using CCA2.0.1 to change FastEthernet0/0 IP address
Need some advice,
I have a cbeyond SIP phone service, works great. After discussion with cbeyond technician and my Cisco Systems Engineer, it was suggested that I alter my Fastethernet0/0 IP address to a Global IP address, for obvious reasons.
I used CCA2.0.1 to alter my internet IP address.
I can still browse to the internet, but my UC520 is now using a Global IP address given to me by cbeyond rather than the private IP address that it was using before.
I next added a NAT entry to allow for a port Address translation from my wan interface to my lan interface port 5722 to private IP 192.168.10.200
My concern is that my acess list now looks too brief, and look too restrictive
here is the OLD access list;
access-list 105 remark auto generated by SDM firewall configuration##NO_ACES_20##
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp host 192.168.22.212 eq 5060 any
access-list 105 permit udp host 192.168.22.212 any eq 5060
access-list 105 deny ip 10.1.10.0 0.0.0.3 any
access-list 105 deny ip 10.1.1.0 0.0.0.255 any
access-list 105 deny ip 192.168.10.0 0.0.0.255 any
access-list 105 permit udp host 22.214.171.124 eq domain any
access-list 105 permit udp host 126.96.36.199 eq domain any
access-list 105 permit icmp any host 10.0.1.26 echo-reply
access-list 105 permit icmp any host 10.0.1.26 time-exceeded
access-list 105 permit icmp any host 10.0.1.26 unreachable
access-list 105 permit udp any any range 16384 32767
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip host 0.0.0.0 any
access-list 105 deny ip any any log
here is my show run of my FastEthernet0/0 interface and new access list that is attached to FastEthernet0/0
interface FastEthernet0/0 description $FW_OUTSIDE$ ip address 188.8.131.52 255.255.255.252 ip access-group 104 in ip nat outside ip inspect SDM_MEDIUM out ip virtual-reassembly duplex auto speed auto service-policy input sdmappfwp2p_SDM_MEDIUM service-policy output sdmappfwp2p_SDM_MEDIUM
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_2## access-list 104 remark SDM_ACL Category=1 access-list 104 permit tcp any host 184.108.40.206 eq 5722 log access-list 104 deny ip any any
My concern is regarding the old access list 105 took into account allowing SIP from my service provider and other necessary services. The new access list does not take into account these DNS, SIP and ICMP services.
How can I use CCA2.0.1 to allow the SIP connection from CBeyond , Domain services and ICMP functionality.
Configure Multicast Paging on the Cisco IP Phone 7800 Series or 8800 Series Multiplatform Phone
The Cisco IP Phone 7800 and 8800 Series Multiplatform Phones provide voice communication over an Internet Protocol (IP) network...
Add Call Park on a Cisco 7800 or 8800 Series Multiplatform Phone Key Expansion Module
Call park allows the user of the phone to put an incoming call on hold so that the call can be retrieved on another phone. A call is park...