sunray_2003
asked on
configure cisco 1720 router along with asterisk pbx
Hello,
I am trying to build a network consisting of a CISCO 1720 router with a linux box loaded with
Asterisk pbx software and a host of CISCO IP phones so that we can create a VOIP service in our
office locality.
Planning to use a dedicated T1 line for this purpose.
setup i am thinking would be
T1 line <------> CISCO 1720 router <------> Ethernet Switch
| |
| |
PBX CISCO IP phone
The PBX and CISCO Ip phone are connected to the ethernet switch .. It may not show that way after I submit this question.
We have already installed asterisk on the linux box .
At the moment planning to configure the CISCO 1720 router. The following is the configuration
of the router so far.
********
Using 531 out of 29688 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname OfficePbx
!
enable secret 5 $1$RVT9$L6rsdy/TJPNIlOaTJe qhu.
!
username username
!
!
!
!
memory-size iomem 25
ip subnet-zero
!
!
!
!
interface Serial0
no ip address
no fair-queue
!
interface FastEthernet0
ip address 172.16.1.31 255.255.255.0
speed auto
full-duplex
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password <password>
no login
!
no scheduler allocate
end
*********
Is there a way to determine the IP address provided in the T1 line ?
Does the above setup looks fine or I need to change anything around ?
Suggestions required..
SR
I am trying to build a network consisting of a CISCO 1720 router with a linux box loaded with
Asterisk pbx software and a host of CISCO IP phones so that we can create a VOIP service in our
office locality.
Planning to use a dedicated T1 line for this purpose.
setup i am thinking would be
T1 line <------> CISCO 1720 router <------> Ethernet Switch
| |
| |
PBX CISCO IP phone
The PBX and CISCO Ip phone are connected to the ethernet switch .. It may not show that way after I submit this question.
We have already installed asterisk on the linux box .
At the moment planning to configure the CISCO 1720 router. The following is the configuration
of the router so far.
********
Using 531 out of 29688 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname OfficePbx
!
enable secret 5 $1$RVT9$L6rsdy/TJPNIlOaTJe
!
username username
!
!
!
!
memory-size iomem 25
ip subnet-zero
!
!
!
!
interface Serial0
no ip address
no fair-queue
!
interface FastEthernet0
ip address 172.16.1.31 255.255.255.0
speed auto
full-duplex
!
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password <password>
no login
!
no scheduler allocate
end
*********
Is there a way to determine the IP address provided in the T1 line ?
Does the above setup looks fine or I need to change anything around ?
Suggestions required..
SR
ASKER
I think what I have here is a VOIP/Data T1 ..
Our Asterisk box doesnot got a T1 board and just an ethernet card. Probably think that is the reason why a cisco router is placed in between to get in the T1 line..
Without knowing the IP address (ofcourse I have contacted to get that one) , is there any configuration change that I can do in the meantime. I should be able to setup a dummy ip address to the serial interface and then ip route to the correct ip address ??
Our Asterisk box doesnot got a T1 board and just an ethernet card. Probably think that is the reason why a cisco router is placed in between to get in the T1 line..
Without knowing the IP address (ofcourse I have contacted to get that one) , is there any configuration change that I can do in the meantime. I should be able to setup a dummy ip address to the serial interface and then ip route to the correct ip address ??
I think we're talking apples and oranges here.
The Asterisk box is your LAN-->PSTN (voice) gateway. The T1 must be a T1/PRI and be provisioned for voice only. This would require a T1 PRI card installed in the Asterisk box, something like this:
http://www.digium.com/index.php?menu=wildcard_t100p
If your T1 is data, and you have a "target" IP address for all VOIP traffic that goes through the Telco provider, then you will most likely need a public IP address on the Ethernet interface, if not a dedicated serial IP as well. Then the voip default would be some IP address given to you by the provider.
Need more detailed data, young Jedi...
The Asterisk box is your LAN-->PSTN (voice) gateway. The T1 must be a T1/PRI and be provisioned for voice only. This would require a T1 PRI card installed in the Asterisk box, something like this:
http://www.digium.com/index.php?menu=wildcard_t100p
If your T1 is data, and you have a "target" IP address for all VOIP traffic that goes through the Telco provider, then you will most likely need a public IP address on the Ethernet interface, if not a dedicated serial IP as well. Then the voip default would be some IP address given to you by the provider.
Need more detailed data, young Jedi...
ASKER
OK... New to this hence donot have all the required info. Let me research more on this here.
I went and saw my linux box were asterisk is installed and it doesnot got a T1 card..
I went and saw my linux box were asterisk is installed and it doesnot got a T1 card..
Just learned something from our good friend grblades.... he's doing something quite similar
https://www.experts-exchange.com/questions/21291006/Cisco-837-ADSL-configuration-for-UK-provider-and-multiple-static-IP's.html#13194077
https://www.experts-exchange.com/questions/21291006/Cisco-837-ADSL-configuration-for-UK-provider-and-multiple-static-IP's.html#13194077
ASKER
Thanks Lrmoore. I am getting some training tommorrow at our office on this and hopefully can sort some stuff . Will get back to this Q soon and will also look at grblades methodology
Hello Sunray
This is what I am doing:-
Digicom TE110P T1/E1/PRI card installed in the Linux box which will be connected to our Lucent Index telephone exchange so that we can transfer calls between them.
ADSL line connected via a Cisco 837 router to the ethernet port on the Linux box so that people can connect over the Internet and we can also route international calls over the Internet to a provider and save lots of money on call costs.
As I am using ADSL I have low bandwidth configured and only permit the GSM and iLBC codecs (LPC10 is too low quality) This means in theory I can have 8 simultaneous calls from the ADSL 256K upload bandwidth.
I am using Nikotel as a international call provider as I have found them to be good quality and the payment scheme is fairly easy to manage.
Internally most people will use their desk phones to continue to make calls but use a different prefix to make international calls over the VoIP system. Remote users will use an IAX client as this does not have issues with firewalls unlike the SIP protocol which means it has a better chance of working in hotels which is where our users will really save a lot of money (not unusual for our CEO to spend over $300 a day on calls from hotels)
My current problem is that I am using an old ADSL line and the router is an obscure model which is unreliable and I dont know the admin password for it. I have bought a Cisco 837 but am having problems setting it up in bridging mode so that the public IP's are on the internal interface as I want to avoid having to work around the problems SIP has with NAT.
Looking at your configuration I would advise that you also change to having public IP's on your router internal interface instead of the 172.x.x.x range.
I think the Cisco phones like to talk using the Speex audio codec. Asterisk supports this but you need to install the codec manually so I would advise that you do this.
This is what I am doing:-
Digicom TE110P T1/E1/PRI card installed in the Linux box which will be connected to our Lucent Index telephone exchange so that we can transfer calls between them.
ADSL line connected via a Cisco 837 router to the ethernet port on the Linux box so that people can connect over the Internet and we can also route international calls over the Internet to a provider and save lots of money on call costs.
As I am using ADSL I have low bandwidth configured and only permit the GSM and iLBC codecs (LPC10 is too low quality) This means in theory I can have 8 simultaneous calls from the ADSL 256K upload bandwidth.
I am using Nikotel as a international call provider as I have found them to be good quality and the payment scheme is fairly easy to manage.
Internally most people will use their desk phones to continue to make calls but use a different prefix to make international calls over the VoIP system. Remote users will use an IAX client as this does not have issues with firewalls unlike the SIP protocol which means it has a better chance of working in hotels which is where our users will really save a lot of money (not unusual for our CEO to spend over $300 a day on calls from hotels)
My current problem is that I am using an old ADSL line and the router is an obscure model which is unreliable and I dont know the admin password for it. I have bought a Cisco 837 but am having problems setting it up in bridging mode so that the public IP's are on the internal interface as I want to avoid having to work around the problems SIP has with NAT.
Looking at your configuration I would advise that you also change to having public IP's on your router internal interface instead of the 172.x.x.x range.
I think the Cisco phones like to talk using the Speex audio codec. Asterisk supports this but you need to install the codec manually so I would advise that you do this.
ASKER
My present setup looks like this
-------t1 line ------> Serial side of 1720 , Ethernet side of 1720 <---------- Linux box --------->
I have configured 1720 and since I used NAT ( learning ) hence I think I might be doing something wrong..
My present configuration
**************
interface Serial0
ip address 10.0.0.2 255.255.255.252
ip nat outside
!
interface FastEthernet0
ip address ***.***.39.233 255.255.255.248 secondary
ip address 192.168.10.1 255.255.255.0 secondary
ip nat inside
speed auto
!
ip nat pool qc ***.***.39.234 ***.***.39.234 prefix-length 28
ip nat pool astrix ***.***.39.235 ***.***.39.235 netmask 255.255.255.252 type match-host
ip nat inside source list 51 pool qc overload
ip nat inside source list 52 pool astrix
ip nat inside source static tcp 198.168.10.2 22 ***.***.39.235 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
access-list 51 permit 192.168.10.0 0.0.0.255
access-list 52 permit 192.168.10.2
!
******
My show ip nat translations looks like this
Pro Inside global Inside local Outside local Outside global
tcp ***.***.39.235:22 192.168.10.2:22 --- ---
From outside the network , I can ping to ***.***.39.235 but I cannot ssh to the linux box.. Before connecting the linux to this network , I was able to Ssh so i conclude there is nothing in the linux box that is actually blocking ports..
SR
-------t1 line ------> Serial side of 1720 , Ethernet side of 1720 <---------- Linux box --------->
I have configured 1720 and since I used NAT ( learning ) hence I think I might be doing something wrong..
My present configuration
**************
interface Serial0
ip address 10.0.0.2 255.255.255.252
ip nat outside
!
interface FastEthernet0
ip address ***.***.39.233 255.255.255.248 secondary
ip address 192.168.10.1 255.255.255.0 secondary
ip nat inside
speed auto
!
ip nat pool qc ***.***.39.234 ***.***.39.234 prefix-length 28
ip nat pool astrix ***.***.39.235 ***.***.39.235 netmask 255.255.255.252 type match-host
ip nat inside source list 51 pool qc overload
ip nat inside source list 52 pool astrix
ip nat inside source static tcp 198.168.10.2 22 ***.***.39.235 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
access-list 51 permit 192.168.10.0 0.0.0.255
access-list 52 permit 192.168.10.2
!
******
My show ip nat translations looks like this
Pro Inside global Inside local Outside local Outside global
tcp ***.***.39.235:22 192.168.10.2:22 --- ---
From outside the network , I can ping to ***.***.39.235 but I cannot ssh to the linux box.. Before connecting the linux to this network , I was able to Ssh so i conclude there is nothing in the linux box that is actually blocking ports..
SR
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cool.. that works.. if my linux box is well protected (in the sense that it only allows traffic on port 22 for sshing) ,
does an access-list need to be given in the router for extra protection ??
does an access-list need to be given in the router for extra protection ??
That's up to you, but I would at least think about it, and remember that it can get complicated because you can only apply one acl to the interface and it must be able to handle all the other traffic as well as the asterix (if you have other hosts that is)..
ASKER
Since this network i am building is in the development stage , I might have some more questions to ask related to this.I shall get back on this as i get into issues..
thanks for the quick help asusual..
thanks for the quick help asusual..
I would always configure an access-list on the router aswell. It adds extra protection just incase someone disables the firewall on the Linux machine my mistake etc...
Just be aware that the SIP protocol does not work well over NAT. Asterisk has an option to ignore all IP's in SIP packets which can get it working in some situations but it is best avoided if you can.
Just be aware that the SIP protocol does not work well over NAT. Asterisk has an option to ignore all IP's in SIP packets which can get it working in some situations but it is best avoided if you can.
ASKER
grblades,
I am getting a "maximum retries exceeded on call " while calling from an ip phone connected to our asterisk. Is this something you have come across ?
I am getting a "maximum retries exceeded on call " while calling from an ip phone connected to our asterisk. Is this something you have come across ?
I have seen it where the SIP registration fails due to our ADSL line going down.
Where are you trying to dial to on the IP phone?
Where are you trying to dial to on the IP phone?
ASKER
i am dialing the extension of another phone and also outside line.. both gives the same error.
our T1 line is up as I am connecting internet through it.. Not sure any configuration changes need to be done in the box
SR
our T1 line is up as I am connecting internet through it.. Not sure any configuration changes need to be done in the box
SR
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are T1 boards that go into Asterisk boxes to provide the PSTN connectivity. Perhaps that is what you are after?