Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

allow VOIP by Cisco 1801

Hi All,

I want to replace a Linksys router by Cisco router 1801
and there is VOIP Aastra telephone system.
In the Linksys router there are the next configuration
Upnp forwarding tcp ext 2110 to ip 192.168.2.200 port 80
and the Port Range forwarding 2001 to 3019 UDP to internal ip 192.168.2.200

Does anybody know how to setup the router for forwarding VOIP (Aastra)

when I replace the router the VOIP work fine until the Aastral device turn off
when turn on the system is down.

I have the following configuration on my Router.


Building configuration...

Current configuration : 7930 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname rtClientInfoodsInc
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
no logging console
enable secret 5 $1$siS6$tGISo/V9jFp6GgOLHOACp0
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-363097691
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-363097691
revocation-check none
rsakeypair TP-self-signed-363097691
!
!
crypto pki certificate chain TP-self-signed-363097691
certificate self-signed 01
  30820258 308201C1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363330 39373639 31301E17 0D303931 32323131 35333735
  385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F ...

      quit
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 6 xxxxxxxx address 10.10.10.10
!
!
crypto ipsec transform-set t-set esp-3des esp-md5-hmac
!
crypto map vpn 10 ipsec-isakmp
set peer 10.10.10.10
set transform-set t-set
match address 130
!
!
dot11 ssid Winta
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 0965402F160A1301595F5372
!
dot11 ssid Winta
   vlan 1
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 07262F6A41061D1645415C54
!
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp excluded-address 192.168.2.181 192.168.2.254
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
!
!
no ip bootp server
ip domain name infoodsinc.com
ip name-server 204.200.241.37
ip port-map user-protocol--1 port tcp 2110
!
multilink bundle-name authenticated
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]

!
!
!
no spanning-tree vlan 1
username cisco1801 privilege 15 secret 5 $1$sa25$GkyVBOldkyLWtrRETa.tp1
archive
log config
  hidekeys
!
!
bridge irb
!
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address 11.11.11.11 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp

ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map vpn
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid Winta
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid Winta
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
description $FW_INSIDE$
ip address 192.168.2.1 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
ip route 0.0.0.0 0.0.0.0 11.11.11.12
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.2.200 80 interface FastEthernet0 2110
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 77 permit 192.168.2.0 0.0.0.3
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip any any
access-list 102 remark SDM_ACL Category=128
access-list 102 permit ip host 10.10.10.10 any
access-list 103 remark SDM_ACL Category=2
access-list 103 deny   ip 192.168.2.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 any
access-list 120 remark SDM_ACL Category=16
access-list 120 deny   ip 192.168.2.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 120 permit ip 192.168.2.0 0.0.0.255 any
access-list 130 remark SDM_ACL Category=20
access-list 130 permit ip 192.168.2.0 0.0.0.255 192.168.41.0 0.0.0.255
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 103
!
!
!
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500

!
webvpn cef
end


thanks

574
Views
0
Helpful
0
Replies
CreatePlease to create content