03-17-2007 01:41 AM - edited 03-14-2019 08:31 PM
Good Day Gentlemen,
Firstly....please accept my apologies for the double posting in your forum...there seem to be constant problems with this server.
I have just purchased an ATA186 (analogue VOIP adapter) and an 877W integrated ADSL/router.
I have successfully configured both devices using SDM with the exception of the 877W NAT
translation/ Firewall in respect of VOIP packet transmission. I am new to both these devices
and have spent a good couple of days with the Cisco configuration manual, but with no
success, as something always seems to go wrong in the config process usually wrecking havoc
with the primary WAN interface connection itself. I always copy the running config off
somewhere safe before attempting the latest NAT/ Firewall config attempt
Is there anyone out there with experience of VOIP over a similar setup who can answer the
following questions:
1. Just what do I need to 'open' on the NAT or Firewall (the actual port numbers are no
problem) it's the stepped procedure I need to know.
2. Does anyone have or can anyone produce a 'monkey see monkey do' config script that I could
tailor/ import into my existing config. LAN is 192.168.3.0/24 Gateway 192.168.3.1, ATA
192.168.3.7 Ports (SIP) 5060 Outbound Proxy (5065). I would be prepared to pay for the time
spent in creating such a facility, and then study it afterwards. Just need to get my VOIP up
and running.
Running Config is 50% listed below....and continues in the next post due to attachment upload
problems with this server...
Building configuration...
Current configuration : 7728 bytes
!
! Last configuration change at 20:41:19 PCTime Fri Mar 16 2007 by jdep
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO877W
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret xxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 0
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool sdm-pool1
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 194.x.x.114 62.6.40.162
!
ip dhcp pool NETGEAR65362A
host 192.168.3.2 255.255.255.0
hardware-address 0018.4d65.362a
client-name NETGEAR65362A
!
ip dhcp pool NETGEAR65358E
host 192.168.3.3 255.255.255.0
hardware-address 0018.4d65.358e
client-name NETGEAR65358E
!
ip dhcp pool FAT-MAN
host 192.168.3.4 255.255.255.0
hardware-address 000d.56c7.75db
client-name FAT-MAN
!
ip dhcp pool JDEP-PHTW5CYNHC
host 192.168.3.5 255.255.255.0
hardware-address 000f.1fe5.10ec
client-name JDEP-PHTW5CYNHC
!
ip dhcp pool ATA186I2-A
host 192.168.3.7 255.255.255.0
hardware-address 001a.6dca.a698
client-name ATA186I2-A
!
ip dhcp pool JDEP-24105145
host 192.168.3.10 255.255.255.0
hardware-address 0012.793f.61ac
client-name JDEP-24105145
!
!
Thank you all in advance
03-17-2007 01:49 AM
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name de-pulford.com
ip name-server 194.72.0.114
ip name-server 62.6.40.162
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3702453916
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3702453916
revocation-check none
rsakeypair TP-self-signed-3702453916
!
!
crypto pki certificate chain TP-self-signed-3702453916
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373032 34353339 3136301E 170D3032 30333031 30303231
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303234
35333931 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CF2F 1D5B83C3 A751D899 0FCEDE57 6E571AE6 15068DEB 5CEB1087 CF5DB01E
2132ADED AB07CC25 6FD89701 7D8F98F7 C13A7C7A 0D107300 67B4FAE1 B0D68194
3439A0A0 F46CABF6 2C998738 EE939714 FFF289EB 1CF46D4C 319F24B8 DE718EF1
006B4128 51A3082D C9D81AA2 4183F1C2 C958DEC4 62883FEA 5EA46E36 735D3F0E
E1AD0203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18434953 434F3837 37572E64 652D7075 6C666F72 642E636F
6D301F06 03551D23 04183016 80145BD9 5F53ED32 DF72168B 7974E6AE 55791904
2579301D 0603551D 0E041604 145BD95F 53ED32DF 72168B79 74E6AE55 79190425
79300D06 092A8648 86F70D01 01040500 03818100 91DABE4A 1669FE66 9EC47F10
B6678ABB 6E6652A6 21EA12E3 E0FDC073 B0D9FF9B B3217511 5CD07626 ED9E61D7
A28B658B 1DCB4CAB 3DC3973D 27C2F085 302AC657 BF6FDEFB A160B5B7 77095FEF
F68876EA 258D14FA C3FF7FC2 376B65F2 D8B7D3C1 4C8A0CF7 BB849239 600B815C
D19581B9 7C42C971 2CE05E55 86D8A0A5 D1C219BA
quit
username JdeP privilege 15 secret 5 $1$TGpn$RSSTMg3P2rrPZSmBtET0Z1
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 128bit 7 3C6A3709FD19C30AE82824731307 transmit-key
encryption mode wep mandatory
!
ssid WIRELESS_LAN
authentication open
guest-mode
infrastructure-ssid optional
wpa-psk ascii 7 106C050A5F42450F4736202C7E71
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
03-17-2007 01:51 AM
interface Dialer0
description $FW_OUTSIDE$
ip address 217.36.210.59 255.255.0.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname A639590@hg40.btclick.com
ppp chap password 7 020C005E1B545B701C1B
ppp pap sent-username A639590@hg40.btclick.com password 7 020C005E1B545B701C1B
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.3.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 217.36.0.0 0.0.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 62.6.40.162 eq domain host 217.36.210.59
access-list 101 permit udp host 194.72.0.114 eq domain host 217.36.210.59
access-list 101 deny ip 192.168.3.0 0.0.0.255 any
access-list 101 permit icmp any host 217.36.210.59 echo-reply
access-list 101 permit icmp any host 217.36.210.59 time-exceeded
access-list 101 permit icmp any host 217.36.210.59 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
03-19-2007 12:23 AM
03-25-2007 07:44 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide