Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to configure Cisco 804 for Skype VOIP

Posted on 2005-04-03
Medium Priority
Last Modified: 2010-04-17
Greetings Experts.

I'm trying to configure my Cisco 804 running IOS 12.1(3)XG4 to support Skype (VOIP). I am not a router jock.  
Skype docs indicate that I need to, in order of preference:

1.  open up outgoing UDP traffic to all ports above 1024 and allow UDP replies to come back, or
2.  open outgoing TCP access to ports 80 and 443

My problems:
1.  I don't know what changes to make in the config file to do this
2.  The first option sounds like a bad idea in terms of security
3.  Even if I knew how, it seems to me that either option opens substantial security risks unless I also use a software firewall to limit access to these ports to Skype only.  This defeats part of my purpose in getting a router for a hardware firewall.

Does anyone know a way to support Skype for full utilization but in a secure way?  Anyone have a working config for Skype that will support this IOS version?  Advice on how to do this without compromising security?

Many thanks in advance.

P.S.  Can anyone point me to a realtively simple, basic reference on configuration files for this generation of IOS?  I'd like to do more but I simply am not understanding the configuration language.  Thanks.

Question by:cybernos
  • 3
  • 2
LVL 13

Expert Comment

ID: 13695043
option 2, open up outbound access to ports 80 & 443, is fine in terms of security. These are the ports used by HTTP & HTTPS and if you are browsing the web, outbound access on these ports is enabled already.

With Cisco routers, the easiest way for people to assist you is if you post a copy of the config from your router with you question.

Author Comment

ID: 13695119
Here is a copy of the config file:

! Cisco IOS router configuration file
! Automatically made by Cisco Fast Step v2.5
! Designed for Cisco C804
! March 17, 2005
! Cisco Fast Step Template

no service udp-small-servers
no service tcp-small-servers
service password-encryption
hostname foobar
username foobar password foobar
enable secret foobar
no ip source-route
isdn switch-type basic-ni

ip routing
ip classless
ip subnet-zero
service dhcp
ip dhcp pool DHCPPoolLAN_0
 lease 1 0 0
ip name-server
ip name-server
pots country US
dial-peer voice 1 pots
 destination-pattern xxx
 port 1
dial-peer voice 2 pots
 destination-pattern xxx
 port 2

interface ethernet 0
 no shutdown
 ip address
 ip route-cache
 no ip proxy-arp
 no ip directed-broadcast
 ip nat inside
 ip access-group 121 in

interface bri 0
 encapsulation ppp
 ppp authentication chap pap callin
 ppp multilink
 isdn switch-type basic-ni
 isdn spid1 xxx xxx
 isdn spid2 xxx xxx
 dialer pool-member 1
 isdn incoming-voice modem
 no shutdown

interface dialer 1
 dialer remote-name Cisco1
 dialer pool 1
 no ip split-horizon
 description ISP
 encapsulation ppp
 dialer idle-timeout 300
 dialer hold-queue 10
 dialer-group 1
 dialer string 3382900 class DialClass
 dialer string 4659097 class DialClass
 ppp authentication chap pap callin
 ppp chap hostname xxx
 ppp chap password xxx
 ppp pap sent-username xxx password xxx
 ppp multilink
 dialer load-threshold 10 either
 ip address negotiated
 ip route-cache
 no ip proxy-arp
 no ip directed-broadcast
 ip nat outside
 ip access-group 121 in

map-class dialer DialClass
 dialer isdn speed 56
dialer-list 1 protocol ip permit

no router rip
ip route dialer 1
ip nat inside source list 18 interface dialer 1 overload
access-list 18 permit
access-list 121 deny udp any eq 138 any
access-list 121 deny udp any eq 137 any
access-list 121 deny udp any eq 139 any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any  time-range TIME
time-range TIME
periodic daily 00:00 to 23:59

line console 0
 exec-timeout 120
line vty 0 4
 exec-timeout 0
 login local

LVL 13

Accepted Solution

td_miles earned 375 total points
ID: 13695243
Is web browsing working for you ? If so, there's no reason why Skype won't work over ports 80/443 as I outlined above.

Some entry level type stuff on Cisco router IOS:

After realising how to use the IOS your best bet is to look at sample config from the cisco web site
LVL 13

Expert Comment

ID: 13695252
Skype website says you need to have version 0.97+ for HTTPS to work:



Author Comment

ID: 14058030
Belated thanks for your response on this, td_miles.  In hindsight the answer seems incredibly obvious, but I wasn't really getting it until your post.  Thanks also for the links.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question