Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505 - 2801 - FXO - 911 Remote Office

Hi,

Hope you guys can help me to configure all Cisco devices in the right direction.

I am upgrading WAN speeds on some of our remote offices.

At each remote location we run IP Phones that connect to our central office for CUCM registration.

The topology is something like this:


Vlan 10 for Data (10.10.144.X)

Vlan 15 for Phones (192.168.144.x)

When phones dial 911 there is a route patter mapped to the MGCP FXO port gateway that route the call to the POTS line.

Central Office ----------------- T1 ----------------- 2801 ---3560 --- IP Phones

CUCM                                                    |--FXO card---------------------- POTS---- (For 911 Calls)

7204

ASA5520

Now, the topology changed when we moved to a faster ISP disconnected the T1 and added a ASA5505 for security.

The problem was that we removed the 2801 thinking we didn't need it anymore and there would be a workaround for the 911 calls to continue to go out the remote office POTS line but we couldn't find any that would work without the router in place.

The new topology looks like this:

Vlan 10 for Data and Voice (10.10.144.X)

(911 calls are going out the Central office PRI now)

Central Office ----------------- L2L VPN Tunnel ----------------- ASA5505 ---3560 --- IP Phones

CUCM                                                                          |-------- (Faster ISP)

7204

ASA5520

I would like to know what can I do to continue to route 911 calls made form the remote office IP phones via the POTS line.

Should I re-install the 2801 router and use the FXO card as before? I guess I would have to re-configure the ASA to only work as a firewall and do the routing on the router. Would this be a problem?

Can you guys think of any other workaround?

Also, what are the limitations as far as Vlans on the ASA, Will I be able to route Vlan 10 and 15 throught the VPN tunnel? ASA show version shows VLAN Trunk ports : 0 (I'm not sure if this matters at all)

I hope someone out there can help me on this.

Thanks in advance,

Zeek

7 REPLIES

ASA5505 - 2801 - FXO - 911 Remote Office

Zeek,

let me ask you something. Where is that PSTN line currently plugged into? I.e. what piece of kit is doing the conversion from IP to analog (FXO)? Looking at your new topology, you will need to put the gateway back in.

Regards


=============================
Please remember to rate useful posts, by clicking on the stars below. 

=============================

Please remember to rate useful posts, by clicking on the stars below.

New Member

ASA5505 - 2801 - FXO - 911 Remote Office

On the new topology the PSTN line is unplugged/not in use.

With the old topology the FXO card was installed on the 2801 router.

ASA5505 - 2801 - FXO - 911 Remote Office

You can't route a 911 call to PSTN if CUCM does not have a 911 patter that points to a gateway that is connected to PSTN.

=============================
Please remember to rate useful posts, by clicking on the stars below. 

=============================

Please remember to rate useful posts, by clicking on the stars below.

New Member

ASA5505 - 2801 - FXO - 911 Remote Office

Two major options:

Turn the ASA into a tunnel device and use the 2801 as your layer 3 termination point for the two VLANs; configure the ASA - 2801 configuration with a /30 and lock it all down with statics.

Use the ASA as your "router" and install the 2801 as a voice gateway on one of the subnets.

Either way, you have to use the 2801 as a Gateway in CUCM to provide a termination point for the FXO for 911 services.


Chuck

New Member

ASA5505 - 2801 - FXO - 911 Remote Office

Thanks chuck!

I'll let you guys know how it goes tonight. I know is going to be a long night!

New Member

Re: ASA5505 - 2801 - FXO - 911 Remote Office

I have one question:

If I want to follow option 1, let the ASA do VPN only and connect it to the 2801 using /30, configure vlans and routing on router...

I want to IP both devices like this:

ASA Inside in 10.10.144.2

2801 int eth 0/1 10.10.144.1

Based on my config below (look at subinterfaces for Vlans), when I try to assign IP ADDRESS 10.10.144.1 255.255.255.252 the Interface FastEthernet 0/1 thats is connected to ASA I ge the following

% 10.10.144.0 overlaps with FastEthernet0/0.10

On 2801

interface FastEthernet0/0

description CONNECTED TO SWITCH (Phones and PC)

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.10

description VLAN 10 for Data

encapsulation dot1Q 10

ip address 10.10.144.1 255.255.255.0

no cdp enable

!

interface FastEthernet0/0.15

description VLAN 15 for Voice

encapsulation dot1Q 15

ip address 192.168.144.1 255.255.255.0

!

interface FastEthernet0/1

description CONNECT TO ASA5505 INSIDE

duplex auto

speed auto

no cdp enable

I understand is overlaping with the Vlan 10 subinterface IP Address command. How can I make this work? so I can keep .1 on router and .2 on ASA without messing up the Vlan subnets.

Thanks again in advance.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

After writing the above info I started to think I am doing it wrong.

I believe I have to assign a different /30 subnet on 2801 int 0/1 to ASA, same as inside int on ASA correct?

Something like

On 2801

interface FastEthernet0/1

description CONNECT TO ASA5505 INSIDE

ip address 192.168.98.2 255.255.255.252

duplex auto

speed auto

no cdp enable

On ASA Inside

description CONNECTED TO 2801

ip address 192.168.98.1 255.255.255.252

ASA5505 - 2801 - FXO - 911 Remote Office

Zeek,

your 10.10.144.0/30 obvisously overlaps with 10.10.144.0/24 you cannot assign that to the same device on different interfaces, it just wont work.  your second part of your post using 192.168.98.0/30 looks much better.  make sure you test it by doing an extended ping from 192.168.98.2 to 1 or the other way around.

=============================
Please remember to rate useful posts, by clicking on the stars below. 

=============================

Please remember to rate useful posts, by clicking on the stars below.

247
Views
5
Helpful
7
Replies