Polycoms lose registration

Dear Experts,

We have some troubles with 4 polycom IP 550 phone devices.
Since the placement of the new router a Cisco C887 Version 15.4(3)M9. the phones constantly lose their sip registration. and they wont come back online.
First i checked the NAT keep alive on the devices. which was on 0 seconds. i increased this to 3600 seconds and when that failed i set them on 60. because of the lease time of the cisco natting.
Also i checked the devices transport settings. They are all on UDPOnly. on the lines as on the sip tab.

Because it is since the router is replaced that it doesnt work.
Also a restart of the router solved the issues.
See my config below. can you experts take a look?

i tried adding this command on the router, but had no effect

class-map type inspect match-any ccp-cls-insp-traffic

the rest of the code is below

 Current configuration : 6059 bytes
!
! No configuration change since last restart
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.118.30.1 10.118.30.50
ip dhcp excluded-address 10.118.30.200 10.118.30.254
!
ip dhcp pool customer-vlan1
 network 10.118.30.0 255.255.255.0
 default-router 10.118.30.254
 domain-name XXX
 dns-server XX.XX.32.XX 8.8.4.4
!
!
!
ip domain name XXX.nl
ip name-server XX.235.32.XX
ip name-server XX.235.32.XX
ip inspect max-incomplete high 10000
ip inspect max-incomplete low 9000
ip inspect one-minute low 9000
ip inspect one-minute high 10000
ip inspect udp idle-time 120
ip inspect tcp reassembly queue length 1024
ip inspect tcp reassembly memory limit 4096
ip inspect name OUTGOING ftp
ip inspect name OUTGOING pptp
ip inspect name OUTGOING icmp router-traffic
ip inspect name OUTGOING tcp router-traffic
ip inspect name OUTGOING udp router-traffic
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn XX
!
!
username XX privilege 15 secret 5 XXX
!
!
!
!
!
controller VDSL 0
 firmware filename flash:VA_A_38k1_B_38h_24g1.bin
no cdp run
!
!
class-map type inspect match-any ccp-cls-insp-traffic
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key  address XXX.61.XXX.XXX
crypto isakmp keepalive 10 periodic
!
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha-hmac
 mode transport
!
!
!
crypto map IPsec-XXX 10 ipsec-isakmp
 set peer XXX.61.XX.XX
 set transform-set IPSEC
 match address VPN-Traffic
!
!
!
!
!
!
interface ATM0
 description ASDL interface
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0
 description VDSL interface
 no ip address
 no ip route-cache
!
interface Ethernet0.2
 description vDSL to POCS
 encapsulation dot1Q 2
 no ip route-cache
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address 10.118.30.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Dialer1
 description dialer to j
 ip address negotiated
 ip access-group ACL-INTERNET in
 ip nat outside
 ip inspect OUTGOING out
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username pxxs-3xx72 password
 ppp ipcp dns request accept
 ppp ipcp route default
 no cdp enable
 crypto map IPsec-eLive
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static tcp 10.118.30.203 3390 interface Dialer1 3390
ip nat inside source static tcp 10.118.30.200 443 interface Dialer1 8443
ip nat inside source static tcp 10.118.30.200 902 interface Dialer1 902
ip nat inside source static tcp 10.118.30.204 3389 interface Dialer1 3001
ip nat inside source static tcp 10.118.30.205 9704 interface Dialer1 9704
ip nat inside source route-map D1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 10
ip route 10.118.10.81 255.255.255.255 XXX.61.145.XXX
ip route 10.119.10.58 255.255.255.255 XXX.61.145.XXX
ip ssh logging events
ip ssh version 2
!
ip access-list standard VTY-SECURITY
 remark VTY security
 permit XX.61.72.XX
 permit XXX.10.67.XX
!
ip access-list extended ACL-INTERNET
 remark XXX HQ
 permit ip host XX.61.72.XX any
 permit ip host XX.10.67.XX any
 permit tcp any host XX.XX.XX.137 eq 443
 permit tcp any host XX.XX.XX.137 eq 3390
 permit tcp any host XX.XX.XX.137 eq 3001
 permit tcp any host XX.XX.XX.137 eq 902
 permit ip host XX.XX.XX.137 any
 permit ip host XX.XX.XX.137 any
 permit tcp any host XX.XX.XX.137 eq 9704
ip access-list extended NAT
 remark deny VPN traffic Allow all other traffic
 deny   ip 10.118.30.0 0.0.0.255 10.118.10.0 0.0.0.255
 deny   ip 10.118.30.0 0.0.0.255 10.119.10.0 0.0.0.255
 permit ip 10.118.30.0 0.0.0.255 any
ip access-list extended VPN-Traffic
 remark From local-range to remote-range
 permit ip 10.118.30.0 0.0.0.255 host 10.118.10.81
 permit ip 10.118.30.0 0.0.0.255 host 10.119.10.58
ip access-list extended acl-internet
!
dialer-list 1 protocol ip permit
!
route-map D1 permit 10
 match ip address NAT
 match interface Dialer1
!
snmp-server community XXX X VTY-X
snmp-server ifindex persist
snmp-server location XXX
snmp-server contact +
snmp-server chassis-id XXX
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
banner login ^C

^C
!
line con 0
 exec-timeout 15 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class VTY-SECURITY in
 exec-timeout 60 0
 privilege level 15
 login local
 transport input ssh
!
scheduler allocate 20000 1000
ntp server XXX.136.0.XXX prefer
ntp server XXX.79.237.XXX minpoll 10
!
end

Open in new window

jav_sevenofnineAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PerarduaadastraCommented:
If the old router is still available then check its config for the entries relating to the phones. You should then be able to see any differences between those entries and the ones on the new router.
0
Svet ChinkovCommented:
I had the same problem before. It turned out version15.x and up handle NAT differently. We had to downgrade to 12.X which fixed the issue. I will lookup exactly which version we downgraded to and will let you know. I hope that helps.

Thank You
0
Svet ChinkovCommented:
Sorry for the delay. Here is the IOS version you could try - 12.4-15.T9. That should resolve the issue. Please let me know if you have any questions.

Thank You
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

jav_sevenofnineAuthor Commented:
Thanks! i will try! is there anything in the config which is wrong?
0
jav_sevenofnineAuthor Commented:
Besides the firmware :)?
0
jav_sevenofnineAuthor Commented:
We just decided to replace the polycoms with mitels.
I think this solves the issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jav_sevenofnineAuthor Commented:
Replaced phones with cisco
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
polycom

From novice to tech pro — start learning today.