NAT Trans/ Firewall Settings for VOIP ATA186/ 877W combo

Unanswered Question
Mar 17th, 2007

Good Day Gentlemen,

Firstly....please accept my apologies for the double posting in your forum...there seem to be constant problems with this server.

I have just purchased an ATA186 (analogue VOIP adapter) and an 877W integrated ADSL/router.

I have successfully configured both devices using SDM with the exception of the 877W NAT

translation/ Firewall in respect of VOIP packet transmission. I am new to both these devices

and have spent a good couple of days with the Cisco configuration manual, but with no

success, as something always seems to go wrong in the config process usually wrecking havoc

with the primary WAN interface connection itself. I always copy the running config off

somewhere safe before attempting the latest NAT/ Firewall config attempt

Is there anyone out there with experience of VOIP over a similar setup who can answer the

following questions:

1. Just what do I need to 'open' on the NAT or Firewall (the actual port numbers are no

problem) it's the stepped procedure I need to know.

2. Does anyone have or can anyone produce a 'monkey see monkey do' config script that I could

tailor/ import into my existing config. LAN is Gateway, ATA Ports (SIP) 5060 Outbound Proxy (5065). I would be prepared to pay for the time

spent in creating such a facility, and then study it afterwards. Just need to get my VOIP up

and running.

Running Config is 50% listed below....and continues in the next post due to attachment upload

problems with this server...

Building configuration...

Current configuration : 7728 bytes


! Last configuration change at 20:41:19 PCTime Fri Mar 16 2007 by jdep


version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers


hostname CISCO877W





logging buffered 51200 debugging

logging console critical

enable secret xxx


no aaa new-model


resource policy


clock timezone PCTime 0

ip subnet-zero

no ip source-route

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address


ip dhcp pool sdm-pool1

import all



dns-server 194.x.x.114


ip dhcp pool NETGEAR65362A


hardware-address 0018.4d65.362a

client-name NETGEAR65362A


ip dhcp pool NETGEAR65358E


hardware-address 0018.4d65.358e

client-name NETGEAR65358E


ip dhcp pool FAT-MAN


hardware-address 000d.56c7.75db

client-name FAT-MAN


ip dhcp pool JDEP-PHTW5CYNHC


hardware-address 000f.1fe5.10ec

client-name JDEP-PHTW5CYNHC


ip dhcp pool ATA186I2-A


hardware-address 001a.6dca.a698

client-name ATA186I2-A


ip dhcp pool JDEP-24105145


hardware-address 0012.793f.61ac

client-name JDEP-24105145



Thank you all in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Sat, 03/17/2007 - 01:49

ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 icmp

ip inspect name DEFAULT100 netshow

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 esmtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

ip tcp synwait-time 10

no ip bootp server

ip domain name

ip name-server

ip name-server

ip ssh time-out 60

ip ssh authentication-retries 2



crypto pki trustpoint TP-self-signed-3702453916

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3702453916

revocation-check none

rsakeypair TP-self-signed-3702453916



crypto pki certificate chain TP-self-signed-3702453916

certificate self-signed 01

30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33373032 34353339 3136301E 170D3032 30333031 30303231

30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303234

35333931 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100CF2F 1D5B83C3 A751D899 0FCEDE57 6E571AE6 15068DEB 5CEB1087 CF5DB01E

2132ADED AB07CC25 6FD89701 7D8F98F7 C13A7C7A 0D107300 67B4FAE1 B0D68194

3439A0A0 F46CABF6 2C998738 EE939714 FFF289EB 1CF46D4C 319F24B8 DE718EF1

006B4128 51A3082D C9D81AA2 4183F1C2 C958DEC4 62883FEA 5EA46E36 735D3F0E

E1AD0203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603

551D1104 1C301A82 18434953 434F3837 37572E64 652D7075 6C666F72 642E636F

6D301F06 03551D23 04183016 80145BD9 5F53ED32 DF72168B 7974E6AE 55791904

2579301D 0603551D 0E041604 145BD95F 53ED32DF 72168B79 74E6AE55 79190425

79300D06 092A8648 86F70D01 01040500 03818100 91DABE4A 1669FE66 9EC47F10

B6678ABB 6E6652A6 21EA12E3 E0FDC073 B0D9FF9B B3217511 5CD07626 ED9E61D7

A28B658B 1DCB4CAB 3DC3973D 27C2F085 302AC657 BF6FDEFB A160B5B7 77095FEF

F68876EA 258D14FA C3FF7FC2 376B65F2 D8B7D3C1 4C8A0CF7 BB849239 600B815C

D19581B9 7C42C971 2CE05E55 86D8A0A5 D1C219BA


username JdeP privilege 15 secret 5 $1$TGpn$RSSTMg3P2rrPZSmBtET0Z1




bridge irb



interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto


interface ATM0.1 point-to-point

description $ES_WAN$$FW_OUTSIDE$

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1



interface FastEthernet0


interface FastEthernet1


interface FastEthernet2


interface FastEthernet3


interface Dot11Radio0

no ip address


encryption key 1 size 128bit 7 3C6A3709FD19C30AE82824731307 transmit-key

encryption mode wep mandatory



authentication open


infrastructure-ssid optional

wpa-psk ascii 7 106C050A5F42450F4736202C7E71


speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 spanning-disabled


interface Vlan1


no ip address

ip tcp adjust-mss 1452

bridge-group 1


Anonymous (not verified) Sat, 03/17/2007 - 01:51

interface Dialer0

description $FW_OUTSIDE$

ip address

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [email protected]

ppp chap password 7 020C005E1B545B701C1B

ppp pap sent-username [email protected] password 7 020C005E1B545B701C1B


interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412


ip classless

ip route Dialer0


ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload


logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit

access-list 100 remark auto generated by Cisco SDM Express firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip any

access-list 100 deny ip host any

access-list 100 deny ip any

access-list 100 permit ip any any

access-list 101 remark auto generated by Cisco SDM Express firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host eq domain host

access-list 101 permit udp host eq domain host

access-list 101 deny ip any

access-list 101 permit icmp any host echo-reply

access-list 101 permit icmp any host time-exceeded

access-list 101 permit icmp any host unreachable

access-list 101 deny ip any

access-list 101 deny ip any

access-list 101 deny ip any

access-list 101 deny ip any

access-list 101 deny ip host any

access-list 101 deny ip host any

access-list 101 deny ip any any

dialer-list 1 protocol ip permit

no cdp run




bridge 1 protocol ieee

bridge 1 route ip

banner login ^CCAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C


line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh


scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500


Anonymous (not verified) Mon, 03/19/2007 - 00:23

Anonymous (not verified) Sun, 03/25/2007 - 07:44


This Discussion