Trunking between Pix and pvlans

Similar Messages

• How to create multiple sip trunks between cucm and cisco unified sip proxy

  Dear Expert,
  Is there a way to create multiple sip trunks between CUCM and Cisco Unified SIP Proxy (CUSP)? How to achieve it without creating multiple IP interfaces on the CUSP module.
  CUCM: 8.5.1.10000-9
  CUSP: 8.5.2
  Thank you,
  .wan

  Hello Michael,
  This SIP trunk is part of UCCE solution, which used between CVP, CUSP, and CUCM.
  The requirements:
  1) To have different codecs for different type of calls, as the phones are at few countries
  2) To pass different number of digits from CUSP to CUCM for different call treatments
  .wan

• CUCM - trunking between 7 and 9

  Hi,
  Document needed to do a trunking between cucm 7 and cucm 9  ( intercluster trunking)
  We are planning to route a PSTN call from IP phones which are registerd with old CUCM on version 7 from our new cucm 9 which has FXO- line active.
  how do I achive it.
  Regards

  Hello
  You have to use intercluster non-gatekeeper controlled . I do nothink there is special document for this , but you can see the below link:-
  https://supportforums.cisco.com/discussion/11766291/intercluster-sip-trunk-between-cucm-version-71-and-91
  Thanks
  please rate all useful ifnromation

• Trunking between 7613 and GSR (12416)

  Can these 2 devices support gig etherchannelling? I need to trunk 3 gig ethernet between 7613 and 12416. GSR does support portchannels but to allow trunking dot1q must be configured. If any one is doing this please print a sample config.
  Thanks.

  According to the Q&A as below. The Fast and Gigabit Etherchannel is not supported in GSR12000. And it do support 802.1q.
  http://www.cisco.com/en/US/products/hw/routers/ps167/products_qanda_item09186a0080094a71.shtml#n17
  Below is the config, sample for dot1q for VLAN 10 :
  interface gigabitethernet 3/1.1
  encapsulation dot1q 10
  ip address 172.1.1.1 255.255.255.0
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800e9556.html#31333
  Hope this helps.

• Trunking between 2960X and 3560G

  I am trying to trunk between a Cisco 2960X and a 3560G switch. The 2960X has a 10gig (SFP) interface and the 3560G has a 1gig (SFP) interface. Can I do this with 1gig SFP modules? If so what is the configuration on both switches because I can't get them to come up. This what I have.
  2960X config
  interface TenGigabitEthernet3/0/2
   switchport mode trunk
  3560G config
  interface GigabitEthernet0/28
   switchport trunk encapsulation dot1q
   switchport mode trunk

  I looked at my 2960X, but I don't have one that has a 1Gig-Module in a SFP+ slot. But at least it is documented to work:
  The SFP+ slots support both SFP and SFP+ modules
  Are you sure you don't have just a send/receive mismatch? Sometimes the easy things are the hardest to find ... ;-)

• Configure IPsec between PIX and ADSL router

  Hi,
  We want to create IPsec between PIX @ Point A and ASA(which is behind ADSL router) @ Point B. 
  Point A PIX ----> Internet -- cloud -- Internet <---- ADSL Router <---ASA Point B    
  Please guide me or share usefull link for same.
  Thanks & Regards,
  Dhaval Dikshit                

  IPSec should only be an option if the WLC has a crypto card installed.  IIRC, only the 4400 supported the crypto card, and it went EoS shortly after the airespace acquisition.
  HTH,
  Steve
  Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

• Trunk between cisco and huawei

  One of my edge Huawei S5700-28C-EI stack switches  is dead, I am going to replace it with a Cisco switch Catalyst 3750 series PoE-48 via a trunk link  with GE fiber port on both ends, please see the diagram below.
                                    trunk                     trunk
     Core switchrouter<----------S5700<--------------->Cisco Catlyst 3750
  I haven’t touch Cisco switch for many years, I would like to ask the following questions:
  1.)      Do I need to take any precaution before connecting this Cisco switch into my Huawei network? Only one link between S5700 and C3750, so I don't need worry anout STP? Do I need to worry about Default vlan regarding trunking port?
  2.)      I need to use different trucking protocol e.g. 802.1Q etc to interconnect these two switches (S5700 and Catalyst 3750), please see the following configuration:
  For C3750:
  switchport trunk encapsulation dot1q
  switchport trunk native vlan (What you want)
  switchport trunk allowed vlan (VLANs required)
  switchport mode trunk
  spanning-tree portfast trunk
  For S5700:
  port link-type trunk
  port trunk permit vlan all
  Do you think the configurations above are right?
  Do I need to manually enter Duplex and speed options ?     
  3.)If the configurations are not right, then what are the commands for trucking port/link should I use on the Cisco switch (it uses IOS software) and Huawei switch?  Procedures of the commands would be really helpful !
  Any information and help would be much appreciated.

  I know the problem,When I change the native vlan of my  S5700-28C-EI ,it's just ok.

• Newbie: trunk between 6500 and Blade Switch 3020

  Hi,
  Beeing newbie , I need advice to setup trunk between my 2 switches.
  I would like to use 4 ports as TRUNK
  On the 6500 , this is what I have done :
  set port channel 5/37-40 61
  set trunk 5/37 auto isl 1-1005,1025-4094
  set trunk 5/38 auto isl 1-1005,1025-4094
  set trunk 5/39 auto isl 1-1005,1025-4094
  set trunk 5/40 auto isl 1-1005,1025-4094
  On the Blade Switch 3020 I have done :
  interface GigabitEthernet0/17
  switchport trunk encapsulation isl
  switchport mode trunk
  shutdown
  channel-group 1 mode on
  interface GigabitEthernet0/18
  switchport trunk encapsulation isl
  switchport mode trunk
  shutdown
  channel-group 1 mode on
  interface GigabitEthernet0/19
  switchport trunk encapsulation isl
  switchport mode trunk
  shutdown
  channel-group 1 mode on
  interface GigabitEthernet0/20
  switchport trunk encapsulation isl
  switchport mode trunk
  shutdown
  channel-group 1 mode on
  Will that work ?
  Could you tell me if I have to put the trunk port on the same VLAN ?
  Many thanks in advance for your help.
  regards
  David

  version 12.2
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname Lux-bl-sw1
  enable secret xxx
  no aaa new-model
  ip subnet-zero
  no file verify auto
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  interface Port-channel1
  interface FastEthernet0
  no ip address
  no ip route-cache
  interface GigabitEthernet0/1
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/2
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/3
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/4
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/5
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/6
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/7
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/8
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/9
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/10
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/11
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/12
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/13
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/14
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/15
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/16
  switchport access vlan 181
  speed 1000
  spanning-tree portfast
  interface GigabitEthernet0/17
  interface GigabitEthernet0/18
  interface GigabitEthernet0/19
  interface GigabitEthernet0/20
  interface GigabitEthernet0/21
  interface GigabitEthernet0/22
  interface GigabitEthernet0/23
  interface GigabitEthernet0/24
  interface Vlan1
  no ip address
  no ip route-cache
  interface Vlan181
  ip address xxx.xx.x.xxx 255.255.0.0
  no ip route-cache
  ip default-gateway xxx.xx.x.xx
  ip http server
  control-plane
  line con 0
  line vty 0 4
  password fsv14m
  login
  line vty 5 15
  password fsv14m
  login
  end
  Port Name Status Vlan Duplex Speed Type
  Gi0/1 connected 181 full 1000 1000BaseX
  Gi0/2 connected 181 full 1000 1000BaseX
  Gi0/17 connected trunk a-full a-1000 10/100/1000BaseTX
  Gi0/18 connected trunk a-full a-1000 10/100/1000BaseTX
  Gi0/19 notconnect 1 auto auto Not Present
  Gi0/20 notconnect 1 auto auto Not Present
  Gi0/21 connected trunk a-full a-1000 10/100/1000BaseTX
  Gi0/22 notconnect 1 auto auto 10/100/1000BaseTX
  Gi0/23 connected trunk a-full a-1000 10/100/1000BaseTX
  Gi0/24 notconnect 1 auto auto 10/100/1000BaseTX
  Po1 notconnect 1 auto auto
  Fa0 connected routed full a-100 10/100BaseTX
  We saw that all the ports on the gig switch are set to be trunk by default.
  trunk works
  I need to investigate how to setup a ether channel trunk ( to have a 4 gig trunk instead of 4*1 gig )

• Troubleshooting Trunking between 3560 and a WS-C6509-E

  I have both sides configured the same on these two switches but I can not ping the ip's on the other side from the 6509.
  int Gig3/3
  Switchport
  Switchport trunk encapsulation dot1q
  switchport trunk allowed vlan allowed 192-195, 253, 254, 999
  switchport mode trunk
  I have use the command sh int trunk and everything appears to be trunking just fine. Those Vlan's are created on both sides.  What other commands can I use to rule out a trunking problem?  I keep trying to ping the ip address on the 3560 (*.*192.1) from the 6509. and still not joy.

  The show int trunk command should confirm that trunking is correct between the switches.  However, we need to know what vlan id you are using for management.  Also, we need to see the output of the management vlans on each switch.  Also, check the show ip int brief command and make sure your management vlans are up up.  They need to look like this:
  Vlan631                10.6.31.1       YES manual up                    up

• Unable to fully form trunks between 3850 and 4503-E switches

  Hi all,
  This last weekend I tried to replace a stack of 3750G's with a stack of new 3850's.
  The stack of switches has 2 fibre uplinks to the core switches (4503-E).
  It didn't go well, and I had to revert the project.
  The stack was all pre-configured in the workshop but could not be tested  on the live LAN. When I connected it , I first connected up 1 of  the 2 uplinks. The link went to UP status, and I could see the remote core switch via CDP,  but it would not learn the VLANs (VTP was setup correctly), and looking  at the port on the switch, it flashed green, went solid green, then  flashed amber slowly. This cycled continuously, whilst the link status remained up and no errors were logged by either switch.
  I debugged spanning-tree but nothing stood out. I tried a replacement SFP, and a different slot but no difference.
  I re-connected one of the old 3750's and immediately the link came up stable, and everything was fine.
  I then erased the config on the new stack, and simply set the fibre port as  trunk, with udld enabled (matching the remote end) (neither switch  supports ISL, so the trunk is dot1q). The same issue persisted.
  Last night I spent a few hours in the office investigating.  I grabbed a spare 3560G from the store, configured a fibre port as a trunk, and connected this to the 3850's, and this worked fine.  I then provisioned a new fibre port on the core 4503-E and connected this up using brand new fibre tails, but had exactly the same issues as described above.
  The switches were running cat3k_caa-iosd-universalk9.SPA.150-1.EX3, and I have upgraded them to cat3k_caa-universalk9.SPA.03.03.01.SE.150-1.EZ1.bin as part of my troubleshooting but this has not made a difference.
  Does anyone have any advice? I am starting to wish I spec'd 3750X's instead!!
  Thanks

  Tim,
  From the 3850 install guide
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/hardware/installation/guide/3850_hig/HIGOVERV.html#wp1263129
  Table 1-13 NETWORK MODULE LEDs
  Color
  NETWORK MODULE Link Status
  Off
  Link is off.
  Green
  Link is on, no activity.
  Blinking green
  Activity on a link, no faults.
  Note The LED will blink green even if there is very little control traffic.
  Blinking amber
  Link is off due to a fault or because it has exceeded a limit set in the switch software.
  Caution Link faults occur when noncompliant cabling is connected to an SFP or SFP+ port. Use only standard-compliant cabling to connect to Cisco SFP and SFP+ ports. You must remove from the network any cable or device that causes a link fault.
  Amber
  Link for the SFP or SFP+ has been disabled.
  What kind of SFPs are in the 3850
  What kind if GBICs are in the 4500
  What is the spec of your fibre cable & patches
  Regards,
  Alex.
  Please rate useful posts.

• Problem with sip trunk between CCM and Huawei through Cisco ASA5520

  Hello,
  I have a next problem
  During SIP conversation ASA is changing  the ip address of CCM to corresponding name in ASA configuration inside the SIP packet:
  To:  <sip:443230282@Server_CCM1;user=phone>
  ASA name configuration:
  name x.y.z.h Server_CCM1
  But it should be without any changes like that: To:  <sip:[email protected];user=phone>. Because of that session cant be established. Remote SIP peer gives an error "Bad Request - 'Malformed/Missing URL"
  When name was deleted  in ASA "no name x.y.z.h Server_CCM1" we have no any problem with  SIP initialization and call proccesing.
  We are going to upgrade ASA from 8.2 to 8.3 and it seems that we will have the same problem because object will be created automaticly  in new version (we are using a NAT) and we will not be able to delete an object like we did in version 8.2.
  What configuration in ASA version 8.3 should be done to avoid this issue.
  P.S Detailed debug from Huawei in attachment.
  Thank you.

  Hi.
  depending on your config, you might be hitting CSCta16361, this is fixed in 8.2(4)
  if you can confirm it's still happening in latest 8.2 release, then a TAC case needs to be opened so investigation is done and a new bug is opened.
  if you've tested 8.2(4) already and it's still doing the same, then a TAC Service Request should be opened for more investigation and possibly opening a new defect.
  Best regards,
  Fadi.
  does  this answer your question? if yes please mark it resolved.

• Trunk with WLC and 1400BR problem

  hi everybody,
  i have the next proble, i hope someone can help me
  Actually I wrok with a 1522 Mesh Network,1130 LWAPP and Bridge 1400 point to point. 1522 and 1130 are asociated with WLC.
  I have a WLC4402 (4.1.192.22M (Mesh)image) this wlc is conected via trunk to Sw3750 ex:
  interface GigabitEthernet1/0/1
  switchport trunk encapsulation dot1q
  switchport mode trunk
  RAP1 is connected to the sameSw3750 ex:
  interface FastEthernet1/0/23
  description RAP1
  switchport access vlan 10
  **(VLAN 10 is Mgmt)**
  AP1(1130) is connected to the same Sw3750 ex:
  interface FastEthernet1/0/1
  description AP1
  switchport access vlan 10
  The 1410BR Root is connected via trunk to same Sw3750 ex:
  interface FastEthernet1/0/19
  description BR-1400R
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 10
  switchport mode trunk
  In the other point is the Non-Root connected to a Sw2960 ex:
  interface GigabitEthernet1/0/1
  switchport trunk native vlan 10
  switchport mode trunk
  AP2(1130) connected to the same Sw2960 ex:
  interface fa0/23
  descriptipon AP2
  switchport access vlan 10
  The network is work fine, Mesh UP (RAP and MAPs), and 1130 too.I connected the 1400 Bridge point after the Mesh is up, and the link between Root and Non Root is UP
  Now, when the Sw3750 goes down or reboot,the RAP and AP1(1130) can't associated to WLC. The ports of RAP and 1130 are down and up many times, so can't associated to a WLC. Only the Bridge point 1400 Root and Non-root are UP, and the AP2(1130) in the other side can associated to the WLC.
  When shutdown the port of the Root Bridge, Now the RAP1 and AP1(1130) can associated to the WLC and the Mesh Net is UP. Then no shutdown the Root Bridge port and the link between Bridges are UP, AP2(1130) up to the controller too.
  But after several minutes the Bridge down, and the event log in the Root is:Interface Dot11Radio0 Radio transmit power out of range.
  So i have this problems
  1) Trunks between WLC and 1400 BR
  2) Bridge conectivity range.
  Regards
  Antonio

  The Outdoor Bridge Range Calculation Utility uses parameters that include regulatory domain, device type, data rate, antenna gain, and a few others as inputs.
  You can avoid connectivity problems with the Outdoor Bridge Calculation Utility, as this tool helps you to predict the distance between devices. In a wireless environment without a tool like this, you cannot predict the distance between the bridges, the height at which you must place the antennas for maximum throughput, and other variables. This utility also helps you decide on the type of antenna that you must use in order to cover the distance between the bridges.

• Persistent VPN between PIX 501 and ASA 5505

  I am a networking newbie with 2 small retail stores. I would like to create a persistent VPN between the stores. I already have a PIX 501 firewall, and I am looking at getting an ASA 5505. Would I have any problems creating a persistent VPN between these two firewalls?

  No problems whatsoever :-)
  There are loads of examples for the config on the Cisco website, and basically these boxes can run exactly the same software, so the config on each is virtually the same. Main difference is the ASA defines the interfaces in a different way. Even if you have different versions of software, say 6.3 on the PIX and 7.2 on the ASA they will still work fine for the VPN, just the configs will be a lot more different. Hope this helps to remove any worries you had?

• Phase 2 tunnel is not going up between PIX 525 and Watchguard

  Hi Folks,
  Can you please help me in knowing where is the problem liying, currently I am trying to establish a VPN tunnel between PIX firewall and Watchguard , all the parameters of both devices are the same though Phase two tunnel is not coming up.
  here is the debug :
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:500 dpt:500
  OAK_MM exchange
  ISAKMP (0): processing KE payload. message ID = 0
  ISAKMP (0): processing NONCE payload. message ID = 0
  ISAKMP (0:0): Detected NAT-D payload
  ISAKMP (0:0): NAT does not match MINE hash
  hash received: b3 8f bb 0 93 3b 65 e8 35 6f 54 6 c4 6f 59 cc
  my nat hash : dd 70 9 ac 35 58 40 da 3b 5b fc 1b 4c 87 d2 11
  ISAKMP (0:0): Detected NAT-D payload
  ISAKMP (0:0): NAT does not match HIS hash
  hash received: ba 72 c5 e 5b fb 88 f0 1e f7 8a ba c9 c6 c1 cc
  his nat hash : c 4c 89 a5 66 c1 dd 80 76 48 3f a5 b0 f0 56 ed
  ISAKMP (0:0): constructed HIS NAT-D
  ISAKMP (0:0): constructed MINE NAT-D
  return status is IKMP_NO_ERROR
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:4500 dpt:4500
  OAK_MM exchange
  ISAKMP (0): processing ID payload. message ID = 0
  ISAKMP (0): processing HASH payload. message ID = 0
  ISAKMP (0): SA has been authenticated
  ISAKMP: Created a peer struct for 212.37.17.43, peer port 37905
  ISAKMP: Locking UDP_ENC struct 0x3cbb634 from crypto_ikmp_udp_enc_ike_init, count 1
  ISAKMP (0): ID payload
  next-payload : 8
  type : 2
  protocol : 17
  port : 0
  length : 23
  ISAKMP (0): Total payload length: 27
  return status is IKMP_NO_ERROR
  ISAKMP (0): sending INITIAL_CONTACT notify
  ISAKMP (0): sending NOTIFY message 24578 protocol 1
  VPN Peer: ISAKMP: Added new peer: ip:212.37.17.43/4500 Total VPN Peers:16
  VPN Peer: ISAKMP: Peer ip:212.37.17.43/4500 Ref cnt incremented to:1 Total VPN Peers:16
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:4500 dpt:4500
  ISAKMP (0): processing NOTIFY payload 24578 protocol 1
  spi 0, message ID = 3168983470
  ISAKMP (0): processing notify INITIAL_CONTACT
  return status is IKMP_NO_ERR_NO_TRANS
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:4500 dpt:4500
  OAK_QM exchange
  oakley_process_quick_mode:
  OAK_QM_IDLE
  ISAKMP (0): processing SA payload. message ID = 484086886
  ISAKMP : Checking IPSec proposal 1
  ISAKMP: transform 1, ESP_3DES
  ISAKMP: attributes in transform:
  ISAKMP: SA life type in seconds
  ISAKMP: SA life duration (basic) of 28800
  ISAKMP: SA life type in kilobytes
  ISAKMP: SA life duration (basic) of 32000
  ISAKMP: encaps is 61433
  ISAKMP: authenticator is HMAC-MD5
  ISAKMP (0): atts not acceptable. Next payload is 0
  ISAKMP (0): SA not acceptable!
  ISAKMP (0): sending NOTIFY message 14 protocol 0
  return status is IKMP_ERR_NO_RETRANS
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:4500 dpt:4500
  ISAKMP: phase 2 packet is a duplicate of a previous packet
  ISAKMP: resending last response
  ISAKMP (0:0): sending NAT-T vendor ID - rev 2 & 3
  crypto_isakmp_process_block:src:212.37.17.43, dest:212.118.128.233 spt:4500 dpt:4500
  ISAKMP: phase 2 packet is a duplicate of a previous packet
  ISAKMP: resending last response
  crypto_isakmp_process_block:src:213.210.211.82, dest:212.118.128.233 spt:500 dpt:500
  ISAKMP (0): processing NOTIFY payload 36136 protocol 1
  spi 0, message ID = 287560609
  ISAMKP (0): received DPD_R_U_THERE from peer 213.210.211.82
  ISAKMP (0): sending NOTIFY message 36137 protocol 1
  return status is IKMP_NO_ERR_NO_TRANSdebug
  ISAKMP (0): retransmitting phase 1 (0)...
  Thanks,
  Ismail

  Hi Kanishka,
  The Phase 2 Parameters are the same also PFS is disabled !
  There are some curious things in the debug msg, could you please throw some light on them
  ISAKMP (0): Checking ISAKMP transform 1 against priority 1 policy
  ISAKMP: encryption 3DES-CBC
  ISAKMP: hash MD5
  ISAKMP: auth pre-share
  ISAKMP: life type in seconds
  ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
  ISAKMP: default group 1
  ISAKMP (0): atts are acceptable. Next payload is 0
  ISAKMP (0): processing vendor id payload
  ISAKMP (0:0): vendor ID is NAT-T
  ISAKMP (0): processing vendor id payload
  what does the vendor ID is NAT-T above mean ? Is it say that both sides are using Nat traversal.
  Also in ecryption its says encryption 3DES-CBC
  i am not sure if this CBC is the culprit. Because thats what watchgaurd uses only it does not have an option for only 3DES.
  strange enought that Phase 1 is getting up, I am also questioning myself about the following message appearing in Phase 1:
  ISAKMP (0:0): Detected NAT-D payload
  ISAKMP (0:0): NAT does not match MINE hash
  hash received: b3 8f bb 0 93 3b 65 e8 35 6f 54 6 c4 6f 59 cc
  my nat hash : dd 70 9 ac 35 58 40 da 3b 5b fc 1b 4c 87 d2 11
  ISAKMP (0:0): Detected NAT-D payload
  ISAKMP (0:0): NAT does not match HIS hash
  hash received: ba 72 c5 e 5b fb 88 f0 1e f7 8a ba c9 c6 c1 cc
  his nat hash : c 4c 89 a5 66 c1 dd 80 76 48 3f a5 b0 f0 56 ed
  ISAKMP (0:0): constructed HIS NAT-D
  ISAKMP (0:0): constructed MINE NAT-D
  return status is IKMP_NO_ERROR
  how come Phase 1 is coming up though the PIX is claiming that his HASH is not the same as HIS HASH :(
  the log messages on WATCH GUARD states that there is no proposal chosen!
  why both firewalls are not friends?
  I appreciate any input

• Sip trunk between CUCM7.0 and third party VOIP provider

  Hi all,
  I'm looking for a solution/howto configuration for setting up a SIP trunk between CUCM7.0 and a SIP-VoIP provider.
  Got SIP username, password and SIP-proxy IP from the provider.
  I've done such a setup on CUCME a couple of times, but never on the CUCM.
  Who can put me on right way?
  Can it be done on the CUCM, or must an IOS-Device be used (got a PSTN-GW connected through H323 with CUCM)?
  THanks for the hint,
  Greets Norbert

  Here we go.....
  CONFIG (Version=7.1)
  =====================
  Version 7.1
  Cisco Unified Communications Manager Express
  ! Calling nr. incoming
  voice translation-rule 40
  rule 1 /\(.*\)/ /0\1/
  ! Discard prefix (calling nr.)
  voice translation-rule 190
  rule 1 /^0\(.*\)/ /\1/
  rule 2 /^9\(.*\)/ /\1/
  ! Mapping, internat to external nr.
  voice translation-rule 191
  rule 10 /^[1-9].*/ /xxxxEXTERNALxxxx/
  ! for call-forwarding
  rule 15 /^0\(.*\)/ /\1/
  ! Mapping external to internal nr.
  voice translation-rule 192
  rule 2 /^xxxxxEXTERNALxxxx/ /4xx/
  voice translation-profile TP_IN_SIP
  translate calling 40
  translate called 192
  voice translation-profile TP_OUT_SIP
  translate calling 191
  translate called 190
  dial-peer voice 2001 voip
  corlist outgoing dialCORnoFax
  description *** SIP-TRUNK (OUT) ***
  translation-profile incoming TP_IN_SIP
  translation-profile outgoing TP_OUT_SIP
  max-conn 2
  destination-pattern 9.T
  session protocol sipv2
  session target ipv4:2xx.xxx.xxx.xxx
  session transport udp
  ! customer external nr. range (one dot at the and -> 0-9)
  incoming called-number xxxxxxxx.
  dtmf-relay rtp-nte
  codec g711alaw
  no vad
  gateway
  timer receive-rtp 1200
  sip-ua
  keepalive target ipv4:2xx.xxx.xxx.xxx
  authentication username xxEXTERNAL NR.xxxxx password 7 111111111111111111111
  calling-info pstn-to-sip from number set xxEXTERNAL NR.xxxxx
  retry invite 2
  retry response 2
  retry bye 2
  retry register 2
  retry options 1
  registrar ipv4:2xx.xxx.xxx.xxx expires 60
  host-registrar
  Greets,
  Norbert
  Hope this help......Please rate if helpful