I am having difficulty getting our new VoiP phones to download their configuration via TFTP by going through our IOS Firewall.
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(24)T2
If I setup NAT with no access-list / policy map of any kind, the phones get a NAT address, connect and successfully download their configuration via TFTP.
Once I implement security, the return tftp data does not come back in. I have tried with simple access-list + inspection rules, and now I am currently using the zone based firewall with policy maps with the same results.
Either way I end up with the following from "show ip cache flow", the phones have an IP address of 10.42.10.xx, and they connect to a public tftp server, which I will list as IP 184.108.40.206, and the outside NAT pool will be 220.127.116.11
Number of Established Sessions = 1 Established Sessions Session 65E0A440 (10.42.10.35:52964)=>(18.104.22.168:69) tftp:udp SIS_OPEN Created 00:00:30, Last heard 00:00:21 Bytes sent (initiator:responder) [124:0]
Number of Pre-generated Sessions = 1 Pre-generated Sessions Pre-gen session 66B9F940 22.214.171.124[1024:65535]=>126.96.36.199[52964:52964] tftp-data:udp Created 00:00:30, Last heard 00:00:30 Bytes sent (initiator:responder) [0:0]
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :