broadvoice and CME

M

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
me and a friend have setup our own CME routers in our own lans, well he signed up for broadvoice service and he has a SIP phone connected directly to his edge router. he can make and recieve calls, including caller ID but cann't hear anything. What needs to be done on the edge router to allow this traffic through? we are using cisco 2621xm routers on the edge.
 
I had a SIP trunk to Broadvoice. I wasn't using SIP phones though. His issue sounds like ports are being blocked. Tell him to turn off his ACL/firewall and see if that does anything. Also post his config if you can. I think I have my old config around here somewhere.
 
ok here is the access-list we are using, again the SIP phone is the next device after the edge router so its gotta be access-list we assume

Code: 
ip access-list extended SIP-InBound
 permit udp any any eq tftp
 permit udp any any range 5060 5063
 permit udp any any range 10000 20000
 permit ip 192.168.0.0 0.0.255.255 any

and here is the nat rule
Code: 
ip nat inside source list SIP-InBound interface FastEthernet0/0 overload
 
What? That doesn't make any sense.

Edit: Whoa, whoa. That's your NAT ACL? That's not right. Your NAT ACL should be like one line, probably that bottom one. You're just defining traffic to be NATed. Remove all that other crap.

Is there an incoming or outgoing ACL on the interface? Post the ENTIRE config please.
 
alright, here is the full config now, i changed the NAT one back, we did have it as just one line before but we tried that just to see LOL

Code: 
!
! Last configuration change at 19:32:19 EDT Tue Oct 27 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3660
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ur7p$bLBfyok9SAIwRX0oXgHd8/
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
no ip source-route
!
!
ip cef
no ip domain lookup
!
!
no ip bootp server
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key cisco123 address XX.XX.XX.XX
!
!
crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac
!
crypto map MASTER_CRYPTO_MAP 10 ipsec-isakmp
 set peer XX.XX.XX.XX
 set transform-set secure_transform
 match address GRE_IPSEC_TRAFFIC
!
!
!
!
interface Tunnel100
 ip address 172.16.1.2 255.255.255.252
 ip mtu 1500
 tunnel source FastEthernet0/0
 tunnel destination XX.XX.XX.XX
!
interface FastEthernet0/0
 ip address dhcp
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
 no cdp enable
 crypto map MASTER_CRYPTO_MAP
!
interface FastEthernet0/1
 no ip address
 ip nat inside
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.24.1 255.255.255.0
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip mroute-cache
 full-duplex
 no cdp enable
!
interface FastEthernet2/0
 no ip address
 shutdown
 half-duplex
!
interface FastEthernet3/0
 no ip address
 shutdown
 half-duplex
!
interface FastEthernet4/0
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 172.16.0.0
 network 192.168.8.0
 network 192.168.12.0
 network 192.168.24.0
 network 192.168.35.0
 network 192.168.49.0
 network 192.168.50.0
 network 192.168.55.0
 network 192.168.60.0
!
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT-T interface FastEthernet0/0 overload
!
!
ip access-list standard NAT-T
 permit 192.168.0.0 0.0.255.255
!
ip access-list extended GRE_IPSEC_TRAFFIC
 permit gre host XX.XX.XX.XX host XX.XX.XX.XX
ip access-list extended SIP-InBound
 permit udp any any eq tftp
 permit udp any any range 5060 5063
 permit udp any any range 10000 20000
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner motd ^CC                              Cisco 3660 Router ^C
!
line con 0
 password local1
 login
line aux 0
line vty 0 4
 password local1
 login
!
ntp clock-period 17179984
ntp source FastEthernet0/0
ntp server 129.6.15.29
ntp server 129.6.15.28 prefer
!
end
 
Where's your voice stuff? I thought the CME routers were your edge, it looks like they're behind that device which is running NAT?
 
yeah our CME routers are internal, not on the edge, the phone hes testing with ATM is connected to the edge router though, hes using it to verify that he can get it working then moving to his actual CME router, less of a headache that way. if it matters his CME router's address is 192.168.60.1
 
Ok, the issue is probably NAT. Try some static NAT statements to forward the SIP ports to the CME router.
 
Vito_Corleone said:
Ok, the issue is probably NAT. Try some static NAT statements to forward the SIP ports to the CME router.
Click to expand...
This is 100% the solution. Put CME on the edge though Moose, SIP and NAT do not play well together overall. Swiss cheese edge ftl :D

Moose, one question..

Why do you have this configured

no ip route-cache cef
no ip route-cache

quite a bad idea.
 
xphil3 said:
This is 100% the solution. Put CME on the edge though Moose, SIP and NAT do not play well together overall. Swiss cheese edge ftl :D

Moose, one question..

Why do you have this configured

no ip route-cache cef
no ip route-cache

quite a bad idea.
Click to expand...

thanks xphil3, the guy that this belongs to insists that CME NOT be on his edge so he will just have to have static NAT statements LOL. personally i would rather have on edge, just a bit more work for the router, you think a 2621xm will work fine with both CME duties as well as its regular duties?

as for those no ip router-cache, i have told him before to re-enable those cause its supposed to help but its his problem. Thanks for your help guys
 
Enabling CEF will take a large burden off his CPU, beat him with a stick until he enables it
 
i'm back again, we are totally lost as to why this still isn't working, with his just regular SIP phone he can make and recieve calls just fine without port forwarding, however his CME router fails to even register. here is a copy of the running config on his CME with the crucial stuff edited out

Code: 
Current configuration : 7801 bytes
!
! Last configuration change at 19:45:01 EST Tue Nov 3 2009
! NVRAM config last updated at 14:34:00 EST Tue Nov 3 2009
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1760-V
!
boot-start-marker
boot system flash c1700-ipvoicek9-mz.124-15.T7.bin
boot-end-marker
!
enable secret 5 $1$BM7Y$wW2..zcqVk9dGuIr97m451
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip cef
!
!
!
!
ip host sip.broadvoice.com 147.135.32.221
ip name-server 24.197.160.17
ip name-server 24.197.160.18
multilink bundle-name authenticated
!
!
!
voice service voip
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 supplementary-service h450.12
!
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g711alaw
 codec preference 3 g729r8
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.60 255.255.255.0
 speed 100
 full-duplex
!
router rip
 version 2
 network 192.168.1.0
!
ip default-gateway 192.168.1.254
ip forward-protocol nd
!
ip http server
no ip http secure-server
ip http path flash:gui
!
tftp-server flash:analog2.raw
tftp-server flash:analog1.raw
tftp-server flash:areyouthere.raw
tftp-server flash:areyoutheref.raw
tftp-server flash:bass.raw
tftp-server flash:CallBack.raw
tftp-server flash:Classic1.raw
tftp-server flash:Classic2.raw
tftp-server flash:ClockShop.raw
tftp-server flash:Drums1.raw
tftp-server flash:Drums2.raw
tftp-server flash:FilmScore.raw
tftp-server flash:HarpSynth.raw
tftp-server flash:Jamaica.raw
tftp-server flash:KotoEffect.raw
tftp-server flash:MusicBox.raw
tftp-server flash:RingList.xml
tftp-server flash:DistinctiveRingList.xml
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Pop.raw
tftp-server flash:Pulse1.raw
tftp-server flash:Ring1.raw
tftp-server flash:Ring2.raw
tftp-server flash:Ring3.raw
tftp-server flash:Ring4.raw
tftp-server flash:Ring5.raw
tftp-server flash:Ring6.raw
tftp-server flash:Ring7.raw
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw
tftp-server flash:Chime.raw
tftp-server flash:Vibe.raw
tftp-server phone/7941-7961/cnu41.8-2-2ES1.sbn alias cnu41.8-2-2ES1.sbn
tftp-server phone/7941-7961/cvm41sccp.8-2-2ES1.sbn alias cvm41sccp.8-2-2ES1.sbn
tftp-server phone/7941-7961/dsp41.8-2-2ES1.sbn alias dsp41.8-2-2ES1.sbn
tftp-server phone/7941-7961/jar41sccp.8-2-2ES1.sbn alias jar41sccp.8-2-2ES1.sbn
tftp-server phone/7941-7961/term41.default.loads alias term41.default.loads
tftp-server phone/7941-7961/SCCP41.8-2-2SR1S.loads alias SCCP41.8-2-2SR1S.loads
tftp-server phone/7941-7961/term61.default.loads alias term61.default.loads
tftp-server phone/7941-7961/apps41.8-2-2ES1.sbn alias apps41.8-2-2ES1.sbn
tftp-server flash:3s-hello.raw
tftp-server ahh.pcm
tftp-server doh.pcm
tftp-server merlin2.pcm
tftp-server merlin3.pcm
tftp-server merlin4.pcm
tftp-server merlin5.pcm
tftp-server merlin6.pcm
tftp-server merlin7.pcm
tftp-server Neuro.raw
tftp-server NyukNyuk.raw
tftp-server Ohno.raw
tftp-server ringer1.pcm
tftp-server ringer2.pcm
tftp-server ringer3.pcm
tftp-server ringer4.pcm
tftp-server ringer6.pcm
tftp-server SICA-dilbert-BungeeBoss.raw
tftp-server SICA-dilbert-PHB.raw
tftp-server flash:caramba.raw
tftp-server flash:CTU24raw.raw
tftp-server flash:Curley.raw
tftp-server flash:FlintPhone.raw
tftp-server flash:Klaxons.raw
tftp-server flash:mayihelp.raw
tftp-server flash:asleep.raw
tftp-server flash:phone/7940-7960/P00308000400.bin alias P00308000400.bin
tftp-server flash:phone/7940-7960/P00308000400.loads alias P00308000400.loads
tftp-server flash:phone/7940-7960/P00308000400.sb2 alias P00308000400.sb2
tftp-server flash:phone/7940-7960/P00308000400.sbn alias P00308000400.sbn
!
control-plane
!
!
!
!
!
!
!
!
dial-peer voice 2000 voip
 destination-pattern 1...
 session target ipv4:10.10.135.1
 codec g711ulaw
!
dial-peer voice 86 voip
 description ** Outgoing Broadvoice Voice-Mail **
 destination-pattern *86
 session protocol sipv2
 session target dns:sip.broadvoice.com
 dtmf-relay rtp-nte
 codec g711ulaw
 ip qos dscp cs5 media
 no vad
!
dial-peer voice 56 voip
 description ** Incoming Broadvoice **
 session protocol sipv2
 session target sip-server
 incoming called-number 5551239876
 dtmf-relay rtp-nte
 codec g711ulaw
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
dial-peer voice 1 voip
 description ** Outgoing Broadvoice 10-digit **
 preference 2
 destination-pattern 9..........
 session protocol sipv2
 session target dns:sip.broadvoice.com
 dtmf-relay rtp-nte
 codec g711ulaw
 ip qos dscp cs5 media
 ip qos dscp cs4 signaling
 no vad
!
sip-ua
 authentication username 5551239876 password 7 XXXXXXXXXXXXXXXXX
 no remote-party-id
 retry register 3
 mwi-server dns:sip.broadvoice.com expires 3600 port 5060 transport udp unsolicited
 registrar dns:sip.broadvoice.com expires 3600
 sip-server dns:sip.broadvoice.com
!
!
telephony-service
 no auto-reg-ephone
 load 7960-7940 P00308000400
 load 7961GE SCCP41.8-2-2SR1S
 max-ephones 24
 max-dn 72
 ip source-address 192.168.1.60 port 2000
 system message Reach Out and Touch Me!
 url services http://phone-xml.berbee.com/menu.xml?opts=134567
 time-zone 12
 voicemail *86
 max-conferences 4 gain -6
 moh music-on-hold.au
 web admin system name admin secret 5 $1$imlL$dA9XO.2mosijfL6OgyZuC1
 transfer-system full-consult
 directory entry 1 4001 name Dave Office
 directory entry 2 4002 name Lisa Office
 directory entry 3 4003 name Master Bedroom
 directory entry 4 4004 name Kitchen
 directory entry 6 1002 name Chris Bedroom
 directory entry 5 4005 name Data Center
 create cnf-files version-stamp 7960 Nov 03 2009 12:54:29
!
!
ephone-template  1
!
!
ephone-dn  1  dual-line
 number 4001 no-reg primary
 label Dave Office
 name Dave Office
!
!
ephone-dn  2  dual-line
 number 4002 no-reg primary
 label Lisa Office
 name Lisa Office
!
!
ephone-dn  3  dual-line
 number 4003 no-reg primary
 label Master Bedroom
 name Master Bedroom
!
!
ephone-dn  4  dual-line
 number 4004 no-reg primary
 label Kitchen
 name Kitchen
!
!
ephone-dn  5  dual-line
 number 4005 no-reg primary
 label Data Center
 name Data Center
!
!
ephone-dn  10
 number 7777 no-reg primary
 label Paging
 name All Stations
 paging
!
!
ephone-dn  20  dual-line
 number 5551239876
 label 5551239876
 name 5551239876
 mwi sip
!
!
ephone-dn  40
 number A410 no-reg primary
 name Batman
 intercom 1002 label "Chris Bedroom"
!
!
ephone-dn  41
 number A101 no-reg primary
 intercom 4001 label "Dave Office"
!
!
ephone-dn  42
 number A102 no-reg primary
 intercom 4002 label "Lisa Office"
!
!
ephone-dn  43
 number A103 no-reg primary
 intercom 4003 label "Master Bedroom"
!
!
ephone-dn  44
 number A104 no-reg primary
 intercom 4004 label "Kitchen"
!
!
ephone-dn  45
 number A105 no-reg primary
 intercom 4005 label "Data Center"
!
!
ephone  1
 mac-address 001B.D52C.7B80
 ephone-template 1
 paging-dn 10
 button  1:1 2:42 3:43 4:44
 button  5:45 6:20
!
!
!
ephone  2
 mac-address 001C.58F9.210D
 ephone-template 1
 paging-dn 10
 type 7960
 button  1:2 2:41 3:43 4:44
 button  5:45 6:20
!
!
!
ephone  3
 mac-address 0007.0E6D.8A75
 ephone-template 1
 paging-dn 10
 type 7960
 button  1:3 2:41 3:42 4:44
 button  5:45 6:20
!
!
!
ephone  4
 mac-address 0014.1C54.0944
 ephone-template 1
 paging-dn 10
 type 7960
 button  1:4 2:41 3:42 4:43
 button  5:45 6:20
!
!
!
ephone  5
 mac-address 0030.94C2.C848
 ephone-template 1
 paging-dn 10
 type 7960
 button  1:5 2:41 3:42 4:43
 button  5:44 6:20
!
!
banner motd ^C                               Cisco 1760-V Router ^C
!
line con 0
 password local1
 login
line aux 0
line vty 0 4
 password local1
 login
!
ntp clock-period 17208290
ntp server 192.168.1.254
end
 
You must log in or register to reply here.
Back
Top