asterisk + cisco 2621 + switch 3550 + cisco ip phone 7940
milandred
Member Posts: 4 ■□□□□□□□□□
Hello! this is my first time posting here, and i hope some one could help me.
i having this problem for more than a month and can't find a solution on the internet. here is my problem.
I can make outbound calls, but inbound call I got the error message: "an error has occurred" no sure if the problem is because the router is not forwarding the RTP PORTS to the asterisk server 192.168.252.
IOS (tm) C2600 Software (C2600-JK9O3S-M), Version 12.2(19a), RELEASE SOFTWARE (fc2)
System image file is "flash:c2600-jk9o3s-mz.122-19a.bin"
this is my setup
I have asterisknow 1.4 configured with 1 nic card as virtual connected to the sw3550 (2 vlans, voice, data and one management 99)
on the sw3550 the port connected to the asterisk server and to the cisco 2621 is configured as trunk. Also the 2621 f0/1 is configured as "router on a stick"
switchport mode trunk
switchport trunk native vlan 99
all other ports are configure:
switchport mode access
switchport access vlan 20 # this is the data
switchport voice vlan 10
this is my cisco 2621 setup:
interface FastEthernet0/0
description ---TO ISP
ip address 69.17.xxx.xx 255.255.255.224
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.99
encapsulation dot1Q 99
ip address 192.168.99.254 255.255.255.0
ip nat inside
!
router rip
network 192.168.0.0
ip default-gateway 69.17.xx.1
ip nat pool voip 192.168.10.252 192.168.10.252 netmask 255.255.255.0 type rotary
ip nat inside source list Networks_2B_NATed interface FastEthernet0/0 overload
ip nat inside source list Outbound-DNS interface FastEthernet0/0 overload
ip nat inside source static udp 192.168.10.252 10003 interface FastEthernet0/0 10003
ip nat inside source static udp 192.168.10.252 10002 interface FastEthernet0/0 10002
ip nat inside source static udp 192.168.10.252 10001 interface FastEthernet0/0 10001
ip nat inside source static udp 192.168.10.252 10000 interface FastEthernet0/0 10000
ip nat inside source static tcp 192.168.20.252 22 interface FastEthernet0/0 22
ip nat inside source static tcp 192.168.99.254 23 interface FastEthernet0/0 23
ip nat inside source static tcp 192.168.10.252 5060 interface FastEthernet0/0 5060
ip nat inside destination list SIP_RTP pool voip
ip classless
ip route 0.0.0.0 0.0.0.0 69.17.xxx.1
no ip http server
ip access-list standard Networks_2B_NATed
permit 192.168.0.0 0.0.255.255
!
ip access-list extended FTP
remark -- FTP traffic from LAN to FTP servers
permit tcp 192.168.0.0 0.0.255.255 any eq ftp
permit tcp 192.168.0.0 0.0.255.255 any eq ftp-data
ip access-list extended ICMP
remark --- ICMP from LAN
permit icmp 192.168.0.0 0.0.255.255 any
ip access-list extended Outbound-DNS
remark --- outbound DNS queries
permit udp 192.168.0.0 0.0.255.255 any eq domain
ip access-list extended SIP_RTP
permit tcp any any range 5060 5089
permit udp any any range 5060 5089
permit udp any any range 10000 20000
ip access-list extended SSH
permit tcp any any eq 22
ip access-list extended UDP_RTP
permit udp host 192.168.10.252 any range 5060 5082
permit udp host 192.168.10.252 any range 10000 20000
route-map SIP_NAT permit 10
match ip address UDP_RTP
!
any help will remove weeks of stress.
thanks in advance.
i having this problem for more than a month and can't find a solution on the internet. here is my problem.
I can make outbound calls, but inbound call I got the error message: "an error has occurred" no sure if the problem is because the router is not forwarding the RTP PORTS to the asterisk server 192.168.252.
IOS (tm) C2600 Software (C2600-JK9O3S-M), Version 12.2(19a), RELEASE SOFTWARE (fc2)
System image file is "flash:c2600-jk9o3s-mz.122-19a.bin"
this is my setup
I have asterisknow 1.4 configured with 1 nic card as virtual connected to the sw3550 (2 vlans, voice, data and one management 99)
on the sw3550 the port connected to the asterisk server and to the cisco 2621 is configured as trunk. Also the 2621 f0/1 is configured as "router on a stick"
switchport mode trunk
switchport trunk native vlan 99
all other ports are configure:
switchport mode access
switchport access vlan 20 # this is the data
switchport voice vlan 10
this is my cisco 2621 setup:
interface FastEthernet0/0
description ---TO ISP
ip address 69.17.xxx.xx 255.255.255.224
ip nat outside
duplex auto
speed auto
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.99
encapsulation dot1Q 99
ip address 192.168.99.254 255.255.255.0
ip nat inside
!
router rip
network 192.168.0.0
ip default-gateway 69.17.xx.1
ip nat pool voip 192.168.10.252 192.168.10.252 netmask 255.255.255.0 type rotary
ip nat inside source list Networks_2B_NATed interface FastEthernet0/0 overload
ip nat inside source list Outbound-DNS interface FastEthernet0/0 overload
ip nat inside source static udp 192.168.10.252 10003 interface FastEthernet0/0 10003
ip nat inside source static udp 192.168.10.252 10002 interface FastEthernet0/0 10002
ip nat inside source static udp 192.168.10.252 10001 interface FastEthernet0/0 10001
ip nat inside source static udp 192.168.10.252 10000 interface FastEthernet0/0 10000
ip nat inside source static tcp 192.168.20.252 22 interface FastEthernet0/0 22
ip nat inside source static tcp 192.168.99.254 23 interface FastEthernet0/0 23
ip nat inside source static tcp 192.168.10.252 5060 interface FastEthernet0/0 5060
ip nat inside destination list SIP_RTP pool voip
ip classless
ip route 0.0.0.0 0.0.0.0 69.17.xxx.1
no ip http server
ip access-list standard Networks_2B_NATed
permit 192.168.0.0 0.0.255.255
!
ip access-list extended FTP
remark -- FTP traffic from LAN to FTP servers
permit tcp 192.168.0.0 0.0.255.255 any eq ftp
permit tcp 192.168.0.0 0.0.255.255 any eq ftp-data
ip access-list extended ICMP
remark --- ICMP from LAN
permit icmp 192.168.0.0 0.0.255.255 any
ip access-list extended Outbound-DNS
remark --- outbound DNS queries
permit udp 192.168.0.0 0.0.255.255 any eq domain
ip access-list extended SIP_RTP
permit tcp any any range 5060 5089
permit udp any any range 5060 5089
permit udp any any range 10000 20000
ip access-list extended SSH
permit tcp any any eq 22
ip access-list extended UDP_RTP
permit udp host 192.168.10.252 any range 5060 5082
permit udp host 192.168.10.252 any range 10000 20000
route-map SIP_NAT permit 10
match ip address UDP_RTP
!
any help will remove weeks of stress.
thanks in advance.
Comments
-
mikem2te Member Posts: 407Interesting, I've never played around with "ip nat inside destination list" so it prompted me to do a bit of googling - just when I thought I knew all there was to know a post like this comes along:D.
Anyway I did read in a couple of places the 'ip nat inside destination' and rotary pools only work with TCP traffic. May explain the problem with the RTP traffic not getting through. When I tried something similar with Asterisk years ago I just used inside soure static mappings and it worked a treat.
Have you tried Wireshark to see the SIP traffic between your router and Asterisk?Blog : http://www.caerffili.co.uk/
Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
Currently : EIGRP & OSPF
Next : CCNP Route -
kalebksp Member Posts: 1,033 ■■■■■□□□□□In my experience if you have a NAT problem with RTP you will just end up with unidirectional audio, not an error message. Have you verified that SIP is making a connection? Based on the standard asterisk "an error has occurred" message I would check to make sure your inbound configuration is correct. Go to the asterisk console (asterisk -r) and watch for any errors.
-
milandred Member Posts: 4 ■□□□□□□□□□Have you tried Wireshark to see the SIP traffic between your router and Asterisk?
No, I havent' tried that, but I can see connections on port 5060, when I do
#sh ip nat trans
udp 69.17.xx.2:1031 192.168.10.252:5060 64.81.xx.177:5060 64.81.xx.177:5060
also, i have the single port open (10001, 10002, 10003) and ip nat shows.
udp 69.17.xx.2:10001 192.168.10.252:10001 --- ---
udp 69.17.xx.2:10002 192.168.10.252:10002 --- ---
udp 69.17.xx.2:10003 192.168.10.252:10003 --- ---
however, i never see any connection on those ports.
or could be that those ports are filter, only open when need it.
now, another speculation might be the IP PHONE 7940 setup. -
milandred Member Posts: 4 ■□□□□□□□□□In my experience if you have a NAT problem with RTP you will just end up with unidirectional audio, not an error message.
Have you verified that SIP is making a connection?.
correct, is NAT problem, but my cisco settings looks fine, right? some how the IpPhone 7940 is not working right, i see the "484 address incomplete back from 192.168.10.102"
SIP, is making connection to the provider, if i do "sip show registry"
Host Username Refresh State Reg.Time
CA1-siptrunk-a.voice.speakeasy 9000010 45 Registered Sat, 03 Apr 2010 15:44:28
if i telnet to the phone, i able to ping outside and inside, but i don't see the phone registration.
SIP Phone> show register
LINE REGISTRATION TABLE
Proxy Registration: DISABLED, state: IDLE
line APR state timer expires proxy:port
---- ---
1 ... IDLE 0 0 undefined:0
2 ... NONE 0 0 undefined:0
3 ... NONE 0 0 undefined:0
4 ... NONE 0 0 undefined:0
5 ... NONE 0 0 undefined:0
6 ... NONE 0 0 undefined:0
1-BU ... NONE 0 0 undefined:0
might be the phones setups, no sure, any ideas?