How to build dhcpd pools for nortel phones on an asa 5505. This is the config that I'm trying. The results I'm getting are that the pc and the phone both pull addresses from the data pool. If I switch the vlans on the trunk port, both devices pull from the voice port.
View 4 Replies
We have an Asterisk/FreePBX phone system located behind an ASA 5505 device where we are having problems with sip inspection.
We connect to three different phone providers, and things works as expected for 2 of the 3 providers,but for the last one (Draytel) we are having problems with sip inspection.
The key difference about the VoIP provider where we are having problems is that they are using differetn servers for the voice (RTP) traffic than the server we are registered with to establish SIP sessions.
sip inspection is configured with the default out of the box options.The problems we see are this:
1. For ingoing calls sip inspection does not open the required pinhole to allow the traffic to flow through. As a result we can not hear the voice of the calling party, but voice from our side is passed through ok.As a workaround we have added and ACE allowing traffic in the used UDP (RTP) range from this VoIP providers ip addresses to pass through the ASA, and with that in place incoming calls work.
2. Outgoing calls doesn't work because sip inspection doesn't kick in, and as a result of this we forward internal ip addresses in the SIP / SDP body to the VoIP provider. I'm not sure whether this is a consequence of sip inspection not kicking in for this provider, or a result of having added the ACE for an ip ragnge that covers the ip address we register with.
As stated above sip inspection does work as expected for two other providers where all traffic goes through a single server.We actually have had this working with ASA firmware 7.2(4), but as that version intermittently had a problem where sip inspection would stop working (fixable by power off/on or a clear command), then we decided to upgrade.
ASA is configured with the VPN site to site using the wizard, created the Public IP of contivity, local and remote LAN . I attached the configuration. In contivity have the following settings: Not able to communicate both subnets.Do I need to configure IP subnets and published in the contivity as was done in the ASA?
View 3 Replies View RelatedI’m intending to establish a VPN connection between Nortel 1140E phone behind a ADSL router and a Cisco ASA 5520.can any one confirm to me if the vpn client on the Nortel 1140E phone is compatible with Cisco ASA
View 1 Replies View RelatedFor the moment we run a Nortel VPN server at work and I have on my laptop the Nortel VPN client. While I could connect through when I had my Linksys E2000 connected up now I can't after I replaced it with the 5505. (running 8.4(1).) what I should do on my 5505 so I can allow the nortel client to connect out?
View 6 Replies View RelatedI'm trying to establish a site to site ipsec tunnel between an ASA 5520 and a Nortel Connectivity box. Despite trying a number of different transform sets and IKE setups it keeps failing at phase 1 with:
Information Exchange processing failed
Received an UN-encrypted INVALID_ID_INFO notify message dropping.
I have worked on cisco switches only..I want to configure nortel5510 have configured vlan.but Switch Ip address is changing when I am giving ip address to port. and i cant see port ip configuration in show runn also i want to configure loopback.I am configuring switch ip address 192.168.123.1/24 but when I give ip address to port 192.168.120.17/29(PORT IN DEFAULT VLAN) switch ip address changes automatically.I have port 1-4 configured in vlan 1 other ports are in L3 vlan.I want see port ip address details Like we see in cisco (SHOW IP INTERFACE BRIEF ) what is command in NORTEL??
View 2 Replies View RelatedWe are a business partner of a larger company that gives us a VPN access to connect to one website. It's the Nortel VPN so it's old but it's set to disconnect our Internet when we connect which is really inefficient. I understand why it does that but right now we use two computers, we have one as our main one then another sitting here just for VPN.Does the Nortel VPN work system wide when it disconnects the Internet? Or is there a way to use Ethernet and Wifi and just have the VPN connect over Ethernet and just disconnect the Internet there but keep my local network on Wifi? Or is that not possible? I'm assuming it's not just wondering if there's any alternatives.
View 2 Replies View RelatedHow to configure vpn client on windows 7 professional 32 bit os
View 2 Replies View RelatedCan An ISP Filter Traffic within the VPN Tunnel? Sounds weird but..We have a Avaya IP Office 500 Head end Phone Server. Several 5610 IP Phones.I've setup a PIX 501 to Connect to our ASA 5510. In the Office, going from one Public IP Subnet to the Public IP on the ASA 5510 I'm able to connect up the 5610 IP Phone through the PIX 501 through the ASA 5510 to the IPOffice 500 Server and place calls.I take the same setup home and connect it to my Comcast Internet connection anf it does not work. I can connect a Laptop behind the PIX501 and Connect to the HQ network just fine. I can see the Phone do a TFTP Transfer to the VM Server, though it stops short can cannot connec to the Call Server.
I then gave the unit to 4 other Comcast Users, all of them do not work.I then gave it to a AT&T DSL user, works Great! then another local DSL ISP (Sonic.Net) and it works great.Same hardware, same VPN, Same everything except ISP.Both With Comcast we tried directly to the Cable Modem, or behind a edge router. PCs connect, Phone does not.The thing I do not understand is If Comcast is filtering something, how can they filter something that is in my VPN Tunnel?
I have a problem with my asa phone proxy. i have two ASA 5520 in HA. I have 10 phone register with ASA active primary. if i execute the command show phone-proxy secure-session. i can see the phone session on the ASA.
if i perform the same command on the passive ASA i can't see the session replicated from the active member.
If i switch the cluster the phone enter in a registrating loop and can't connect to the ASA now active.
If i switch back immediately (the session are still present on the first asa) the phone register again and all works
the ASA have version 8.4(5)
the phone are a 7921g
is normal that the skinny don't start again and re-register the phone on the ASA that became active after failover?
We have discovered Nortel/HP C-GbE2 switches on our network are sending spanning tree Topology Change Notifications (TCN). The HP switches only have servers connected and no other switches leading to any other network segment so we are not clear why the switches are sending spanning tree TCNs every second. We do not have a support contract. Can anyone on the Cisco side speak to what's referenced on page 5-6 of the attached document? I found the attached document which talks about diabling spanning-tree (page 5-6) in Cisco environment but wanted to consult with an expert before proceding. Document (Configuring Nortel Gigabit Ethernet Switch Modules for IBM BladeCenter in a Cisco Environment Solution Brief.
View 0 Replies View RelatedCurrently using Cisco ISE 1.1 to authentication both dot1x and mab from Cisco switches. Both features are authenticating properly.When we use a Nortel/Avaya switch for the authenticator, we are unable to authenticate using mac bypass (non-eap (or neap) in Avaya talk..). The correct authentication policy is found in the ISE, but the mac address is not found in the database. We know it is there because the same mac is authenticating with the Cisco switch. Dot1x authenticates properly from both the Cisco and Avaya authenticators. Could this be an issues with the username/password format in the Radius packet from the Cisco?
View 5 Replies View RelatedIf the ports on a 5508 can only perform etherchannel(no LACP or PAGP), only on mode, how does a 5508 create a bundle with a nortel switch?
View 1 Replies View RelatedWe have 2 x Nortel 8600s (now Avaya) that are 6-7 years old. They have 96 1GB ports on each and we only use about 30 and the CPU average is around 2% and memory is 40% (256mb). Going into 8600s we have 8 x Nortel 5520 48port gig switches.
We want to replace the 8600s at some point and I wondered roughly what Cisco device would possible suit us. We are not after the best high end switches that we will never utilise, but ones that will aid us grow for the next 5 years.
We are having one HP core switch and VLAN is configured on it. Four Nortel BES1010(24port) switches will be connected to this HP switch. We need to configure the VLAN tagging in the Nortel switches in order to make deices connected to nortel switches can communicate with devices in the VLAN.
View 3 Replies View RelatedIs the 9971 phones supported for phone proxy (since it`s SIP and SIP i think it`s not supported for Phone proxy).
View 2 Replies View RelatedWe have 3 Nortel RG 9150 remote PBXs installed at a branch location, and they have been functioning well for years plugged into 3Com 4500 10/100 switches. These switches have a very basic configuration; nothing special. We are transitioning over to Cisco 2960 switches with very basic configurations. The problem is that when we plug the 9150 into the 2960 switch, the RX light flashes like it should, but the TX light only flickers intermittently. We cannot ping it from the switch or local router. Everything in this building is in VLAN 1. I've tried turning on full duplex on the 9150 and/or hard-setting the speed/duplex on the 2960 switch. The company that maintains our 9150 sent a guy out who was completely puzzled by this too. In some ways this seems too basic to be a problem, but it is. The twist on this problem is that the 3Com switch, which the 9150s are plugged into, is connected directly into the Cisco 2960 that I can't make them work on. Plug them into the 3Com, they work; move them upstream to the Cisco, and they stop, even after I reboot them.
Here are the port configs of the 3Com and Cisco switches.
Cisco
interface FastEthernet0/15
switchport mode access
[Code].....
I have a customer that wants to change their Nortel 5520 switches to a Cisco solution, and I wanted to ask what would be a good solution for this customer. presently they have 4 48 port PoE and 2 24 port PoE stackable 5520, and they are interested in redundant power supplies for the switches. I was thinking that the 3750 is good for this site.
View 4 Replies View RelatedI've just completed a port security project at a site on numerous Cisco switches and all works well, however they have 2 Nortel 5520 switches (which I left until the end) which they would like to lock down. I have logged a message on the Nortel forums and I have heard nothing for days. I just need to lock 2 ports down to the Mac address of 2 computers stopping any other computer being plugged in.
View 2 Replies View RelatedHow to configure dynamic VLANs (IP subnet-based) using Nortel JDM? My company is now using port based VLAN and it wastes a lot of time reconfiguring the port to its VLAN everytime their devices moved from one place to another place. So I think using IP subnet-based VLAN might solve the problem?
View 1 Replies View RelatedI have a Cisco 3560 connected via fiber to a Nortel 1612G. The connection is up/up, the V LAN's on the switch work as needed, but I can not ping the switch from the Nortel, and as a result I can not remote into the Cisco for management. I see in the configuration for the trunk that it is configured for a native v LAN, but I don't see it defined which v LAN's are allowed, could this be the issue? I will provide some of the config information for the Cisco side, I understand the issue may be on the Nortel end but if the Cisco part looks OK?
Port config for the trunk:
interface GigabitEthernet0/49
description port_6_1612G
switch port trunk encapsulation dot1q
switch port trunk native v LAN 120
switch port mode trunk
Native v LAN config:
interface Vlan120ip address 172.16.120.11 255.255.255.128
Connecting a legacy Nortel switch (425/450/470/BPS) to a Nexus 7000 via gigabit fiber? I have a customer trying to do it and they say that the connection never comes up. The support on the Nortel stuff is long since expired, so Avaya is not being particularly useful. Apparently Cisco says the issue is "fast link pulse to the BayStack to determine the capabilities of the uplink and the BayStack is returning all zeros." I have not verified this and actually have not yet gotten my hands on the Nexus side of things
View 2 Replies View RelatedI just trying to setup a dhcp server in my catalyst 3560 switch for a nortel ip phones. I show you mmy configuration:
VOICE VLAN: 3
DATA VLAN: 1
S1:10.2.110.200
port:4100
Nortel IP Phones: IP 2002 (Firmware Version 0604D9H) & IP 1110 (Firmware Version 0623C7)
Switch Configuration:
aaa new-model!aaa session-id commonip subnet-zeroip routing!ip dhcp pool datos network 10.2.100.0 255.255.255.0 default-router 10.2.100.1 lease 0 2!ip dhcp pool voice network 10.2.110.0 255.255.255.0 default-router 10.2.110.200 option 191 ascii "VLAN-A:3" option 128 ascii "Nortel-i2004-A,10.2.100.200:4100,1,5." lease 0 2!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy
[Code]...
I got a problem yesterday with a customer that says that the calls from a CISCO IP Phone 7961 to an Alcatel 4018 IP Touch didn't work, well the phone rings but there's no voice; I manage a CISCO ASA version 8.2(1) and I was checking the Inspection Rules in the Service Policy Rules section and when you open the inspection_default at the Rule Actions tab I find that the H.323 H.225 and H.323 RAS box wasn't checked so I ask to the customer to made a test and the same problem happen so I checked both box and again ask to the customer for a test and it works.
I was talking to a partner and he said that maybe this Inspect fix some signaling parameters of this protocol that can't work fine behind of a firewall.
Switch is a Nortel 5520
PC is Windows 7, with Intel 82579LM adapter
When PC was first attached to network, it could not ping gateway(switch). Turns out it was broadcasting for the gateway's MAC address, but never got a response. Tonnes of testing later, if I just change one number on the MAC address of the adapter, it receives a reply from the switch and can ping the gateway.
Why doesn't the native MAC address work?
Update: Just the vendor portion is the determining factor. As long as it starts with 2C-59-E5, it will not work. 2C-58-E5 will.
Update 2: Pinging anything in the same subnet works, just pinging the gateway interface of the switch doesn't happen. Tried on multiple drops, and there are other devices on those drops.
How I can actively monitor the interfaces and overall status of 2 x ASA 5500s in an Active/Standby configuration?
I can setup monitoring of the interfaces on the Active member but I'm not sure how to manage the Standby member?
We were having a discussion of ios firewall vs. asa for smaller clients(less than 50). On using ios firewall(zbf or cbac)and an asa 5505/5510. One of the arguments brought up on using ios firewall on the router is that a router will do an ip sla failover. I have configured a number of isr's for this and i know it works good.
View 1 Replies View RelatedI have a Cisco ASA 5505 in our office. We are currently using Interface 0 for outside and 1 for inside. We only have 1 Vlan in our environment. We have two three switches behind the firewall. Today the uplink to Interface 1, to the firewall, on the switch went bad. I want to setup a second inside interface on the firewall and configure it as failover incase this happens again. I want to attach it to the other switch. Can I do this? If so, what do I need to do? would it only be a passive/standby interface?
View 1 Replies View Relatedsetting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
I have been working with ASA 5510,20,40,80 but not with 5505 this vlan and its interfaces are quite confusing.Just want to know how it works and its connectivity to Cisco Switch.Do i have to put the interface of the switch in the same vlan as i am creating the interface vlan in firewall ?Now the switch port connecting to this Eth1 interface should also be in the same vlan ? i.e vlan3 ?? or it will be in trunk ? The default configuration shows the eth0 with no access vlan and interface eth1 with access vlan 2... does it mean the eth0 is in vlan1 ? (Nativ Vlan ) ???
View 4 Replies View Related
