Mam problem z konfiguracją routera cisco, a dokładniej VOIP.
Operator wymaga do poprawnego działania usługi wyłączenia SIP ALG.
W momencie wyłączenia poleceniem "no ip nat service sip udp port 5060" oraz restarcie aparatów głos działa w jedną stronę.
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.102.200 192.168.102.254
!
ip dhcp pool VOIP_DHCP
network 192.168.102.0 255.255.255.0
default-router 192.168.102.230
dns-server 8.8.8.8
domain-name CVSA.pl
lease 9
description WAN_NITRO
ip address 79.98.144.69 255.255.255.248
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description VOIP_LAN
ip address 192.168.102.230 255.255.255.0
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip route 0.0.0.0 0.0.0.0 79.98.144.65 permanent
ip nat pool ovrld 79.98.144.69 79.98.144.69 prefix-length 24
ip nat inside source list 101 pool ovrld overload
ip nat inside source static tcp 192.168.102.23 80 79.98.144.69 9090 extendable
!
logging trap debugging
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit tcp any any
Current configuration : 5044 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CVSA_VOIP
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 XXX
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.102.200 192.168.102.254
!
ip dhcp pool VOIP_DHCP
network 192.168.102.0 255.255.255.0
default-router 192.168.102.230
dns-server 8.8.8.8
domain-name CVSA.pl
lease 9
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name CVSA.pl
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
crypto pki trustpoint TP-self-signed-4083236837
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4083236837
revocation-check none
rsakeypair TP-self-signed-4083236837
!
!
crypto pki certificate chain TP-self-signed-4083236837
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303833 32333638 3337301E 170D3135 30363136 31393432
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30383332
33363833 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C868 D01D64A8 7F629763 8D92B237 F0C23FDF 931F2A64 AEB40271 D83DD03C
20191F3F 6A325AAB 98ABE408 A4B0E731 BFA79B2C 3B9BFA23 41332617 C03EDA6C
61566E9C 62456ABE ABD11E41 CCC024BE 3388D35D E90945A9 374DFDAC 77A73E7B
C8AC05E7 AE132EB4 CBE2B928 29351D7A F94E74A1 F6FEAB0A F8D1A28D 6EE0D706
4E7B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 11435653 415F564F 49502E43 5653412E 706C301F 0603551D
23041830 16801414 EA4A2CEB F17CB500 D6003054 5B65AFF5 575A0130 1D060355
1D0E0416 041414EA 4A2CEBF1 7CB500D6 0030545B 65AFF557 5A01300D 06092A86
4886F70D 01010405 00038181 0039CA39 536E7EF2 84E02186 A87B76B5 034E88D7
75484E49 0125B956 F33B839E B70EE1E7 E77C44C3 79094D79 1AC73BA2 EAF29023
54405A12 B52A0915 96021D44 CD351EE6 1F2A740A C1223FCB C91B01AC 5B229731
79178D97 940E8023 E5280826 86BB4955 4F851F8C 66C7EC92 022168FC 0A059421
65BD7C4B 228A4E0F 9CD5C8BB C2
quit
!
!
!
!
!
!
description WAN_NITRO
ip address 79.98.144.69 255.255.255.248
ip access-group 101 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet1
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
description VOIP_LAN
ip address 192.168.102.230 255.255.255.0
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip default-gateway 79.98.144.65
ip route 0.0.0.0 0.0.0.0 79.98.144.65 permanent
!
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool ovrld 79.98.144.69 79.98.144.69 prefix-length 24
ip nat inside source list 101 pool ovrld overload
!
logging trap debugging
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit tcp any any
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end