using CCA2.0.1 to change FastEthernet0/0 IP address

Unanswered Question
Aug 3rd, 2009
User Badges:

Hi Folks,


Need some advice,


I have a cbeyond SIP phone service, works great.  After discussion with cbeyond technician  and my Cisco Systems Engineer, it was suggested that I alter my Fastethernet0/0 IP address to a Global IP address, for obvious reasons.


I used CCA2.0.1  to alter my internet IP address.


I can still browse to the internet, but my UC520 is now using a Global IP address given to me by cbeyond rather than the private IP address that it was using before.


I  next added a NAT entry to allow for a port Address translation from my wan interface to my lan interface port 5722 to private IP 192.168.10.200


My concern is that my acess list now looks too brief, and look too restrictive 



here is the OLD access list;


access-list 105 remark auto generated by SDM firewall configuration##NO_ACES_20##

access-list 105 remark SDM_ACL Category=1

access-list 105 permit udp host 192.168.22.212 eq 5060 any

access-list 105 permit udp host 192.168.22.212 any eq 5060

access-list 105 deny ip 10.1.10.0 0.0.0.3 any

access-list 105 deny ip 10.1.1.0 0.0.0.255 any

access-list 105 deny ip 192.168.10.0 0.0.0.255 any

access-list 105 permit udp host 64.238.96.12 eq domain any

access-list 105 permit udp host 66.180.96.12 eq domain any

access-list 105 permit icmp any host 10.0.1.26 echo-reply

access-list 105 permit icmp any host 10.0.1.26 time-exceeded

access-list 105 permit icmp any host 10.0.1.26 unreachable

access-list 105 permit udp any any range 16384 32767

access-list 105 deny ip 10.0.0.0 0.255.255.255 any

access-list 105 deny ip 172.16.0.0 0.15.255.255 any

access-list 105 deny ip 192.168.0.0 0.0.255.255 any

access-list 105 deny ip 127.0.0.0 0.255.255.255 any

access-list 105 deny ip host 255.255.255.255 any

access-list 105 deny ip host 0.0.0.0 any

access-list 105 deny ip any any log




here is my  show run of my FastEthernet0/0 interface and new access list that is attached to FastEthernet0/0


interface FastEthernet0/0
description $FW_OUTSIDE$
ip address 69.198.154.102 255.255.255.252
ip access-group 104 in
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM



access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_2##
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any host 69.198.154.102 eq 5722 log
access-list 104 deny   ip any any



My concern is regarding the old access list  105  took into account allowing SIP from my service provider and other necessary services.  The new access list  does not take into account these DNS, SIP and ICMP services. 


How can I use CCA2.0.1 to allow the SIP connection from CBeyond , Domain services  and ICMP functionality.


regards Dennis





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.