Solved

cisco 3825 voip config

Posted on 2010-11-09
6
1,730 Views
Last Modified: 2012-05-10
Hi

I am trying to configure a Cisco 3825 CME behind a cisco ASA5510.

I have configured internal dialling but am struggling with a SIP trunk to provider.

I cannot get the SIP Trunk to register at provider. Not sure if that is CCME config issues or ASA5510 Nat issues.

Config attached. Any pointers would be much appreciated

Regards
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PhoneRouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$BZY0$Q15IEXO8gl9AJqe2onREG.

!
no aaa new-model
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 2:00
!
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 172.22.1.1 172.22.1.49
!
ip dhcp pool voice
   network 172.22.100.0 255.255.255.0
   option 150 ip 172.22.100.1 
   default-router 172.22.100.1 
!
ip dhcp pool data
   network 172.22.1.0 255.255.255.0
   option 150 ip 172.22.1.1 
   default-router 172.22.1.1 
!
!
ip cef
!
!
ip domain name test.co.uk
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
voice service voip 
 allow-connections sip to sip
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer
 fax protocol cisco 
 sip
  bind control source-interface GigabitEthernet0/0.1
  bind media source-interface GigabitEthernet0/0.1
  registrar server expires max 120 min 120
!
!
!
voice class codec 1
 codec preference 1 g711ulaw
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice translation-rule 4
 rule 15 /^....$/ /02035555555/
!
voice translation-rule 5
 rule 1 /02035555555/ /5169/
!
voice translation-rule 411
 rule 1 /^9\(.*\)/ /ABCD9\1/
!
voice translation-rule 412
 rule 1 /^ABCD\(.*\)/ /\1/
!
voice translation-rule 1111
 rule 15 /^....$/ /02035555555/
!
voice translation-rule 1112
 rule 1 /^9/ //
!
voice translation-rule 2222
 rule 1 /^909[01]......../ //
 rule 2 /^9090[89]......./ //
 rule 3 /^9098\(.*\)/ //
!
!
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
 translate calling 1111
!
voice translation-profile CallBlocking
 translate called 2222
!
voice translation-profile Incoming_Called_5
 translate called 5
!
voice translation-profile OUTGOING_TRANSLATION_PROFILE
 translate called 1112
!
voice translation-profile PROFILE_ALL_BRI
 translate calling 4
!
voice translation-profile PSTN_CallForwarding
 translate redirect-target 410
 translate redirect-called 410
!
voice translation-profile PSTN_Outgoing
 translate calling 1111
 translate called 1112
 translate redirect-target 410
 translate redirect-called 410
!
voice translation-profile SIP_Incoming
 translate called 411
!
voice translation-profile SIP_Passthrough
 translate called 412
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 172.22.1.1 255.255.255.0
 no cdp enable
!
interface GigabitEthernet0/0.100
 encapsulation dot1Q 100
 ip address 172.22.100.1 255.255.255.0
 no cdp enable
!
interface GigabitEthernet0/1
 description $ES_LAN$
 no ip address
 shutdown
 duplex auto
 speed auto
 media-type rj45
 no cdp enable
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.22.1.254
ip http server
ip http authentication local
no ip http secure-server
!
!
!
no cdp run

!
!
tftp-server flash:SCCP11.8-4-2S.loads
tftp-server flash:SCCP42.8-4-2S.loads
tftp-server flash:apps11.8-4-1-23.sbn
tftp-server flash:apps42.8-4-1-23.sbn
tftp-server flash:cnu11.8-4-1-23.sbn
tftp-server flash:cnu42.8-4-1-23.sbn
tftp-server flash:cvm11sccp.8-4-1-23.sbn
tftp-server flash:cvm42sccp.8-4-1-23.sbn
tftp-server flash:dsp11.8-4-1-23.sbn
tftp-server flash:dsp42.8-4-1-23.sbn
tftp-server flash:jar11sccp.8-4-1-23.sbn
tftp-server flash:jar42sccp.8-4-1-23.sbn
tftp-server flash:term06.default.loads
tftp-server flash:term11.default.loads
tftp-server flash:term42.default.loads
tftp-server flash:/its/user_define_1_td-sccp.jar alias English_United_Kingdom/td-sccp.jar
tftp-server flash:/its/user_define_1_g3-tones.xml alias United_Kingdom/g3-tones.xml
tftp-server flash:term62.default.loads
!
control-plane
!
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
dial-peer cor custom
 name internal
 name local
 name local-plus
 name international
 name national
 name national-plus
 name emergency
 name toll-free
!
!
dial-peer cor list call-internal
 member internal
!
dial-peer cor list call-local
 member local
!
dial-peer cor list call-local-plus
 member local-plus
!
dial-peer cor list call-national
 member national
!
dial-peer cor list call-national-plus
 member national-plus
!
dial-peer cor list call-international
 member international
!
dial-peer cor list call-emergency
 member emergency
!
dial-peer cor list call-toll-free
 member toll-free
!
dial-peer cor list user-internal
 member internal
 member emergency
!
dial-peer cor list user-local
 member internal
 member local
 member emergency
 member toll-free
!
dial-peer cor list user-local-plus
 member internal
 member local
 member local-plus
 member emergency
 member toll-free
!
dial-peer cor list user-national
 member internal
 member local
 member local-plus
 member national
 member emergency
 member toll-free
!
dial-peer cor list user-national-plus
 member internal
 member local
 member local-plus
 member national
 member national-plus
 member emergency
 member toll-free
!
dial-peer cor list user-international
 member internal
 member local
 member local-plus
 member international
 member national
 member national-plus
 member emergency
 member toll-free
!
!
dial-peer voice 1000 voip
 permission term
 description ** Incoming call from SIP trunk (Generic SIP Trunk Provider) **
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 incoming called-number .%
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1001 voip
 corlist outgoing call-local
 description ** star code to SIP trunk (Generic SIP Trunk Provider) **
 destination-pattern *..
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1003 voip
 description ** Passthrough Inbound Calls from CUE **
 translation-profile incoming SIP_Passthrough
 b2bua
 session protocol sipv2
 session target ipv4:172.22.100.1
 incoming called-number ABCDT
 dtmf-relay sip-notify
 codec g711ulaw
 no vad
!
dial-peer voice 1005 voip
 description ** Passthrough Inbound MWI from CUE **
 b2bua
 session protocol sipv2
 session target ipv4:172.22.100.1
 incoming called-number A80T
 dtmf-relay sip-notify
 codec g711ulaw
 no vad
!
dial-peer voice 3000 voip
 description Incoming
 translation-profile incoming Incoming_Called_5
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 incoming called-number 02035555555.
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1020 voip
 corlist outgoing call-international
 description **CCA*UK*International**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 900[1-9]T
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1021 voip
 corlist outgoing call-national
 description **CCA*UK*Location independent & Corporate**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 905[56]........
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1022 voip
 corlist outgoing call-toll-free
 description **CCA*UK*Free Numbers - <= 10 digits**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 90800....T
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1023 voip
 corlist outgoing call-toll-free
 description **CCA*UK*Voicetext Services**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 9180..
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1024 voip
 corlist outgoing call-national-plus
 description **CCA*UK*Directory Enquires**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 9118...
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1025 voip
 preference 1
 destination-pattern 9087[123].......
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1027 voip
 corlist outgoing call-national
 description **CCA*UK*National Geographic - 11 digits**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1029 voip
 corlist outgoing call-national
 description **CCA*UK*Services of Social Value**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 9116...
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
!
dial-peer voice 1031 voip
 corlist outgoing call-national
 description **CCA*UK*Internet Access**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 915[0-4]T
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1034 voip
 corlist outgoing call-toll-free
 description **CCA*UK*Free Numbers - 11 digit**
 translation-profile outgoing PSTN_Outgoing
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1036 voip
 corlist outgoing call-emergency
 description **CCA*UK*Emergency**
 translation-profile outgoing CALLER_ID_TRANSLATION_PROFILE
 preference 1
 destination-pattern 999
 voice-class codec 1
 no vad
!
dial-peer voice 1038 voip
 corlist outgoing call-emergency
 description **CCA*UK*National Geographic - <= 10 digits**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 907[06]........
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1043 voip
 corlist outgoing call-local
 description **CCA*UK*Local Rate NGN - <= 10 digits**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1045 voip
 corlist outgoing call-toll-free
 description **CCA*UK*Int Operator / Blind Directory**
 translation-profile outgoing PSTN_Outgoing
 preference 1
 destination-pattern 9100
 voice-class codec 1
 voice-class sip dtmf-relay force rtp-nte
 session protocol sipv2
 session target sip-server
 dtmf-relay rtp-nte
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
!
sip-ua 
	
 authentication username 02035555555 password xxxxxxxxxxxx
 no remote-party-id
 retry invite 2
 retry register 10
 timers connect 100
 registrar ipv4:[removed]:5060 expires 3600
 sip-server ipv4:[removed]:5060
 host-registrar
!
!
telephony-service
 max-ephones 180
 max-dn 180
 ip source-address 172.22.100.1 port 2000
 auto assign 1 to 180
 cnf-file location flash:
 cnf-file perphone
 user-locale U1 load CME-locale-en_GB-English-7.0.1.1.tar
 network-locale GB
 network-locale 1 GB
 network-locale 2 GB
 network-locale 3 GB
 network-locale 4 GB
 load 7906 SCCP11.8-4-2S.loads
 load 7911 SCCP11.8-4-2S.loads
 load 7962 SCCP42.8-4-2S.loads
 time-zone 23
 max-conferences 12 gain -6
 transfer-system full-consult
 transfer-pattern 9.T
 transfer-pattern .T
 secondary-dialtone 9
 directory last-name-first
 create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn-template  1
 huntstop channel
!
!
ephone-template  1
 softkeys hold  Resume Newcall
 softkeys idle  Newcall Redial
 softkeys seized  Endcall
 softkeys connected  Endcall Hold Trnsfer
 softkeys ringing  Answer
 type 7906
!
!
ephone-dn  1  dual-line
 number 5001
 label Extension 5001
 description Extension 5001
 name Extension 5001
 huntstop channel
 ephone-dn-template 1
!
!
ephone-dn  2  dual-line
 number 5002
 label Extension 5002
 description Extension 5002
 name Extension 5002
 huntstop channel
 ephone-dn-template 1

Open in new window

0
Comment
Question by:Rbauckham69
6 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 34094629
Probably need to see the ASA configuration as well.  
0
 

Author Comment

by:Rbauckham69
ID: 34094780
Ok here is config for asa

ASA Version 8.2(2)9 
!
hostname FW2
domain-name test.co.uk

names
name 10.52.3.23 admin
name x.x.x.180 adminExternal
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address [x.x.x.190] 255.255.255.224 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.52.200.200 255.255.0.0 
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 172.22.1.254 255.255.255.0 
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 nameif management
 security-level 100
 no ip address
 management-only
!
boot system disk0:/asa822-9-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 10.52.3.1
 domain-name test.co.uk
same-security-traffic permit inter-interface
object-group service DM_INLINE_SERVICE_1
 service-object tcp-udp eq www 
 service-object tcp eq https 
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_SERVICE_2
 service-object icmp 
 service-object tcp eq ssh 
 service-object tcp eq telnet 
object-group service DM_INLINE_SERVICE_3
 service-object tcp eq domain 
 service-object udp eq domain 
access-list Work_splitTunnelAcl standard permit 10.52.0.0 255.255.0.0 
access-list inside_nat0_outbound extended permit ip 10.52.0.0 255.255.0.0 192.168.200.0 255.255.255.0 
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any 
access-list inside_access_in extended permit icmp any any 
access-list inside_access_in extended permit ip any host 172.22.1.1 
access-list outside_access_in extended permit object-group TCPUDP any host x.x.x.184 eq sip 
access-list outside_access_in extended permit tcp any host x.x.x.185 eq www 
access-list outside_access_in extended permit icmp any any inactive 
access-list outside_access_in extended permit tcp any host adminExternal eq www 
access-list outside_in extended permit tcp any interface outside eq ftp 
access-list inside extended permit icmp any any echo-reply 
access-list inside_access_in_1 extended permit object-group DM_INLINE_SERVICE_2 host admin any 
access-list DMZ_access_in extended permit icmp any any 
access-list DMZ_access_in extended permit object-group TCPUDP host 172.22.1.1 any eq sip 
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_3 any any 
access-list DMZ_access_in extended permit object-group TCPUDP any any inactive 
access-list DMZ_access_in extended permit udp host 172.22.1.1 host admin eq tftp 
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu DMZ 1500
ip local pool ASAPool 192.168.200.100-192.168.200.200 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp deny any outside
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (DMZ) 101 172.22.1.0 255.255.255.0
static (inside,outside) tcp adminExternal www admin www netmask 255.255.255.255 
static (outside,inside) tcp admin www adminExternal www netmask 255.255.255.255 
static (DMZ,outside) tcp x.x.x.184 sip 172.22.1.1 sip netmask 255.255.255.255 
static (outside,DMZ) tcp 172.22.1.1 sip x.x.x.184 sip netmask 255.255.255.255 
static (outside,DMZ) udp 172.22.1.1 sip x.x.x.184 sip netmask 255.255.255.255 
static (DMZ,outside) udp x.x.x.184 sip 172.22.1.1 sip netmask 255.255.255.255 
static (inside,outside) adminExternal admin netmask 255.255.255.255 
access-group outside_access_in in interface outside
access-group inside_access_in_1 in interface inside control-plane
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
!
router rip
 version 2
!
route outside 0.0.0.0 0.0.0.0 x.x.x.161 1
route inside 192.168.1.0 255.255.255.0 10.52.0.1 1
route inside 192.168.3.0 255.255.255.0 10.52.0.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 
aaa authentication ssh console LOCAL 
http server enable
http 10.52.0.0 255.255.0.0 inside
http 192.168.200.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh 10.51.5.0 255.255.255.0 inside
ssh 10.52.0.0 255.255.0.0 inside
ssh 192.168.200.0 255.255.255.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable outside
group-policy Work internal
group-policy Work attributes
 dns-server value 10.52.3.1
 vpn-tunnel-protocol IPSec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Work_splitTunnelAcl
 default-domain value test.co.uk
 webvpn
  url-list value Workshop
  customization value hit
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
username Man1 password fcvVaLJuHSweHkI/ encrypted privilege 15
username Man1 attributes
 vpn-group-policy Work
 ipv6-vpn-filter none
 vpn-tunnel-protocol IPSec svc webvpn
 webvpn
  url-entry enable
  url-list value Workshop
  customization value hit
  svc ask enable default svc timeout 20
username dev1 password a4.nmMjnMMOZ2dLg encrypted privilege 0
username dev1 attributes
 vpn-group-policy Work
 ipv6-vpn-filter none
 vpn-tunnel-protocol IPSec svc webvpn
 service-type remote-access
 webvpn
  url-entry enable
  url-list value Workshop
  customization value hit
  svc ask enable default svc timeout 20
username staff2 password MwFFn1ObN2r.HEfy encrypted privilege 0
username staff2 attributes
 vpn-group-policy Work
 service-type remote-access
 webvpn
  url-list value Workshop
  customization value hit
username Man2 password lEOUmh68Y0nvhUiA encrypted privilege 0
username Man2 attributes
 vpn-group-policy Work
 service-type remote-access
 webvpn
  url-list value Workshop
  customization value hit
username staff1 password jPRUoQx3PXyf2uXn encrypted privilege 15
username staff1 attributes
 vpn-group-policy Work
 webvpn
  url-list value Workshop
  customization value hit
tunnel-group Work type remote-access
tunnel-group Work general-attributes
 address-pool ASAPool
 authentication-server-group (inside) LOCAL
 authorization-server-group LOCAL
 authorization-server-group (inside) LOCAL
 default-group-policy Work
 authorization-required
tunnel-group Work webvpn-attributes
 customization hit
tunnel-group Work ipsec-attributes
 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
prompt hostname context 
Cryptoc

Open in new window

0
 
LVL 4

Assisted Solution

by:Pro4ia
Pro4ia earned 250 total points
ID: 34112301
what does the SIP provider say the issue may be?  
what do you see when you do a "show sip reg stat" on your router?  
do you have the correct registration # setup?
how does your SIP provider authenticate you on their system?  do they require username / pw?

since the CME is behind your ASA, make sure of the following -
1. make sure on the inbound ACL on the asa allows for inbound traffic from the SIP provider on UDP 5060
2. make sure you are NATing a pub IP to your CME and service provider has this IP address
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:Rbauckham69
ID: 34112537
i can see the traffic hitting the asa but the logs say that that the connections are  "teardown" .
I can see that i am not registering at the provider. and the "show sip reg stat" shows no connections.
i use phone number and password tp authenticate.

I believe i have set up the asa to nat with external ip address. and udp 5060 is open.

I'll call the isp tomorrow and see what traffic they can see etc.

Thanks
0
 

Author Comment

by:Rbauckham69
ID: 34135051
I now know traffic is reaching the SP. So Firewall all ok.
The issue i am having is that no account credentials are being sent with the invite .. We are requesting auth details but not getting any when we send back a 407 .. You need to enable and pass digest authentication ...

I have user details and password under sip-ua but not being sent??

0
 
LVL 15

Accepted Solution

by:
greg ward earned 250 total points
ID: 34404119
Hi

Have you tried using a sip program like x-lite to test the connection.

Have you tried putting this under your dial peers
 session protocol sipv2
 session target dns:<dns of sip server>

Greg
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question