I am bit confused. We have 2mbps leased line and have Cisco 1841 which is managed by our ISP. I have hooked up another 1841 (please find basic config below, it will get more complex lateron) Now when I connect my laptop I am able to browse Internet. But when I conect VOIP phone, it is not able to contact it's Hosted Server on Internet.
VOIP phone is Polycom SoundPoint 550 and I get URL call disabed message. If I try netgear Firewall everything seems to work.
Just for your info, that the voip provider needs following ports UDP Range 16384 - 32766, TCP 5060 & UDP 5060. But in my config all outbound traffic is allowed.
Current configuration : 1054 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname TEST1841 ! boot-start-marker boot-end-marker ! no aaa new-model dot11 syslog ip cef ! multilink bundle-name authenticated ! username z1 privilege 15 secret 5 $1$XO33$uDZbO3/75dYk.UcJy7DiL. archive log config hidekeys ! interface FastEthernet0/0 description WAN ip address 94.185.xxx.235 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 description LAN ip address 192.168.235.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 94.185.xxx.1 ! ! no ip http server no ip http secure-server ip nat inside source list 102 interface FastEthernet0/0 overload ! access-list 102 permit ip 192.168.235.0 0.0.0.255 any ! control-plane ! line con 0 line aux 0 line vty 0 4 privilege level 15 login local ! scheduler allocate 20000 1000 end
Your problem will be that while you are permitting SIP traffic outbound, the SIP INVITE etc will carry your internal private IP addresses accross the internet to the SIP server. The SIP server will then set up media streams to the private IP address, to which it will have no reachability.
You need a firewall that will not only NAT the IP headers, but also fix up the addresses at layer 7 in the SIP protocol. I believe that the IOS firewall can do this, perhaps someone else can point at a good example?
We have a Cisco 1841 currently running image :c1841-ipbase-mz.124-1c.bin
We upgraded the image to c1841-advsecurityk9-mz.124-1a.bin and having issues with One way audio
Our PBX server is located at on the WAN and the phones register with it .
Please find below , the running config attached . Any help in diagnosing /resolving the issue will be greatly appreciated :
Test_Router#sh ver Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Tue 25-Oct-05 17:10 by evmiller
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Pune_Router uptime is 47 minutes System returned to ROM by reload at 07:54:19 UTC Sun Oct 31 2010 System image file is "flash:c1841-ipbase-mz.124-1c.bin"
Cisco 1841 (revision 6.0) with 114688K/16384K bytes of memory. Processor board ID FHK105016KA 2 FastEthernet interfaces DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
Test_Router#sh run Building configuration...
Current configuration : 2180 bytes ! version 12.4 no service timestamps debug uptime no service timestamps log uptime service password-encryption ! hostname Test_Router ! boot-start-marker boot system flash c1841-ipbase-mz.124-1c.bin boot-end-marker ! no logging buffered enable secret 5 $1$LTRI$WbGDs0E610wlT0d/bJsMK/ ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! ip name-server 126.96.36.199 ip name-server 188.8.131.52 ip name-server 184.108.40.206 ip name-server 220.127.116.11 ! ! ! ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 secondary ip address 59.X.X.X 255.255.255.240 ip flow ingress ip flow egress ip nat inside ip route-cache flow duplex auto speed auto ! interface FastEthernet0/1 ip address 59.X.X.X 255.255.255.252 ip nat outside duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 X.X.X.X ip flow-export source FastEthernet0/0 ip flow-export version 5 ip flow-export destination 192.168.10.101 2055 ip flow-export destination 192.168.10.145 800 ! no ip http server ip nat inside source list 1 interface FastEthernet0/0 overload ! logging trap warnings access-list 1 permit 192.168.10.0 0.0.0.255 ! control-plane ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 session-limit 5 login local transport input telnet ! end
Basically we are just using it for hosted VOIP Phones (no data traffic), which connect to hosted phone provider. We only want NAT and no other inspection going on. This way 1841 will not inspect VOIP packet and alter it.
In past I have come across issues with other firewalls, where when call is forwarded to another phone, you can hear a person, but then can't hear you.
We know of a similar issue with the Cisco 1841. What IOS are you running? This was a bug in CIsco 12.x IOS Mainline related to RTP port changes and the ALG being enabled. I would try upgrading to at least a later 15.x code as Cisco says they have resolved this in that version (I have had many discussions with Cisco regarding this over the last 7 years); we have had some success without adding the above commnads.
The caveat is that this may not fix the problem depending on how your hosted provider has configured their SBC and what type of SBC it is. We found that while the upgrade fixed the issue on some hosted providers, others are running higher versions of SBC hardware/patch software that will not work.
If you look at a packet capture on the OWA(one-way-audio) calls you speak of, I am almost positive you will see the 1841 changing RTP ports. Although your endpoint through the 1841 has advertised that it would like to recieve RTP on port say 5000, it will SEND its actual media on port 5001 due to the ALG. Thus the OWA.
I assume when you are talking hosted, you are likely communicating with and ACME SBC.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.