Solved

Ichat+Cisco 831

Posted on 2007-03-17
9
1,125 Views
Last Modified: 2013-11-16
I  want use nat on my csco 831 for all of my computers  not just one and this problem is mostly with viseo chat.
0
Comment
Question by:jcw20
  • 6
  • 3
9 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
Comment Utility
Gave out a suggestion some time back for similar one;

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_22078680.html?sfQueryTermInfo=1+ichat

Look at the link and it has a link posted in the first post. As well, the author found out some other information as well pertaining to Ichat and Cisco.

Cheers,
Rajesh
0
 
LVL 1

Author Comment

by:jcw20
Comment Utility
I am using dhcp for my lan not static.
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Yeah, even in the other post the author is using dhcp (if you look at the configuration he has posted). So is there any issues?

Cheers,
Rajesh
0
 
LVL 1

Author Comment

by:jcw20
Comment Utility
Trublu182:Found the solution!

Not sure if I can explain this right, but Cisco is supposedly a big nut when it comes to internet telephony.  Internet telephony runs on the SIP protocol, the same protocol that Apple's iChat uses for video conferences.  iChat would never work because the SIP protocol it needed to function was being grabbed so to speak by the Cisco router for use for internet telephony only.  Thus, the magic command you need to put in your config to stop the cisco router from being a pain and allowing iChat to function is this

no ip nat service sip udp port 5060

Below is a sample of my config for my Cisco Router 1811 so people can use it as an example.


Building configuration...

Current configuration : 11803 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 XXX
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_mac1
 server 10.5.80.1 auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods1 group rad_mac1
aaa authentication ppp login local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.5.80.1 10.5.80.99
ip dhcp excluded-address 10.5.80.141 10.5.80.254
ip dhcp excluded-address 10.5.81.1 10.5.81.254
!
ip dhcp pool sdm-pool1
   import all
   network 10.5.80.0 255.255.254.0
   dns-server 4.2.2.2
   default-router 10.5.80.1
!
ip dhcp pool mac1
   host 10.5.80.99 255.255.254.0
   client-identifier 0100.1451.1a0d.1a
   client-name mac1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 4.2.2.2
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect max-incomplete low 100
ip inspect max-incomplete high 200
ip inspect one-minute low 100
ip inspect one-minute high 200
ip inspect udp idle-time 15
ip inspect dns-timeout 2
ip inspect tcp idle-time 600
ip inspect tcp synwait-time 10
ip inspect name CBAC cuseeme
ip inspect name CBAC dns
ip inspect name CBAC h323
ip inspect name CBAC https
ip inspect name CBAC icmp
ip inspect name CBAC imap reset
ip inspect name CBAC pop3 reset
ip inspect name CBAC netshow
ip inspect name CBAC rcmd
ip inspect name CBAC realaudio
ip inspect name CBAC rtsp
ip inspect name CBAC esmtp
ip inspect name CBAC sqlnet
ip inspect name CBAC streamworks
ip inspect name CBAC tftp
ip inspect name CBAC vdolive
ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC ftp
ip inspect name CBAC sip
ip inspect name CBAC sip-tls
ip inspect name CBAC appleqtc
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
crypto pki trustpoint TP-self-signed-3729953927
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3729953927
 revocation-check none
 rsakeypair TP-self-signed-3729953927
!
!
crypto pki certificate chain TP-self-signed-3729953927
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33373239 39353339 3237301E 170D3036 30383234 32303131
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37323939
  35333932 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BE2D D55C684A 6D041CD0 59E1EBA6 C29A21C3 A885838C 43D99AC5 983F778B
  2A0982FA 02E75FBC B69E49F1 54245B97 749D0DA0 73F7C21F CCE68A0A D8ECAF11
  81C6C187 33CD1462 7BE57DC6 8C0FF668 A19237C0 5016BEFB FE27536B DB48F683
  269EB1A8 33DA5E7A 810F6B51 1FC421FB 2CA0CA9E D3994CE9 6D0428B8 021BE899
  65250203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 144E2CFF 95E6A397 3D62F8DB 1F2E873E 261AB33E
  CC301D06 03551D0E 04160414 4E2CFF95 E6A3973D 62F8DB1F 2E873E26 1AB33ECC
  300D0609 2A864886 F70D0101 04050003 818100B1 B60F6400 690F01D2 F5A8F9BC
  2C33BB8D 80DBBE2A 9F8AB4CF 98F31322 8E9E9F6B 5B2BD92D 995FFD67 206D5125
  DD22E286 24F83CB6 27E6A163 B9AA84BB 53327FE3 D81F7E78 D12DC3DB F57A7BC5
  CCCD02D8 E79F0927 DBC0BB9C ACCFDA87 ABA333F9 5E2D73C0 1E865390 C89D04E9
  801EA77F 184625D7 33952058 90BAAA75 4EF297
  quit
username XXX privilege 15 secret 5 XXX
username XXX privilege 0 password 7 XXX
!
!
!
bridge irb
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$
 ip address 128.X.X.X 255.255.255.0
 ip access-group 102 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip inspect CBAC out
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ETH-WAN$$FW_OUTSIDE$
 ip address 192.168.2.49 255.255.255.0
 ip access-group 103 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip inspect CBAC out
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
!
interface FastEthernet2
 spanning-tree portfast
!
interface FastEthernet3
 spanning-tree portfast
!
interface FastEthernet4
 spanning-tree portfast
!
interface FastEthernet5
 spanning-tree portfast
!
interface FastEthernet6
 spanning-tree portfast
!
interface FastEthernet7
 spanning-tree portfast
!
interface FastEthernet8
 spanning-tree portfast
!
interface FastEthernet9
 spanning-tree portfast
!
interface Dot11Radio0
 no ip address
 !
 ssid ubtrio
    authentication open mac-address mac_methods1
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 !
 ssid ubtrio
    authentication open mac-address mac_methods1
 !
 speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Virtual-Template1
 description $FW_INSIDE$
 ip unnumbered BVI1
 no ip redirects
 no ip unreachables
 ip route-cache flow
 ip mroute-cache
 peer default ip address pool pptp
 ppp encrypt mppe auto required
 ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 10.5.80.1 255.255.254.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
ip local pool pptp 10.5.81.10 10.5.81.50
ip route 0.0.0.0 0.0.0.0 128.X.X.X
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
ip flow-top-talkers
 top 10
 sort-by bytes
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
no ip nat service sip udp port 5060
ip nat inside source static tcp 10.5.80.99 21 interface FastEthernet1 21
ip nat inside source static tcp 10.5.80.99 20 interface FastEthernet1 20
ip nat inside source static udp 10.5.80.99 16403 interface FastEthernet0 16403
ip nat inside source static udp 10.5.80.99 16402 interface FastEthernet0 16402
ip nat inside source static udp 10.5.80.99 16401 interface FastEthernet0 16401
ip nat inside source static udp 10.5.80.99 16400 interface FastEthernet0 16400
ip nat inside source static udp 10.5.80.99 16399 interface FastEthernet0 16399
ip nat inside source static udp 10.5.80.99 16398 interface FastEthernet0 16398
ip nat inside source static udp 10.5.80.99 16397 interface FastEthernet0 16397
ip nat inside source static udp 10.5.80.99 16396 interface FastEthernet0 16396
ip nat inside source static udp 10.5.80.99 16395 interface FastEthernet0 16395
ip nat inside source static udp 10.5.80.99 16394 interface FastEthernet0 16394
ip nat inside source static udp 10.5.80.99 16393 interface FastEthernet0 16393
ip nat inside source static udp 10.5.80.99 16392 interface FastEthernet0 16392
ip nat inside source static udp 10.5.80.99 16391 interface FastEthernet0 16391
ip nat inside source static udp 10.5.80.99 16390 interface FastEthernet0 16390
ip nat inside source static udp 10.5.80.99 16389 interface FastEthernet0 16389
ip nat inside source static udp 10.5.80.99 16388 interface FastEthernet0 16388
ip nat inside source static udp 10.5.80.99 16387 interface FastEthernet0 16387
ip nat inside source static udp 10.5.80.99 16386 interface FastEthernet0 16386
ip nat inside source static udp 10.5.80.99 16385 interface FastEthernet0 16385
ip nat inside source static udp 10.5.80.99 16384 interface FastEthernet0 16384
ip nat inside source static udp 10.5.80.99 5060 interface FastEthernet0 5060
ip nat inside source route-map RMAP-WAN0 interface FastEthernet0 overload
ip nat inside source route-map RMAP-WAN1 interface FastEthernet1 overload
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.5.80.0 0.0.0.255
access-list 1 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 10.5.80.0 0.0.0.255 any
access-list 100 deny   ip any any
access-list 102 permit tcp any host 128.X.X.X eq 1723
access-list 102 permit gre any host 128.X.X.X
access-list 102 permit udp any host 128.X.X.X eq 5060
access-list 102 permit udp any host 128.X.X.X range 16384 16403
access-list 102 deny   ip any any log
access-list 103 permit tcp host 10.5.80.99 host 192.168.2.49 eq ftp
access-list 103 permit tcp host 10.5.80.99 host 192.168.2.49 eq ftp-data
access-list 103 deny   ip any any log
access-list 120 permit ip 10.5.80.0 0.0.1.255 any
no cdp run
!
!
!
route-map RMAP-WAN1 permit 10
 match ip address 120
 match interface FastEthernet1
!
route-map RMAP-WAN0 permit 10
 match ip address 120
 match interface FastEthernet0
!
!
!
radius-server local
  nas 10.5.80.1 key 7 XXX
  group VPN_Users
  !
  user 0014bfd84f23 nthash 7 0224207D5A532B006A195A4E5432445C2956087970786B117335263456530F0D01 mac-auth-only
  user 0012f0ae1286 nthash 7 115A3A274E315354207E73057E646D034656445622707F7D0270565B4C47787C06 mac-auth-only
!
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.5.80.1 auth-port 1812 acct-port 1813 key 7 06130D355E4706
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCC Authorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 transport output telnet
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 transport output telnet
line vty 0 4
 access-class 100 in
 password 7 XXX
 transport input telnet ssh
line vty 5 193
 access-class 100 in
 password 7 XXX
 transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:jcw20
Comment Utility
Why fast ethernet  my internet conetion is thernet 1 local is ethernet 0
0
 
LVL 1

Author Comment

by:jcw20
Comment Utility
I am also not using a pix firewall. I am using a cisco 81 router.
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Whether it is ethernet or fast ethernet doesn't make any difference to this configuration.

As well, the above is not pix firewall - but it is a router, see the first line it states 12.4 which is IOS.

Cheers,
Rajesh
0
 
LVL 1

Author Comment

by:jcw20
Comment Utility
so what part of this do i  actuakky need.
0
 
LVL 1

Author Comment

by:jcw20
Comment Utility
He i s specifyin individual hosts  iwna any computer on the inside to be able to use i chat or any other  program for that mater
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now