How to configure Cisco 804 for Skype VOIP

Posted on 2005-04-03
Medium Priority
Last Modified: 2010-04-17
Greetings Experts.

I'm trying to configure my Cisco 804 running IOS 12.1(3)XG4 to support Skype (VOIP). I am not a router jock.  
Skype docs indicate that I need to, in order of preference:

1.  open up outgoing UDP traffic to all ports above 1024 and allow UDP replies to come back, or
2.  open outgoing TCP access to ports 80 and 443

My problems:
1.  I don't know what changes to make in the config file to do this
2.  The first option sounds like a bad idea in terms of security
3.  Even if I knew how, it seems to me that either option opens substantial security risks unless I also use a software firewall to limit access to these ports to Skype only.  This defeats part of my purpose in getting a router for a hardware firewall.

Does anyone know a way to support Skype for full utilization but in a secure way?  Anyone have a working config for Skype that will support this IOS version?  Advice on how to do this without compromising security?

Many thanks in advance.

P.S.  Can anyone point me to a realtively simple, basic reference on configuration files for this generation of IOS?  I'd like to do more but I simply am not understanding the configuration language.  Thanks.

Question by:cybernos
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 13

Expert Comment

ID: 13695043
option 2, open up outbound access to ports 80 & 443, is fine in terms of security. These are the ports used by HTTP & HTTPS and if you are browsing the web, outbound access on these ports is enabled already.

With Cisco routers, the easiest way for people to assist you is if you post a copy of the config from your router with you question.

Author Comment

ID: 13695119
Here is a copy of the config file:

! Cisco IOS router configuration file
! Automatically made by Cisco Fast Step v2.5
! Designed for Cisco C804
! March 17, 2005
! Cisco Fast Step Template

no service udp-small-servers
no service tcp-small-servers
service password-encryption
hostname foobar
username foobar password foobar
enable secret foobar
no ip source-route
isdn switch-type basic-ni

ip routing
ip classless
ip subnet-zero
service dhcp
ip dhcp pool DHCPPoolLAN_0
 lease 1 0 0
ip name-server
ip name-server
pots country US
dial-peer voice 1 pots
 destination-pattern xxx
 port 1
dial-peer voice 2 pots
 destination-pattern xxx
 port 2

interface ethernet 0
 no shutdown
 ip address
 ip route-cache
 no ip proxy-arp
 no ip directed-broadcast
 ip nat inside
 ip access-group 121 in

interface bri 0
 encapsulation ppp
 ppp authentication chap pap callin
 ppp multilink
 isdn switch-type basic-ni
 isdn spid1 xxx xxx
 isdn spid2 xxx xxx
 dialer pool-member 1
 isdn incoming-voice modem
 no shutdown

interface dialer 1
 dialer remote-name Cisco1
 dialer pool 1
 no ip split-horizon
 description ISP
 encapsulation ppp
 dialer idle-timeout 300
 dialer hold-queue 10
 dialer-group 1
 dialer string 3382900 class DialClass
 dialer string 4659097 class DialClass
 ppp authentication chap pap callin
 ppp chap hostname xxx
 ppp chap password xxx
 ppp pap sent-username xxx password xxx
 ppp multilink
 dialer load-threshold 10 either
 ip address negotiated
 ip route-cache
 no ip proxy-arp
 no ip directed-broadcast
 ip nat outside
 ip access-group 121 in

map-class dialer DialClass
 dialer isdn speed 56
dialer-list 1 protocol ip permit

no router rip
ip route dialer 1
ip nat inside source list 18 interface dialer 1 overload
access-list 18 permit
access-list 121 deny udp any eq 138 any
access-list 121 deny udp any eq 137 any
access-list 121 deny udp any eq 139 any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any  time-range TIME
time-range TIME
periodic daily 00:00 to 23:59

line console 0
 exec-timeout 120
line vty 0 4
 exec-timeout 0
 login local

LVL 13

Accepted Solution

td_miles earned 375 total points
ID: 13695243
Is web browsing working for you ? If so, there's no reason why Skype won't work over ports 80/443 as I outlined above.

Some entry level type stuff on Cisco router IOS:

After realising how to use the IOS your best bet is to look at sample config from the cisco web site
LVL 13

Expert Comment

ID: 13695252
Skype website says you need to have version 0.97+ for HTTPS to work:



Author Comment

ID: 14058030
Belated thanks for your response on this, td_miles.  In hindsight the answer seems incredibly obvious, but I wasn't really getting it until your post.  Thanks also for the links.

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question