From: David Prall (dcp@dcptech.com)
Date: Fri Sep 22 2006 - 13:16:43 ART
In the no input you forgot sip
> Advokatene(config)#no ip nat service tcp port 5060
> ^
> % Invalid input detected at '^' marker.
Should be:
no ip nat service sip tcp port 5060
David
-- David C Prall dcp@dcptech.com http://dcp.dcptech.com> -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of Jens Petter > Sent: Friday, September 22, 2006 11:21 AM > To: 'Church, Chuck'; 'Cisco certification' > Subject: RE: problems with sip troug cbac router > > One other thing i find strange.. > > I am able to enable this command doing : > > Advokatene(config)#ip nat service sip tcp port 5060 > > But when I try to disable I get an error.. > > > Advokatene(config)#no ip nat service tcp port 5060 > ^ > % Invalid input detected at '^' marker. > > JP > > -----Original Message----- > From: Church, Chuck [mailto:cchurch@multimax.com] > Sent: 21. september 2006 21:32 > To: Jens Petter; Cisco certification > Subject: RE: problems with sip troug cbac router > > I had a similar problem. CBAC wasn't the problem. NAT was. > Try adding > > > no ip nat service sip tcp port 5060 > no ip nat service sip udp port 5060 > > to the config. This is despite the fact that NAT service (payload > modification of addresses) should be off by default... > > http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/product > s_feature_ > guide09186a0080087d43.html#wp1031752 > > We spent a lot of time figuring this out... > > Chuck Church > Network Engineer > CCIE #8776, MCNE, MCSE > Multimax, Inc. > Enterprise Network Engineering > Home Office - 864-335-9473 > Cell - 864-266-3978 > cchurch@multimax.com > > -----Original Message----- > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On > Behalf Of > Jens Petter > Sent: Thursday, September 21, 2006 1:30 PM > To: 'Cisco certification' > Subject: problems with sip troug cbac router > > I have some sip phones that connects to an sip server on the > outside of > the > router.. I am using cbac on the router, this is the config : > > > > ip inspect name FIREWALL tcp alert on > > ip inspect name FIREWALL udp alert on timeout 30 > > ip inspect name FIREWALL icmp alert on > > ip inspect name FIREWALL sip alert on timeout 350 > > > > interface FastEthernet4 > > ip address 213.162.xxx.xxx 255.255.255.252 > > ip access-group FIREWALL_ACL in > > ip verify unicast reverse-path > > no ip redirects > > no ip proxy-arp > > ip inspect FIREWALL out > > ip nat outside > > ip virtual-reassembly > > duplex auto > > speed auto > > > > interface Vlan1 > > ip address 192.168.1.1 255.255.255.0 > > no ip unreachables > > ip nat inside > > ip virtual-reassembly > > ip tcp adjust-mss 1452 > > > > ip nat inside source list NAT interface FastEthernet4 overload > > > > ip access-list extended NAT > > permit ip 192.168.1.0 0.0.0.255 any > > > > ip access-list extended FIREWALL_ACL > > permit tcp 213.162.224.0 0.0.31.255 host 213.162.236.222 eq telnet > > permit icmp 213.162.224.0 0.0.31.255 host 213.162.236.222 echo > > permit icmp any host 213.162.236.222 echo-reply > > deny ip any any log > > > > I am encountering a problem with the phones, they keep > disconnecting. I > am > not sure why. You can have a look at the log under.. I was hoping some > of your voice experts could lead me in the right direction for solving > this. > > > > > I read on cco that you should enable inspection in both direction, but > that > did not help here.. The timeout on the server is set to 300 sec > > > > I am using version1 12.4.(4)T3 software > > > > > > This is the log on sip server.. This is the Qualify traffic that does > not > work. : > > Sep 21 14:44:51 NOTICE[25178] chan_sip.c: Peer '51213595' is now > REACHABLE! > (89ms / 2000ms) > Sep 21 14:45:55 NOTICE[25178] chan_sip.c: Peer '51213595' is now > UNREACHABLE! Last qualify: 89 > Sep 21 15:01:31 NOTICE[25178] chan_sip.c: Peer '51213595' is now > UNREACHABLE! Last qualify: 120 > Sep 21 15:02:57 NOTICE[25178] chan_sip.c: Peer '51213595' is now > REACHABLE! > (147ms / 2000ms) > Sep 21 15:04:01 NOTICE[25178] chan_sip.c: Peer '51213595' is now > UNREACHABLE! Last qualify: 147 > Sep 21 15:05:27 NOTICE[25178] chan_sip.c: Peer '51213595' is now > REACHABLE! > (149ms / 2000ms) > > Sep 21 14:39:58 NOTICE[25178] chan_sip.c: Peer '51213596' is now > REACHABLE! > (28ms / 2000ms) > Sep 21 14:41:02 NOTICE[25178] chan_sip.c: Peer '51213596' is now > UNREACHABLE! Last qualify: 28 > Sep 21 15:01:27 NOTICE[25178] chan_sip.c: Peer '51213596' is now > UNREACHABLE! Last qualify: 36 > Sep 21 15:06:19 NOTICE[25178] chan_sip.c: Peer '51213596' is now > REACHABLE! > (38ms / 2000ms) > Sep 21 15:13:14 NOTICE[25178] chan_sip.c: Peer '51213596' is now > UNREACHABLE! Last qualify: 30 > Sep 21 15:18:12 NOTICE[25178] chan_sip.c: Peer '51213596' is now > REACHABLE! > (33ms / 2000ms) > > ______________________________________________________________ > _________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > ______________________________________________________________ > _________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART