
address-hiding
allow-connections sip to sip
no supplementary-service h225-notify cid-update
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
fax-relay ans-disable
sip
rel1xx supported "track"
privacy pstn
no update-callerid
early-offer forced
call-route p-called-party-id
voice class uri 100 sip
host 41.206.187.71
voice class codec 10
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 ilbc
codec preference 4 g729r8
codec preference 5 g729br8
voice class codec 20
codec preference 1 g729br8
codec preference 2 g729r8
voice moh-group 1
moh flash:moh/Panjo.alaw.wav
description MOH G711 alaw
multicast moh 239.1.1.2 port 16384 route 10.198.2.9
voice translation-rule 1
rule 1 /^012237280\(..\)/ /54280\1/
rule 2 /^012236514\(..\)/ /54214\1/
rule 3 /^01223651081/ /5428010/
rule 4 /^01223506701/ /5428010/
voice translation-rule 2
rule 1 /^00\(.+\)/ /+\1/
rule 2 /^0\(.+\)/ /+44\1/
rule 3 /^\([0-9].+\)/ /+\1/
voice translation-rule 3
rule 1 /^9\(.+\)/ /\1/
rule 2 /^\+44\(.+\)/ /0\1/
rule 3 /^\+\(.+\)/ /00\1/
voice translation-rule 4
rule 1 /^54280\(..\)/ /12237280\1/
rule 2 /^54214\(..\)/ /12236514\1/
rule 3 /^\+44\(.+\)/ /\1/
rule 4 /^.54280\(..\)/ /12237280\1/
rule 5 /^.54214\(..\)/ /12236514\1/
voice translation-rule 9
rule 1 /^\(....\)/ /542\1/
voice translation-rule 10
voice translation-rule 11
rule 1 /^\+44122372\(....\)/ /542\1/
rule 2 /^\+44122365\(....\)/ /542\1/
voice translation-rule 12
voice translation-rule 13
rule 1 /^\([18]...\)/ /542\1/
voice translation-rule 14
voice translation-profile MPLS-incoming
translate calling 10
translate called 9
voice translation-profile MPLS-outgoing
translate calling 11
translate called 12
voice translation-profile PSTN-incoming
translate calling 2
translate called 1
voice translation-profile PSTN-outgoing
translate calling 4
translate called 3
voice translation-profile SRST-incoming
translate calling 14
translate called 13
license udi pid CISCO2921/K9 sn FGL145110RE
hw-module ism 0
hw-module pvdm 0/0
username administrator privilege 15 secret 5 $1$syu5$DsxdOgfS7Wltx78o4PV.60
redundancy
controller E1 0/0/0
ip tcp path-mtu-discovery
ip scp server enable
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description internal LAN
ip address 10.198.2.9 255.255.255.0
duplex auto
speed auto
interface ISM0/0
ip unnumbered GigabitEthernet0/0
service-module ip address 10.198.2.8 255.255.255.0
!Application: CUE Running on ISM
service-module ip default-gateway 10.198.2.9
interface GigabitEthernet0/1
description to TATA NGN
ip address 115.114.225.122 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet0/2
description SIP Trunks external
ip address 79.121.254.83 255.255.255.248
ip access-group SIP-InBound in
ip traffic-export apply cuecapture size 8000000
duplex auto
speed auto
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
shutdown
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.198.2.1
ip route 10.198.2.8 255.255.255.255 ISM0/0
ip route 41.206.187.0 255.255.255.0 115.114.225.121
ip route 77.37.25.46 255.255.255.255 79.121.254.81
ip route 83.245.6.81 255.255.255.255 79.121.254.81
ip route 83.245.6.82 255.255.255.255 79.121.254.81
ip route 95.223.1.107 255.255.255.255 79.121.254.81
ip route 192.54.47.0 255.255.255.0 79.121.254.81
ip access-list extended SIP-InBound
permit ip host 77.37.25.46 any
permit ip host 83.245.6.81 any
permit ip host 83.245.6.82 any
permit ip 192.54.47.0 0.0.0.255 any
permit icmp any any
permit ip host 95.223.1.107 any
deny ip any any log
control-plane
voice-port 0/1/0
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/1
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/2
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/3
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
no ccm-manager fax protocol cisco
ccm-manager music-on-hold bind GigabitEthernet0/0
ccm-manager config server 152.63.1.19 152.63.1.100 172.27.210.5
ccm-manager sccp local GigabitEthernet0/0
ccm-manager sccp
mgcp profile default
sccp local GigabitEthernet0/0
sccp ccm 10.198.2.9 identifier 3 priority 3 version 7.0
sccp ccm 152.63.1.19 identifier 4 version 7.0
sccp ccm 152.63.1.100 identifier 5 version 7.0
sccp ccm 172.27.210.5 identifier 6 version 7.0
sccp
sccp ccm group 2
bind interface GigabitEthernet0/0
associate ccm 4 priority 1
associate ccm 5 priority 2
associate ccm 6 priority 3
associate ccm 3 priority 4
associate profile 1002 register CFB_UK_CAM_02
associate profile 1001 register XCODE_UK_CAM_02
associate profile 1000 register MTP_UK_CAM_02
dspfarm profile 1001 transcode
codec ilbc
codec g722-64
codec g729br8
codec g729r8
codec gsmamr-nb
codec pass-through
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 18
associate application SCCP
dspfarm profile 1002 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
dspfarm profile 1000 mtp
codec g711alaw
maximum sessions software 200
associate application SCCP
dial-peer cor custom
name SRSTMode
dial-peer cor list SRST
member SRSTMode
dial-peer voice 100 voip
description *** Inbound CUCM ***
translation-profile incoming PSTN-incoming
incoming called-number .
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 500 voip
description *** Inbound TATA MPLS ***
translation-profile incoming MPLS-incoming
session protocol sipv2
session target sip-server
incoming called-number ....
incoming uri from 100
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 510 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 54[013-9]....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 520 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 5[0-35-9].....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 200 voip
description *** Inbound M12 *** 01223651081, 01223651440 - 01223651489
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 0122365....
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 201 voip
description *** Inbound M12 *** 012237280XX
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 012237280..
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 202 voip
description *** Inbound M12 *** 01223506701
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 01223506701
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 210 voip
description *** Outbound M12 ***
translation-profile outgoing PSTN-outgoing
destination-pattern +...T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 211 voip
description *** Outbound ISDN for SRST and emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 9.T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 212 voip
description *** Outbound ISDN for emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 11[02]
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 2000 voip
description *** Outbound to CUCM Primary ***
preference 1
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.19
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2001 voip
description *** Outbound to CUCM Secondary ***
preference 2
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.100
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2002 voip
description *** Outbound to CUCM Teritiary ***
preference 3
destination-pattern 542....
session protocol sipv2
session target ipv4:172.27.210.5
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 999010 pots
service stcapp
port 0/1/0
dial-peer voice 999011 pots
service stcapp
port 0/1/1
dial-peer voice 999012 pots
service stcapp
port 0/1/2
dial-peer voice 999013 pots
service stcapp
port 0/1/3
sip-ua
no remote-party-id
gatekeeper
shutdown
call-manager-fallback
secondary-dialtone 9
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 10.198.2.9 port 2000
max-ephones 110
max-dn 400 dual-line no-reg
translation-profile incoming SRST-incoming
moh flash:/moh/Panjo.ulaw.wav
multicast moh 239.1.1.1 port 16384 route 10.198.2.9
time-zone 22
time-format 24
date-format dd-mm-yy
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 131
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
scheduler allocate 20000 1000
ntp server 10.1.30.1
end
eucamvgw01#
Sh SCCP
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.03.03 17:57:44 =~=~=~=~=~=~=~=~=~=~=~=
SCCP Admin State: UP
Gateway Local Interface: GigabitEthernet0/0
IPv4 Address: 10.198.2.9
Port Number: 2000
IP Precedence: 5
User Masked Codec list: None
Call Manager: 10.198.2.9, Port Number: 2000
Priority: 3, Version: 7.0, Identifier: 3
Call Manager: 152.63.1.19, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 4
Trustpoint: N/A
Call Manager: 152.63.1.100, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 5
Trustpoint: N/A
Call Manager: 172.27.210.5, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 6
Trustpoint: N/A
MTP Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1000
Reported Max Streams: 400, Reported Max OOS Streams: 0
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Transcoding Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1001
Reported Max Streams: 36, Reported Max OOS Streams: 0
Supported Codec: ilbc, Maximum Packetization Period: 120
Supported Codec: g722r64, Maximum Packetization Period: 30
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: gsmamr-nb, Maximum Packetization Period: 60
Supported Codec: pass-thru, Maximum Packetization Period: N/A
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
Conferencing Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1002
Reported Max Streams: 16, Reported Max OOS Streams: 0
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070080
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070081
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070082
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070083
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
eucamvgw01# -
Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: endThanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
Desc: (none)
Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help. -
Don't know what I've done wrong, all I can think of is update firefox in the past few months. I use Malwarebytes and bitdefender. I also have Stinger installed. Nothing is picking up a hijacker or anything. However, everyday...when I use firefox (only browser I use) I do a search through the google add on, and the results show up. I click on the one I want, and about 1 out of 5 times a site called "infomash" pops up. I hit back, click on the same result...and I get what I wanted. NOTHING will detect this!
All of a sudden tonight, I've been searching things for a video game. Looking where to find a gun for the game. CLEARLY state the name of the game and everything in the google search.
I click on this link: (Not actual link, but search result above it)
http://fallout.wikia.com/wiki/Xuanlong_assault_rifle
And it takes me to this link!
http://www.brownells.com/
I hit the back button, click on the link search result above again....and that time it takes me to the right one.
I don't play games on this pc, don't have several things installed. Mainly just use it for email (don't download hardly anything from email), facebook, amazon, ebay, and work.This is indeed caused by a virus - and that I'm 99.99% sure (beware of the 0.01% though) - I've searched some forums around and it really seems to be malware.
Edit: Be sure to update your current paid antivirus and to perform an on-demand scan before buying another.
You're gonna need other security tools to test this, since your infection is probably TDSS or others. These kinds of malware tend to install more malware, that installs more malware, and so on.
Your best bet here is a paid antivirus, but there are more antivirus in this world that you haven't tried, such as,
[http://www.safer-networking.org ],
[http://www.spywareterminator.com] ,
[http://www.microsoft.com/security/malwareremove/default.aspx]
If none of these work, I'd highly recommend a paid antivirus (this is a potential rootkit, not exactly the easiest thing to detect)
Good antivirus to choose from:
-TrustPort*
-GDATA*
-Kaspersky
-AVIRA
-F-Secure -ESET
-BitDefender (the one you own) -eScan
Antiviruses marked with * are partially based on BitDefender, and it might be best to look into others.
(in order of my personal recommendation in terms of detection-it might not be worth anything and it doesnt account for speed of scanning)
There are some free tools that have been "claimed" to solve this issue.
BEWARE: THESE TOOLS ARE A MERE PART OF RESEARCH AND ARE NOT ENDORSED BY MOZILLA. USE AT YOUR OWN RISK.
[http://support.kaspersky.com/viruses/solutions?qid=208280684]
[http://forums.majorgeeks.com/showthread.php?t=182559]
That took long to write!
Thanks for asking. -
%ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510
Hi Friends,
I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
Error in CISCO VPN Client Software:
Secure VPN Connection Terminated locally by the client.
Reason : 414 : Failed to establish a TCP connection.
Error in CISCO ASA 5510
%ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
ASA Configuration:
XYZ# sh run
: Saved
ASA Version 8.4(4)
hostname XYZ
domain-name XYZ
enable password 3uLkVc9JwRA1/OXb level 3 encrypted
enable password R/x90UjisGVJVlh2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside_rim
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet0/1
duplex full
nameif XYZ_DMZ
security-level 50
ip address 172.1.1.1 255.255.255.248
interface Ethernet0/2
speed 100
duplex full
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.252
interface Ethernet0/3
speed 100
duplex full
nameif inside
security-level 100
ip address 3.3.3.3 255.255.255.224
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa844-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
domain-name XYZ
object network obj-172.17.10.3
host 172.17.10.3
object network obj-10.1.134.0
subnet 10.1.134.0 255.255.255.0
object network obj-208.75.237.0
subnet 208.75.237.0 255.255.255.0
object network obj-10.7.0.0
subnet 10.7.0.0 255.255.0.0
object network obj-172.17.2.0
subnet 172.17.2.0 255.255.255.0
object network obj-172.17.3.0
subnet 172.17.3.0 255.255.255.0
object network obj-172.19.2.0
subnet 172.19.2.0 255.255.255.0
object network obj-172.19.3.0
subnet 172.19.3.0 255.255.255.0
object network obj-172.19.7.0
subnet 172.19.7.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.0.0
object network obj-10.2.0.0
subnet 10.2.0.0 255.255.0.0
object network obj-10.3.0.0
subnet 10.3.0.0 255.255.0.0
object network obj-10.4.0.0
subnet 10.4.0.0 255.255.0.0
object network obj-10.6.0.0
subnet 10.6.0.0 255.255.0.0
object network obj-10.9.0.0
subnet 10.9.0.0 255.255.0.0
object network obj-10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network obj-10.12.0.0
subnet 10.12.0.0 255.255.0.0
object network obj-172.19.1.0
subnet 172.19.1.0 255.255.255.0
object network obj-172.21.2.0
subnet 172.21.2.0 255.255.255.0
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.255.0
object network obj-10.19.130.201
host 10.19.130.201
object network obj-172.30.2.0
subnet 172.30.2.0 255.255.255.0
object network obj-172.30.3.0
subnet 172.30.3.0 255.255.255.0
object network obj-172.30.7.0
subnet 172.30.7.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-10.19.130.0
subnet 10.19.130.0 255.255.255.0
object network obj-XXXXXXXX
host XXXXXXXX
object network obj-145.248.194.0
subnet 145.248.194.0 255.255.255.0
object network obj-10.1.134.100
host 10.1.134.100
object network obj-10.9.124.100
host 10.9.124.100
object network obj-10.1.134.101
host 10.1.134.101
object network obj-10.9.124.101
host 10.9.124.101
object network obj-10.1.134.102
host 10.1.134.102
object network obj-10.9.124.102
host 10.9.124.102
object network obj-115.111.99.133
host 115.111.99.133
object network obj-10.8.108.0
subnet 10.8.108.0 255.255.255.0
object network obj-115.111.99.129
host 115.111.99.129
object network obj-195.254.159.133
host 195.254.159.133
object network obj-195.254.158.136
host 195.254.158.136
object network obj-209.164.192.0
subnet 209.164.192.0 255.255.224.0
object network obj-209.164.208.19
host 209.164.208.19
object network obj-209.164.192.126
host 209.164.192.126
object network obj-10.8.100.128
subnet 10.8.100.128 255.255.255.128
object network obj-115.111.99.130
host 115.111.99.130
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.0.0
object network obj-115.111.99.132
host 115.111.99.132
object network obj-10.10.1.45
host 10.10.1.45
object network obj-10.99.132.0
subnet 10.99.132.0 255.255.255.0
object-group network Serversubnet
network-object 10.10.1.0 255.255.255.0
network-object 10.10.5.0 255.255.255.192
object-group network XYZ_destinations
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 10.11.0.0 255.255.0.0
network-object 10.12.0.0 255.255.0.0
network-object 172.19.1.0 255.255.255.0
network-object 172.19.2.0 255.255.255.0
network-object 172.19.3.0 255.255.255.0
network-object 172.19.7.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.3.0 255.255.255.0
network-object 172.16.2.0 255.255.255.0
network-object 172.16.3.0 255.255.255.0
network-object host 10.50.2.206
object-group network XYZ_us_admin
network-object 10.3.1.245 255.255.255.255
network-object 10.5.33.7 255.255.255.255
network-object 10.211.5.7 255.255.255.255
network-object 10.3.33.7 255.255.255.255
network-object 10.211.3.7 255.255.255.255
object-group network XYZ_blr_networkdevices
network-object 10.200.10.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
access-list acl-outside extended permit ip any host 172.17.10.3
access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
access-list acl-outside extended permit tcp any any eq 10000
access-list acl-outside extended deny ip any any log
pager lines 10
logging enable
logging buffered debugging
mtu outside_rim 1500
mtu XYZ_DMZ 1500
mtu outside 1500
mtu inside 1500
ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
nat (inside,outside) source dynamic obj-10.8.108.0 interface
nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
object network obj-172.17.10.3
nat (XYZ_DMZ,outside) static 115.111.99.134
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
crypto dynamic-map dyn1 1 set reverse-route
crypto map vpn 1 match address XYZ
crypto map vpn 1 set peer XYZ Peer IP
crypto map vpn 1 set ikev1 transform-set vpn1
crypto map vpn 1 set security-association lifetime seconds 3600
crypto map vpn 1 set security-association lifetime kilobytes 4608000
crypto map vpn 2 match address NE
crypto map vpn 2 set peer NE_Peer IP
crypto map vpn 2 set ikev1 transform-set vpn2
crypto map vpn 2 set security-association lifetime seconds 3600
crypto map vpn 2 set security-association lifetime kilobytes 4608000
crypto map vpn 4 match address ML_VPN
crypto map vpn 4 set pfs
crypto map vpn 4 set peer ML_Peer IP
crypto map vpn 4 set ikev1 transform-set vpn4
crypto map vpn 4 set security-association lifetime seconds 3600
crypto map vpn 4 set security-association lifetime kilobytes 4608000
crypto map vpn 5 match address XYZ_global
crypto map vpn 5 set peer XYZ_globa_Peer IP
crypto map vpn 5 set ikev1 transform-set vpn5
crypto map vpn 5 set security-association lifetime seconds 3600
crypto map vpn 5 set security-association lifetime kilobytes 4608000
crypto map vpn 6 match address Da_VPN
crypto map vpn 6 set peer Da_VPN_Peer IP
crypto map vpn 6 set ikev1 transform-set vpn6
crypto map vpn 6 set security-association lifetime seconds 3600
crypto map vpn 6 set security-association lifetime kilobytes 4608000
crypto map vpn 7 match address Da_Pd_VPN
crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
crypto map vpn 7 set ikev1 transform-set vpn6
crypto map vpn 7 set security-association lifetime seconds 3600
crypto map vpn 7 set security-association lifetime kilobytes 4608000
crypto map vpn interface outside
crypto map vpn_reliance 1 match address XYZ_rim
crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
crypto map vpn_reliance 1 set security-association lifetime seconds 3600
crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
crypto map vpn_reliance interface outside_rim
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 enable outside_rim
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28000
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.8.100.0 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy XYZ_c2s_vpn internal
username testadmin password oFJjANE3QKoA206w encrypted
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXXtype ipsec-l2l
tunnel-group XXXXXXXXipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XYZ_c2s_vpn type remote-access
tunnel-group XYZ_c2s_vpn general-attributes
address-pool XYZ_c2s_vpn_pool
tunnel-group XYZ_c2s_vpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ip-options
service-policy global_policy global
privilege show level 3 mode exec command running-config
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command crypto
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
: end
XYZ#Thanks Javier.
But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
access-list ACL-RA-SPLIT standard permit host 10.10.1.3
access-list ACL-RA-SPLIT standard permit host 10.10.1.13
access-list ACL-RA-SPLIT standard permit host 10.91.130.201
access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key sekretk3y
username ra-user1 password passw0rd1 priv 1
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key *********
username ******* password ******** priv 1
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto map vpn interface outside
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
group 1
lifetime 3600 -
I use a web site called ACRIS- it allows me to access NYC Finance dept records- specifically images of deeds. Up until yesterday I had no problem. Then without any apparent reason I could access all parts of the site, but could not access the deed images. First I thought it was a problem on their end, which sometimes happens, but after waiting 24 hours I was still having the problem. Then I tried windows explorer and it worked without any problem. How do I fix this?
Hi jeffbeal,
First question I would ask is what has changed recently? Did you add any new extensions or add-ons?
I'd try starting Firefox in [[Safe Mode]]. If you don't have the issue while all of your add-ons, extensions, and themes are disabled, you can try adding them back in one by one until you find the culprit. You should look at the [https://support.mozilla.org/en-US/kb/Troubleshooting-extensions-themes Extensions and Themes troubleshooting guide ] and the [[Troubleshooting plugins]] article as well.
Hopefully this helps! -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
Cisco 2911 Voice Gateway SIP PSTN Calls Fail
Hello All,
I am having trouble with outboud SIP PSTN calls through a Cisco 2911 Voice Gateway. 2911 VG terminates PSTN SIP Traffic and connects to Avaya CS1000M via QSIG PRI Trunks. When calls are attempted outbound fron the PBX the caller gets a fast busy. Debug ISDN q931 shows the call hitting the 2911 properly, debug voip ccapi inout shows the call matching the correct dial peers and debug ccsip shows the invite to the PSTN Provider SBC, however within the invite the "from" address incorrectly shows the calling number with the provider SBC address (see below). does anyone have any insight on how to correct this? Attached are VG config and Debug isdn q931, voip ccapi inout, ccsip messages and ccsip call. Thanks in advance for any help!!
From: <sip:[email protected]>:tag=6166CDC4-882
To: <sip:[email protected]>
Shawn C. Smithi have same problem my cucm ip is 192.168.200.53
my Voice Gateway is SIP by ip 192.168.200.86 for internal
and 172.29.7.94
and my SIP Server is 10.208.9.69
if its oky can yuo take a look at my problem please
this is the syslog from debug
May 30 20:19:34.284: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.200.53:5060;branch=z9hG4bK3bd451bf17e0
From: "Aysar Mohamed" <sip:[email protected]>;tag=37693~244641b0-36ac-434c-91c1-823f25a68b28-18299026
To: <sip:[email protected]>
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
Supported: timer,resource-priority,replaces
Min-SE: 1800
User-Agent: Cisco-CUCM8.6
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
CSeq: 101 INVITE
Expires: 180
Allow-Events: presence, kpml
Supported: X-cisco-srtp-fallback
Supported: Geolocation
Call-Info: <sip:192.168.200.53:5060>;method="NOTIFY;Event=telephone-event;Duration=500"
Cisco-Guid: 3047462016-0000065536-0000004549-0902342848
Session-Expires: 1800
P-Asserted-Identity: "Aysar Mohamed" <sip:[email protected]>
Remote-Party-ID: "Aysar Mohamed" <sip:[email protected]>;party=calling;screen=yes;privacy=off
Contact: <sip:[email protected]:5060>
Max-Forwards: 70
Content-Length: 0
May 30 20:19:34.284: //-1/B5A494800000/CCAPI/cc_api_display_ie_subfields:
cc_api_call_setup_ind_common:
cisco-username=2217156
----- ccCallInfo IE subfields -----
cisco-ani=2217156
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=1
dest=90555769123
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=0
cisco-rdnplan=0
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
May 30 20:19:34.288: //-1/B5A494800000/CCAPI/cc_api_call_setup_ind_common:
Interface=0x30CF41D4, Call Info(
Calling Number=2217156,(Calling Name=)(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed),
Called Number=90555769123(TON=Unknown, NPI=Unknown),
Calling Translated=FALSE, Subscriber Type Str=Unknown, FinalDestinationFlag=TRUE,
Incoming Dial-peer=0, Progress Indication=NULL(0), Calling IE Present=TRUE,
Source Trkgrp Route Label=, Target Trkgrp Route Label=, CLID Transparent=FALSE), Call Id=465
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: :cc_get_feature_vsa malloc success
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: cc_get_feature_vsa count is 1
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: :FEATURE_VSA attributes are: feature_name:0,feature_time:832953048,feature_id:85
May 30 20:19:34.288: //465/B5A494800000/CCAPI/cc_api_call_setup_ind_common:
Set Up Event Sent;
Call Info(Calling Number=2217156(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed),
Called Number=90555769123(TON=Unknown, NPI=Unknown))
May 30 20:19:34.288: //465/B5A494800000/CCAPI/cc_process_call_setup_ind:
Event=0x2B82D890
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_setupind_match_search:
Try with the demoted called number 90555769123
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCallSetContext:
Context=0x2ABC2E44
May 30 20:19:34.288: //465/B5A494800000/CCAPI/cc_process_call_setup_ind:
>>>>CCAPI handed cid 465 with tag 0 to app "_ManagedAppProcess_Default"
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCallProceeding:
Progress Indication=NULL(0)
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCallSetupRequest:
Destination=, Calling IE Present=TRUE, Mode=0,
Outgoing Dial-peer=802, Params=0x2ABC19D4, Progress Indication=NULL(0)
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCheckClipClir:
In: Calling Number=2217156(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed)
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCheckClipClir:
Out: Calling Number=2217156(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed)
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCallSetupRequest:
Destination Pattern=9T, Called Number=0555769123, Digit Strip=FALSE
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccCallSetupRequest:
Calling Number=2217156(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed),
Called Number=0555769123(TON=Unknown, NPI=Unknown),
Redirect Number=, Display Info=Aysar Mohamed
Account Number=2217156, Final Destination Flag=TRUE,
Guid=B5A49480-0001-0000-0000-11C535C8A8C0, Outgoing Dial-peer=802
May 30 20:19:34.288: //465/B5A494800000/CCAPI/cc_api_display_ie_subfields:
ccCallSetupRequest:
cisco-username=2217156
----- ccCallInfo IE subfields -----
cisco-ani=2217156
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=1
dest=0555769123
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=0
cisco-rdnplan=0
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
May 30 20:19:34.288: //465/B5A494800000/CCAPI/ccIFCallSetupRequestPrivate:
Interface=0x30CF41D4, Interface Type=3, Destination=, Mode=0x0,
Call Params(Calling Number=2217156,(Calling Name=Aysar Mohamed)(TON=Unknown, NPI=Unknown, Screening=User, Passed, Presentation=Allowed),
Called Number=0555769123(TON=Unknown, NPI=Unknown), Calling Translated=FALSE,
Subscriber Type Str=Unknown, FinalDestinationFlag=TRUE, Outgoing Dial-peer=802, Call Count On=FALSE,
Source Trkgrp Route Label=, Target Trkgrp Route Label=, tg_label_flag=0, Application Call Id=)
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: :cc_get_feature_vsa malloc success
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: cc_get_feature_vsa count is 2
May 30 20:19:34.288: //-1/xxxxxxxxxxxx/CCAPI/cc_get_feature_vsa:
May 30 20:19:34.288: :FEATURE_VSA attributes are: feature_name:0,feature_time:832952824,feature_id:86
May 30 20:19:34.292: //466/B5A494800000/CCAPI/ccIFCallSetupRequestPrivate:
SPI Call Setup Request Is Success; Interface Type=3, FlowMode=1
May 30 20:19:34.292: //466/B5A494800000/CCAPI/ccCallSetContext:
Context=0x2ABC1984
May 30 20:19:34.292: //465/B5A494800000/CCAPI/ccSaveDialpeerTag:
Outgoing Dial-peer=802
May 30 20:19:34.292: //466/B5A494800000/CCAPI/cc_api_call_proceeding:
Interface=0x30CF41D4, Progress Indication=NULL(0)
May 30 20:19:34.292: //465/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.200.53:5060;branch=z9hG4bK3bd451bf17e0
From: "Aysar Mohamed" <sip:[email protected]>;tag=37693~244641b0-36ac-434c-91c1-823f25a68b28-18299026
To: <sip:[email protected]>
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
CSeq: 101 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
May 30 20:19:34.292: //466/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 172.29.7.94:5060;branch=z9hG4bK461C
Remote-Party-ID: "Aysar Mohamed" <sip:[email protected]>;party=calling;screen=yes;privacy=off
From: "Aysar Mohamed" <sip:[email protected]>;tag=7394E4-1898
To: <sip:[email protected]>
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
Supported: timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 3047462016-0000065536-0000004549-0902342848
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1401481174
Contact: <sip:[email protected]:5060>
Call-Info: <sip:172.29.7.94:5060>;method="NOTIFY;Event=telephone-event;Duration=2000"
Expires: 180
Allow-Events: kpml, telephone-event
Max-Forwards: 69
Session-Expires: 1800
Content-Length: 0
May 30 20:19:34.300: //466/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 172.29.7.94:5060;branch=z9hG4bK461C
Call-ID: [email protected]
From: "Aysar Mohamed"<sip:[email protected]>;tag=7394E4-1898
To: <sip:[email protected]>
CSeq: 101 INVITE
Content-Length: 0
May 30 20:19:34.612: //466/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 183 Session Progress
Via: SIP/2.0/UDP 172.29.7.94:5060;branch=z9hG4bK461C
Record-Route: <sip:10.208.9.69:5060;transport=udp;lr>
Call-ID: [email protected]
From: "Aysar Mohamed"<sip:[email protected]>;tag=7394E4-1898
To: <sip:[email protected]>;tag=sbc0806eppk5yip-CC-57
CSeq: 101 INVITE
Contact: <sip:[email protected]:5060;user=phone>
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,REGISTER,INFO,PRACK,SUBSCRIBE,NOTIFY,UPDATE,MESSAGE,REFER
Content-Length: 328
Content-Type: application/sdp
v=0
o=- 17192647 17192647 IN IP4 10.208.9.69
s=SBC call
c=IN IP4 10.208.9.69
t=0 0
m=audio 39910 RTP/AVP 8 0 102 102 18 116
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:102 AMR/8000
a=rtpmap:102 AMR/8000
a=rtpmap:18 G729/8000
a=rtpmap:116 telephone-event/8000
a=ptime:5
a=fmtp:116 0-15
a=fmtp:18 annexb=yes
May 30 20:19:34.612: %SIP-3-UNSUPPORTED: Unsupported ptime value
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_caps_ind:
Destination Interface=0x0, Destination Call Id=-1, Source Call Id=466,
Caps(Codec=0x2, Fax Rate=0x2, Vad=0x1,
Modem=0x0, Codec Bytes=160, Signal Type=2)
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_caps_ind:
Caps(Playout Mode=1, Playout Initial=60(ms), Playout Min=40(ms),
Playout Max=1000(ms), Fax Nom=300(ms))
May 30 20:19:34.612: //465/B5A494800000/CCAPI/cc_api_caps_ack:
Destination Interface=0x0, Destination Call Id=-1, Source Call Id=465,
Caps(Codec=g729r8(0x4), Fax Rate=FAX_RATE_VOICE(0x2), Vad=ON(0x2),
Modem=OFF(0x0), Codec Bytes=20, Signal Type=2, Seq Num Start=3882)
May 30 20:19:34.612: //465/B5A494800000/CCAPI/cc_api_caps_ack:
Destination Interface=0x0, Destination Call Id=-1, Source Call Id=465,
Caps(Codec=g729r8(0x4), Fax Rate=FAX_RATE_VOICE(0x2), Vad=ON(0x2),
Modem=OFF(0x0), Codec Bytes=20, Signal Type=2, Seq Num Start=3882)
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_event_indication:
Event=170, Call Id=466
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_event_indication:
Event Is Sent To Conferenced SPI(s) Directly
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_event_indication:
Event=98, Call Id=466
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_event_indication:
Event Is Sent To Conferenced SPI(s) Directly
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_call_cut_progress:
Interface=0x30CF41D4, Progress Indication=INBAND(8), Signal Indication=SIGNAL RINGBACK(1),
Cause Value=0
May 30 20:19:34.612: //466/B5A494800000/CCAPI/cc_api_call_cut_progress:
Call Entry(Responsed=TRUE)
May 30 20:19:34.612: //465/B5A494800000/CCAPI/ccCallCutProgress:
Progress Indication=INBAND(8), Signal Indication=SIGNAL RINGBACK(1), Cause Value=0
Voice Call Send Alert=FALSE, Call Entry(Alert Sent=FALSE)
May 30 20:19:34.612: //465/B5A494800000/CCAPI/ccCallCutProgress:
Call Entry(Responsed=TRUE)
May 30 20:19:34.612: //465/B5A494800000/CCAPI/ccConferenceCreate:
(confID=0x30C11410, callID1=0x1D1, gcid=8C9E3127-E76E11E3-8274BE8C-EC3B12A0, tag=0x0)
May 30 20:19:34.616: //466/B5A494800000/CCAPI/ccConferenceCreate:
(confID=0x30C11410, callID2=0x1D2, gcid=8C9E3127-E76E11E3-8274BE8C-EC3B12A0, tag=0x0)
May 30 20:19:34.616: //465/B5A494800000/CCAPI/ccConferenceCreate:
Conference Id=0x30C11410, Call Id1=465, Call Id2=466, Tag=0x0
May 30 20:19:34.616: //465/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //466/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //465/B5A494800000/CCAPI/ccConferenceCreate:
May 30 20:19:34.616: ccConferenceCreate: ret1=0, codecMask1=2, bytes1=160, negot1=0, dtmf1=0
ret2=0, codecMask2=2, bytes2=160, negot2=1, dtmf2=6,
tx_dynamic_pt1=0, rx_dynamic_pt1=0, codec_mode1=0, params_bitmap1 =0
tx_dynamic_pt2=8, rx_dynamic_pt2=8, codec_mode2=0, params_bitmap2 =0
May 30 20:19:34.616: //465/B5A494800000/CCAPI/ccConferenceCreate:
delay media to slow start case, codec negotation is not done
May 30 20:19:34.616: //465/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //465/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //465/B5A494800000/CCAPI/cc_api_bridge_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=465,
Destination Call Id=466, Disposition=0x0, Tag=0x0
May 30 20:19:34.616: //466/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //466/xxxxxxxxxxxx/CCAPI/cc_api_get_xcode_stream:
May 30 20:19:34.616: cc_api_get_xcode_stream : 4702
May 30 20:19:34.616: //466/B5A494800000/CCAPI/cc_api_bridge_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=466,
Destination Call Id=465, Disposition=0x0, Tag=0x0
May 30 20:19:34.616: //465/B5A494800000/CCAPI/cc_generic_bridge_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=466,
Destination Call Id=465, Disposition=0x0, Tag=0x0
May 30 20:19:34.616: //465/B5A494800000/CCAPI/ccConferenceCreate:
Call Entry(Conference Id=0x16, Destination Call Id=466)
May 30 20:19:34.616: //466/B5A494800000/CCAPI/ccConferenceCreate:
Call Entry(Conference Id=0x16, Destination Call Id=465)
May 30 20:19:34.616: //465/B5A494800000/CCAPI/cc_process_notify_bridge_done:
Conference Id=0x16, Call Id1=465, Call Id2=466
May 30 20:19:34.616: //465/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 183 Session Progress
Via: SIP/2.0/UDP 192.168.200.53:5060;branch=z9hG4bK3bd451bf17e0
From: "Aysar Mohamed" <sip:[email protected]>;tag=37693~244641b0-36ac-434c-91c1-823f25a68b28-18299026
To: <sip:[email protected]>;tag=739628-1BDB
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
CSeq: 101 INVITE
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: telephone-event
Remote-Party-ID: <sip:[email protected]>;party=called;screen=yes;privacy=off
Contact: <sip:[email protected]:5060>
Supported: sdp-anat
Server: Cisco-SIPGateway/IOS-12.x
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 233
v=0
o=CiscoSystemsSIP-GW-UserAgent 2639 5276 IN IP4 192.168.200.86
s=SIP Call
c=IN IP4 192.168.200.86
t=0 0
m=audio 18288 RTP/AVP 8 0 19
c=IN IP4 192.168.200.86
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:19 CN/8000
May 30 20:19:34.680: //466/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 500 Server Internal Error
Via: SIP/2.0/UDP 172.29.7.94:5060;branch=z9hG4bK461C
Record-Route: <sip:10.208.9.69:5060;transport=udp;lr>
Call-ID: [email protected]
From: "Aysar Mohamed"<sip:[email protected]>;tag=7394E4-1898
To: <sip:[email protected]>;tag=sbc0806eppk5yip-CC-57
CSeq: 101 INVITE
Reason: Q.850;cause=127;text="interworking unspecified"
Warning: 399 - "SoftX3000 R601-CCU Rel POS:[3103] Release from CR"
Content-Length: 0
May 30 20:19:34.680: //466/B5A494800000/CCAPI/cc_api_call_disconnected:
Cause Value=41, Interface=0x30CF41D4, Call Id=466
May 30 20:19:34.680: //466/B5A494800000/CCAPI/cc_api_call_disconnected:
Call Entry(Responsed=TRUE, Cause Value=41, Retry Count=0)
May 30 20:19:34.680: //465/B5A494800000/CCAPI/ccCallReleaseResources:
release reserved xcoding resource.
May 30 20:19:34.680: //466/B5A494800000/CCAPI/ccCallSetAAA_Accounting:
Accounting=0, Call Id=466
May 30 20:19:34.680: //465/B5A494800000/CCAPI/ccConferenceDestroy:
Conference Id=0x16, Tag=0x0
May 30 20:19:34.680: //465/B5A494800000/CCAPI/cc_api_bridge_drop_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=465,
Destination Call Id=466, Disposition=0x0, Tag=0x0
May 30 20:19:34.680: //466/B5A494800000/CCAPI/cc_api_bridge_drop_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=466,
Destination Call Id=465, Disposition=0x0, Tag=0x0
May 30 20:19:34.680: //465/B5A494800000/CCAPI/cc_generic_bridge_done:
Conference Id=0x16, Source Interface=0x30CF41D4, Source Call Id=466,
Destination Call Id=465, Disposition=0x0, Tag=0x0
May 30 20:19:34.680: //466/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Sent:
ACK sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 172.29.7.94:5060;branch=z9hG4bK461C
From: "Aysar Mohamed" <sip:[email protected]>;tag=7394E4-1898
To: <sip:[email protected]>;tag=sbc0806eppk5yip-CC-57
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
Max-Forwards: 70
CSeq: 101 ACK
Allow-Events: kpml, telephone-event
Content-Length: 0
May 30 20:19:34.684: //466/B5A494800000/CCAPI/ccCallDisconnect:
Cause Value=41, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=41)
May 30 20:19:34.684: //466/B5A494800000/CCAPI/ccCallDisconnect:
Cause Value=41, Call Entry(Responsed=TRUE, Cause Value=41)
May 30 20:19:34.684: //466/B5A494800000/CCAPI/cc_api_call_disconnect_done:
Disposition=0, Interface=0x30CF41D4, Tag=0x0, Call Id=466,
Call Entry(Disconnect Cause=41, Voice Class Cause Code=0, Retry Count=0)
May 30 20:19:34.684: //466/B5A494800000/CCAPI/cc_api_call_disconnect_done:
Call Disconnect Event Sent
May 30 20:19:34.684: //-1/xxxxxxxxxxxx/CCAPI/cc_free_feature_vsa:
May 30 20:19:34.684: :cc_free_feature_vsa freeing 31A5D9F0
May 30 20:19:34.684: //-1/xxxxxxxxxxxx/CCAPI/cc_free_feature_vsa:
May 30 20:19:34.684: vsacount in free is 1
May 30 20:19:34.684: //465/B5A494800000/CCAPI/ccCallDisconnect:
Cause Value=41, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=0)
May 30 20:19:34.684: //465/B5A494800000/CCAPI/ccCallDisconnect:
Cause Value=41, Call Entry(Responsed=TRUE, Cause Value=41)
May 30 20:19:34.684: //465/B5A494800000/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 192.168.200.53:5060;branch=z9hG4bK3bd451bf17e0
From: "Aysar Mohamed" <sip:[email protected]>;tag=37693~244641b0-36ac-434c-91c1-823f25a68b28-18299026
To: <sip:[email protected]>;tag=739628-1BDB
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
CSeq: 101 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Reason: Q.850;cause=41
Content-Length: 0
May 30 20:19:34.684: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.200.53:5060;branch=z9hG4bK3bd451bf17e0
From: "Aysar Mohamed" <sip:[email protected]>;tag=37693~244641b0-36ac-434c-91c1-823f25a68b28-18299026
To: <sip:[email protected]>;tag=739628-1BDB
Date: Fri, 30 May 2014 20:19:34 GMT
Call-ID: [email protected]
Max-Forwards: 70
CSeq: 101 ACK
Allow-Events: presence, kpml
Content-Length: 0
May 30 20:19:34.688: //465/B5A494800000/CCAPI/cc_api_call_disconnect_done:
Disposition=0, Interface=0x30CF41D4, Tag=0x0, Call Id=465,
Call Entry(Disconnect Cause=41, Voice Class Cause Code=0, Retry Count=0)
May 30 20:19:34.688: //465/B5A494800000/CCAPI/cc_api_call_disconnect_done:
Call Disconnect Event Sent
May 30 20:19:34.688: //-1/xxxxxxxxxxxx/CCAPI/cc_free_feature_vsa:
May 30 20:19:34.688: :cc_free_feature_vsa freeing 31A5DAD0
May 30 20:19:34.688: //-1/xxxxxxxxxxxx/CCAPI/cc_free_feature_vsa:
May 30 20:19:34.688: vsacount in free is 0
May 30 20:19:36.044: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
OPTIONS sip:172.29.7.94:5060 SIP/2.0
Via: SIP/2.0/UDP 10.208.9.69:5060;branch=z9hG4bKmisco3ykfiooegpygsphkocp1T20326
Call-ID: isbcfemyk1p1mkteets1tcmi53eeehfhikcp@SoftX3000
From: <sip:172.29.7.94:5060>;tag=sbc0803k1pyk51o
To: <sip:172.29.7.94>
CSeq: 1 OPTIONS
Max-Forwards: 70
Content-Length: 0
May 30 20:19:36.048: //467/8DAABF6C8278/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.208.9.69:5060;branch=z9hG4bKmisco3ykfiooegpygsphkocp1T20326
From: <sip:172.29.7.94:5060>;tag=sbc0803k1pyk51o
To: <sip:172.29.7.94>;tag=739BBC-1CE2
Date: Fri, 30 May 2014 20:19:36 GMT
Call-ID: isbcfemyk1p1mkteets1tcmi53eeehfhikcp@SoftX3000
Server: Cisco-SIPGateway/IOS-12.x
CSeq: 1 OPTIONS
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: telephone-event
Accept: application/sdp
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Content-Type: application/sdp
Content-Length: 446
v=0
o=CiscoSystemsSIP-GW-UserAgent 3496 1601 IN IP4 172.29.7.94
s=SIP Call
c=IN IP4 172.29.7.94
t=0 0
m=audio 0 RTP/AVP 18 0 8 9 4 2 15
c=IN IP4 172.29.7.94
m=image 0 udptl t38
c=IN IP4 172.29.7.94
a=T38FaxVersion:0
a=T38MaxBitRate:9600
a=T38FaxFillBitRemoval:0
a=T38FaxTranscodingMMR:0
a=T38FaxTranscodingJBIG:0
a=T38FaxRateManagement:transferredTCF
a=T38FaxMaxBuffer:200
a=T38FaxMaxDatagram:320
a=T38FaxUdpEC:t38UDPRedundancy
My SIP GW internal ip address is 192.168.200.86
and the Public IP is : 172.29.7.94
My CUCM is 192.168.200.53
my GW Config is :
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
registrar server
voice class codec 1
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 g729r8
codec preference 4 g729br8
voice translation-rule 3
rule 1 /^9\(\)/ /\1/
voice translation-rule 4
rule 4 /^22217/ /7/
rule 5 /^2217/ /7/
rule 6 /^022217/ /7/
rule 7 /^0122217/ /7/
voice translation-rule 5
rule 1 /^5/ /905/
rule 2 /^1/ /901/
rule 3 /^2/ /902/
rule 4 /^3/ /903/
rule 5 /^4/ /904/
rule 6 /^6/ /906/
rule 7 /^7/ /907/
rule 8 /^8/ /908/
rule 10 /^00/ /900/
rule 11 /'+'/ /900/
voice translation-profile OUT
translate called 3
voice translation-profile REDIAL
translate calling 5
voice translation-profile SIP-NEW
translate called 4
application
service mva http://192.168.200.53:8080/ccmivr/pages/IVRMainpage.vxml
service ccm http://192.168.200.53:8080/ccmivr/pages/IVRMainpage.vxml
license udi pid CISCO2921/K9 sn FCZ164960G0
hw-module pvdm 0/0
hw-module pvdm 0/1
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 192.168.200.86 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 172.29.7.94 255.255.255.252
duplex auto
speed auto
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 192.168.200.1
ip route 10.208.9.0 255.255.255.0 172.29.7.93
access-list 23 permit 10.10.10.0 0.0.0.7
control-plane
mgcp profile default
sccp local GigabitEthernet0/0
sccp ccm 192.168.200.53 identifier 1 priority 1 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register NAGHI-MTP
dspfarm profile 2 mtp
codec g711alaw
maximum sessions hardware 25
associate application SCCP
dial-peer voice 802 voip
description ** SIP TO STC **
translation-profile outgoing OUT
destination-pattern 9T
session protocol sipv2
session target ipv4:10.208.9.69:5060
session transport udp
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay sip-notify rtp-nte sip-kpml
no vad
dial-peer voice 811 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.53
incoming called-number 022217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 812 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.53
incoming called-number 22217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 813 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.53
incoming called-number 2217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 814 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
preference 1
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.63
incoming called-number 022217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 815 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
preference 1
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.63
incoming called-number 22217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 816 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
preference 1
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.63
incoming called-number 2217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 817 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.53
incoming called-number 0122217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
dial-peer voice 818 voip
description ** SIP INCOMING FROM STC **
translation-profile incoming SIP-NEW
translation-profile outgoing REDIAL
preference 1
destination-pattern 7...
session protocol sipv2
session target ipv4:192.168.200.63
incoming called-number 0122217...$
dtmf-relay sip-notify rtp-nte sip-kpml
codec g711alaw
Please i need ur help ASAP -
Azure Site to Site VPN with Cisco ASA 5505
I have got Cisco ASA 5505 device (version 9.0(2)). And i cannot connect S2S with azure (azure network alway in "connecting" state). In my cisco log:
IP = 104.40.182.93, Keep-alives configured on but peer does not support keep-alives (type = None)
Group = 104.40.182.93, IP = 104.40.182.93, QM FSM error (P2 struct &0xcaaa2a38, mess id 0x1)!
Group = 104.40.182.93, IP = 104.40.182.93, Removing peer from correlator table failed, no match!
Group = 104.40.182.93, IP = 104.40.182.93,Overriding Initiator's IPSec rekeying duration from 102400000 to 4608000 Kbs
Group = 104.40.182.93, IP = 104.40.182.93, PHASE 1 COMPLETED
I have done all cisco s2s congiguration over standard wizard cos seems your script for 8.x version of asa only?
(Does azure support 9.x version of asa?)
How can i fix it?Hi,
As of now, we do not have any scripts for Cisco ASA 9x series.
Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as
demonstrated in this blog:
Step-By-Step: Create a Site-to-Site VPN between your network and Azure
http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
You can refer to this article for Cisco ASA templates for Static routing:
http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
Did you download the VPN configuration file from the dashboard and copy the content of the configuration
file to the Command Line Interface of the Cisco ASDM application? It seems that there is no specified IP address in the access list part and maybe that is why the states message appeared.
According to the
Cisco ASA template, it should be similar to this:
access-list <RP_AccessList>
extended permit ip object-group
<RP_OnPremiseNetwork> object-group <RP_AzureNetwork>
nat (inside,outside) source static <RP_OnPremiseNetwork>
<RP_OnPremiseNetwork> destination static <RP_AzureNetwork>
<RP_AzureNetwork>
Based on my experience, to establish
IPSEC tunnel, you need to allow the ESP protocol and UDP Port 500. Please make sure that the
VPN device cannot be located behind a NAT. Besides, since Cisco ASA templates are not
compatible for dynamic routing, please make sure that you chose the static routing.
Since you configure the VPN device yourself, it's important that you would be familiar with the device and its configuration settings.
Hope this helps you.
Girish Prajwal -
DOM Based Cross-Site Scripting issue in RoboHelp 10
We're using a WebHelp system originally deplyed using RoboHelp 9.0.2.271, and a recent security scan revealed the DOM based cross-site scripting issue.
I recently upgraded to RoboHelp 10, migrated my help system to this version, and redeployed the system, but our security scan is still detecting the cross-scripting vulnerability in WebHelp. Wasn't this issue resolved in RoboHelp 10?
ThanksHi,
I’m not a security expert, but this script reads the URL of the current topic and redirects to the current topic with a bookmark. This is needed for when the same topic is used in multiple locations in the TOC.
I’ll ask around about this security issue.
Greet,
Willam -
How do I get rid of a virus I mistakingly got from a site called 'firstrow.eu'?
How do I get rid of a virus I mistakingly got from a site called 'firstrow.eu'?
Ru-tang wrote:
Ok then one last dumb layman's question...how do I rid myself securely of mackeeper/cleanmymac/norton? Does my Mac have an uninstaller or do I just dump them securely into the trash from Applications in my finder?
How you remove an app depends on the app. There's no built-in uninstaller in Mac OS X. Apps that were purchased through the App Store can just be dragged to the trash. Apps that required an installer should also require an uninstaller, and that uninstaller should be provided by the developer. Apps that are installed just by dragging to the Applications folder are a bit of a gray area... they should be removable just by dragging them to the trash, but sometimes such apps will install things that run in the background and that need removing. You'd need to see if the developer has removal instructions or an uninstaller.
There are special cases, of course. MacKeeper, for example, requires an installer, but has no uninstaller. Instead, you just drag the app to the trash, and a component of MacKeeper will notice that and ask if you want to remove it.
To remove Norton, you need to run the original installer, which will offer to remove Norton if it's already installed. If you don't have that installer, you can re-download it or check with Symantec about an uninstaller.
As for CleanMyMac, here's what the developer has to say:
http://macpaw.com/support/cleanmymac/knowledgebase/how-to-uninstall-cleanmymac-2
As a general rule, when dealing with apps from outside the App Store, you should always find out how an app is properly removed before installing it, as some apps from irresponsible developers may need - but not have - uninstallers. If an app doesn't have an easy removal process, you should think very carefully before installing. -
No Ping-Answer in Site-To-Site-Connection between Cisco 876 and CheckPoint-Firewall
Hello!
We try to establish a Site-To-Site-IPSec-connection between a Cisco 876 (local site) and a CheckPoint-firewall (remote site). The Cisco 876 is not directly connected to the internet, but is behind a DSL-Router with port-forwarding, forwarding ports 500 and 4500. The running config of the Cisco 876 is appended to this discussion thread. Unfortunately I get no output when debugging the connection with commands "debug crypto isakmp" and "debug crypto ipsec".
From the Checkpoint-firewall point of view the connection seems to establish, but there is no ping answer.
The server on the local site that should be reached from the network behind the Checkpoint-firewall has a routing entry "route -P add [inside ip-net remote] 255.255.255.0 [inside ip local]" (see also appended running config for naming of ip-addresses).
Establishing a Cisco VPN-Client connection to the same Cisco 876 router works fine.
Any help would be very much appreciated!
Jakob J. BlaetteHi Jakob,
Adding my two cents here.
You always need to confirm that the following ports and protocol are opened:
1- UDP port 500 --> ISAKMP
2- UDP port 4500 --> NAT-T
3- Protocol 50 ---> ESP
A LAN-to-LAN tunnel will never establish a session over TCP, but it could use NAT-T (if behind NAT). Remember that a one-to-one translation is not a port-forwarding, a LAN-to-LAN tunnel does not work well unless you have a one-to-one translation for the NATted device, which I think, in your case is the Router.
HTH.
Portu.
Please rate any helpful posts and mark this post as answered.
Maybe you are looking for
-
How can I format a mac G5 without the disc's included at purchase? Is it possible?
I was recently able to purchase an Old G5 from work and I would like to format it. The grey install discs that are included at purchase from mac have long since been trashed (why anyone would do that blows my mind). I have an install disc of OSX Leop
-
Solution Manager 3.1 upgrade to 3.2
Hi, I have to upgrade Solution Manager to 3.2 SP Stack 15 or 7.0 SP Stack 09. Now I have Solution Manager 3.1, in detail: SAPKB62052 and SAPKU31010 How can I do it? My problem is: I have to upragde Solution Manager because I have on my notebook Micr
-
The pixel dimension field in the Image Size window, seems to use a generic number of MB which has no connection to the size of the image when I save it as a full resolution Photoshop document. Where does that number come from? I am developing a tutor
-
Adobe CS2 for my old G5?
New Year's Greetings one & all. Not sure where to post this, but: Since... I hope to keep my first gen. iMac G5 with Panther 10.3.9 ...and I own a good number of manuals on Creative Suite 2... I'd like to purchase a used, legal version of Adobe CS2,
-
I just downloaded the trail version of CS5 however it did not load my scanner/camera/and filters that I have on my CS3 version will I need to reinstall them or will they load after I pay for it? I am using xp as the os