There is a CUBE (Cisco 2821 witch IOS 12.4 (13)T) which is provided connections H323-to-SIP and vice versa between CCM 7.1 working on H323 and SIP softswitch of provider. As the CUBE is located between different subnets it has two different interfaces for CCM and SIP softswitch. There is no problem with voice unless putting an ACL on the inside interface of the CUBE (to the provider side) permitting traffic from SIP softswitch to the CUBE only. After putting the ACL there is no problem with signalling but RTP from provider is blocked. In the logs I see blocking traffic from the CUBE to CCM (from LAN interface to private address of CCM) on the interface with public addresses and therefore after adding neccessary string RTP is going through. The situation was the same with binding interfaces and without. Is that a normal behaviour? How can I avoid adding public addresses to the ACL on the Inernet interface?
Here is the config of the CUBE.
voice call send-alert ! voice service voip address-hiding allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 h323 emptycapability no h225 timeout keepalive sip ! ! ! voice class codec 1 codec preference 1 g711alaw codec preference 2 g711ulaw codec preference 3 g729r8 ! ! ! voice class h323 1 h225 timeout tcp establish 5
voice translation-rule 9 rule 1 /^9\([0-9]*\)/ /\1/ ! ! voice translation-profile Test translate called 9
interface GigabitEthernet0/0 description -- LAN Connection -- ip address 172.16.22.2 255.255.255.0 no ip redirects no ip proxy-arp duplex auto speed auto ! interface GigabitEthernet0/1 ip address x.x.x.x x.x.x.x ip access-group Test-in in no ip redirects no ip proxy-arp duplex auto speed auto no cdp enable
ip route 0.0.0.0 0.0.0.0 172.16.22.1 ip route y.y.y.y y.y.y.y x.x.x.x.x ! ! no ip http server no ip http secure-server ! ip access-list extended Test-in permit ip host y.y.y.y host x.x.x.x permit ip host 172.16.22.2 host 172.16.22.3 permit ip host 172.16.22.2 host 172.16.22.4 deny ip any any log
dial-peer voice 1 pots incoming called-number . direct-inward-dial ! dial-peer voice 20 voip answer-address .... voice-class codec 1 dtmf-relay rtp-nte no vad ! dial-peer voice 21 voip destination-pattern 5880201 voice-class codec 1 voice-class h323 1 session target ipv4:172.16.22.4 no vad ! dial-peer voice 22 voip preference 1 destination-pattern 5880202 voice-class codec 1 voice-class h323 1 session target ipv4:172.16.22.3 no vad !
dial-peer voice 2000 voip tone ringback alert-no-PI destination-pattern 311125425 session target ipv4:172.16.22.3 dtmf-relay rtp-nte codec g711alaw no vad ! dial-peer voice 2003 pots ! dial-peer voice 3002 voip description local calls translation-profile outgoing Test preference 1 max-conn 20 destination-pattern 9...... translate-outgoing calling 9 max-redirects 10 session protocol sipv2 session target ipv4:y.y.y.y dtmf-relay rtp-nte codec g711alaw ! ! dial-peer voice 3005 voip description Long distance calls translation-profile outgoing Test preference 1 max-conn 20 destination-pattern 98......... redirect ip2ip translate-outgoing calling 9 session protocol sipv2 session target ipv4:y.y.y.y dtmf-relay rtp-nte sip-notify h245-alphanumeric codec g711alaw no vad
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...