Cisco VPN :: 5505 VoIP Over VPN Traffic

Sep 26, 2012

I am tasked to connect my VoIP phones from remote site to my  corp site. Basically all remote phones will be registering into a VoIP server in corp site. I have a site to site  vpn tunnel established already from remote site to corp site. My hardware includes the following:

-Cisco ASA 5505
-Cisco small business POE switch SF300 24p
-Avaya 2015p VoIP phones
 
Successfully Register remote VoIP phones to corporate VoIP server 10.30.18.55.I have already configured vlan1 10.30.15.0/24(inside lan) and vlan2 public int(outside Internet) which my dmz only allows 2 per my basic asa licensing.When I connect my phones and register it states "subnet conflict" unable to register.

View 1 Replies


ADVERTISEMENT

Cisco :: Splitting Up VOIP Traffic?

Jun 26, 2012

I have a little weird request at work. One of our offices would like to split the VOIP traffic. At that office we have a 10MB primary and 3MB backup circuit. Currently the phones are routing over the 10MB circuit. The General Manager would like to use the 3MB backup circuit for VOIP traffic. For the 3MB we have two T1 lines bundled together in a multilink. Configuration is bellow if needed

3MB Circuit

View 19 Replies View Related

Cisco VPN :: 1921 Transmitting Of VoIP Traffic Through VPN

May 30, 2011

I am facing a problem with transmitting of VoIP traffic through VPN.
 
I have a 1921 router in my end where two ISP's terminate and load balancing is done over the ISP'S. I also have a site-to-site IPSEC VPN connection to remote location. Also I am having to analog phones connected to the network through an ATA. My Call manager is in the peer end and has public IP assigned to it. The IP phones get registered when coonected to general inernet connection.
 
The loadbalancing and VPN is working fine. Now I need to transmit the VoIP traffic over the VPN. I have configured the same but seems not working. [code]

View 5 Replies View Related

Cisco Firewall :: ASA 5510 / QOS For VOIP Traffic To And From Internet

Apr 20, 2011

We are using an ASA 5510 as our gateway to our ISP.  All of our VOIP traffic is sent to an Internet SIP provider for our outbound calls.  Our pipe to the Internet is 100Mbps metro ethernet.  I am trying to find a way to provide QoS for this traffic so that I can reserve 20Mbps of the available 100Mbps pipe for VOIP traffic.From what I've been able to figure out so far I would use a combination of priority queues and traffic policing.  However, it seems that this is nearly impossible to accomplish because I cannot control the remote device that my ASA connects to because it is the ISP device.  I could police traffic on the inside interface of the ASA.  However, lets say that a client on our network starts downloading from an Internet host and the downloaded traffic saturates my Internet connection.  I could police this incoming (from the Internet) traffic on my outside interface of the firewall.  This would drop the packets but the bandwidth would have already been used by the time it reaches my firewall.Would the fact that I'm policing incoming traffic on my outside interface cause the sender to throttle down their transmit rate because packets are being dropped?  Would this achieve my goal of guaranteeing available bandwidth for my VOIP traffic by not allowing other traffic to saturate the link?Most documents I find regarding this topic describe providing QoS for VOIP traffic traversing a VPN connection in which case you could configure both end devices.

View 1 Replies View Related

Cisco Switches :: SF300 24p And VLan For VoIP Traffic?

Jan 2, 2012

I have a SF300 24 P and Iam trying to configure a voice vlan this is what I have done so far and it doesnt work.
 
1. create vlan 30 for voice traffic and enable it

2. Telephony OUI add my mac address for allworx phones

3. Port to VLAN add 30 has tagged, port to vlan 1 untagged

4. Vlan to port I try to add 30 and get this error (Port e15 is candidate in voice Vlan 30 and cant be configured as static member in the vlan.

5. Under Discovery LLDP, LLDP MED port  Setting Enable MED status, then all other options to yes
 
In my LLDP neighbor  information all my phones are there and says under port ID 0 ( my phones support LLDP and CDP)

View 1 Replies View Related

Cisco Switching/Routing :: 2960 - VOIP Traffic Prioritization

Dec 28, 2011

I have a new VOIP implementation using 2960 switches. I want to prioritize voice traffic. After creating VLAN 2 I did the following:

Per Cisco, I did the following on my up-link ports:

switch port trunk allowed vlan 1,2
switch port mode trunk
switch port nonegotiate
priority-queue out
mls qos trust cos
switchport trunk allowed vlan 1,2
switchport mode trunk
switchport nonegotiate
priority-queue out
mls qos trust cos
spanning-tree port fast trunk
spanning-tree bpduguard enable
 
On my ports where a VOIP phone was plugged in, I did the following:
 
switch port trunk allowed v lan 1,2switchport mode trunk switch port no negotiate priority-queue outmls qos trust cos spanning-tree port fast trunk spanning-tree bpduguard enable
  
How can I verify that my voice traffic is being prioritized?

View 5 Replies View Related

Cisco Switching/Routing :: QOS For VOIP Traffic On Nexus 7000

Mar 4, 2012

regarding QOS on Nexus 7000. Our Nexus 7000's form a collapsed distribution/core layer, our access layer switches are are a mixture of Cisco 3750 & Cisco 4507. 3750 switches will connect to Nexus switches via 1Gb uplink, 4507 switches will connect via 10Gb uplinks. Each Nexus will be connected via 20Gb port channel, all servers connect to the Nexus switches via 1Gb links. We're implementing a new telephone system soon which will be using VOIP so I need to configure the switches to perform QOS. The IP phones will mark the RTP traffic with DSCP value EF and call signaling traffic CS3. I'm fine configuring qos on the access layer switches, its just the Nexus switches which I'm not sure about.
 
Do I actually need to configure any QOS parameters on the Nexus switches so they will prioritise the VOIP traffic. If my understanding  the Nexus switches will trust the DSCP values and assign the traffic to the relevent queues?
 
Just for information VOIP is the only traffic I will be marking QOS values

View 3 Replies View Related

Zyxel USG50 / How To Best Allow For Unfettered VOIP Traffic Behind A Security Firewall

Mar 12, 2013

I have a customer who has a Zyxel USG50 security firewall on their network. They utilize a cloud hosted voip solution called Vocalocity that provides SIP voip service to their Cisco phones. They have about 8 phones in a small office.the problem they are having is that as it stands now, all VOIP phones in the office are dynamically assigned addresses internally. However, the VOIP phones are having a ton of issues that we believe may be related to the firewall blocking traffic somehow or not playing nicely with the service.

- Some calls are dropped altogether
- Some calls do not ring all phones
- Some phones keep ringing even after a call is picked up

While Vocalocity has admitted that they have the "ghost ringing" issue going on with other customers, the dropped calls and not all phones ringing could be firewall related. We are trying to pinpoint what may be going on.i did open up all of the ports that the VOIP provider claims are used by their service, 5060-5090. However, some 5060 packets still seem like they are being blocked in the firewall logs.How does everyone else out there setup their VOIP phones internally to have unfettered access to the internet? Do you recommend just using the DMZ functionality (which I can do on this USG device) or bypassing the firewall altogether somehow? We have some spare switches and another home level Netgear router we can use for testing.

View 8 Replies View Related

Cisco Firewall :: Open Ports On ASA 5505 For VoIP?

May 5, 2013

I'm working on setting up a PBX server in our office, and I'm having trouble getting a port opened for SIP on my ASA 5505.I created static NAT rule for SIP traffic from internal server to the outside IP address.I created access rules on outside interface to forward port 5060 to internal PBX server (192.168.1.8)I also disabled sip packet inspection on the ASA.I'm still receiving a message from the PBX that the firewall is configured incorrectly. 
 
[code]....

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Configure QoS And VOIP With SIP Trunking?

Sep 16, 2012

[URL] I am not savy configuring ASAs at all and I can't get it to work. We are switching to a SIP trunk phone system and I am in charge of setting up the ASA to not only make it work but also make sure that there's packet priority or QoS.I've never configured something like this and I was giving another set of instructions to make sure that this is working:

[URL]

Configuration:
My configuration is very basic:
3 interfaces - Outside/Inside/Guest
ASA Version: 7.2(3)
ASDM Version 5.2(3)
Firewall Mode: Routed
 
Solution: When I tried following the instructions on brian-kayser's blog I get an error when I'm sending the following command:

shape average
^  Invalid marker
service-policy PRIORITY-POLICY
^ Incomplete command 
 
I think it's because my version of ASA doesn't have this functionality but I don't know.

View 5 Replies View Related

Cisco WAN :: 5505 - Site To Site VPN And Voip

Jun 6, 2013

I have still been assigned the task of building a site to site vpn tunnel to our remote site (this will be with two ASA 5505's) which I think I can do. My question is how can I distribute our voip vlan to assign IP's to the phones on the remote switch if the router won't pass this info? Or at least get our phones to register from the remote site through our tunnel?
 
Our current voip is a hosted vendor, but we have it pushing to vlan200. Any phone connected to this vlan will get an auto assigned ip and the phone will sync. If i setup dhcp on the remote firewall then i will see duplicate ip's being assigned to the phones.

View 9 Replies View Related

Cisco WAN :: LAN Traffic Not Getting Out On ASA 5505

Apr 18, 2012

For some reason my ASA is preventing my traffic from going out. I've added some crumby access-list and applied it to NAT for it to work. I don't like this. I know it is not right, but I am not sure what part is wrong. I will highlight the stuff I have added to make it work. I don't see what I am missing. If I were to remove these lines my ASA could ping in both directions (in and out), but my LAN cannot do anything but ping the ASA. No other traffic is going out unless I have added these unsafe lines of code.
  
!
interface Vlan1
nameif inside
security-level 100

[Code].....

View 2 Replies View Related

Cisco Firewall :: ASA 5505 Ftp Traffic From Dmz To Outside

Dec 5, 2012

I am able to ftp from my Head Office to my test machine at the remote location but I can't get the other way around to work. Error message from the Syslog deny tcp src 192.168.50.5/1825 dst 208.124.202.44/21 by access-group "dmz_access_in".I try a couple of ways to fix it but no luck.A partial config of my ASA 5505. [code]

View 4 Replies View Related

Cisco VPN :: Traffic Not Passing Through On ASA 5505

Sep 7, 2011

I've got a client that recently got an ASA 5505. E0/0 is connected to the outside, E0/1 connected to the internal server (Win 2008). The ASA "local network" is 172.30.1.0/24; my internal network is 192.168.1.0/24. I'm able to connect from home through AnyConnect and get a proper address (which I've got a pool of 172.30.1.64/26 assigned for VPN users), but no traffic from my computer will go to the internal network, nor will the internal server (or the ASA for that matter) can't talk to my VPN'd computer.

On the firewall settings on the ASA, I've got it all open: any/any on both inside and outside, just to try and get anything to go through. I've even got split-tunneling working, but not traffic-passing! The config is below (redacting local AAA users).

[Code] .....

View 9 Replies View Related

Cisco VPN :: ASA 5505 - NATing For VPN Traffic Only?

Apr 9, 2013

I have a client with an ASA 5505 who has several networks he's trying to get communicating over a VPN tunnel with a remote office. One of the networks is not working because it's also in use on the management interface of the other side of the tunnel and neither side seems willing to re-IP their internal space.
 
Their proposed solution is to NAT the conflicting network on the firewall on this side to a different subnet before passing it across the tunnel. How do I implement a NAT that only the VPN tunnel uses while keeping the rest of the traffic that comes across this device un-NATted?The network in question is 192.168.0.0/24. Their desired NAT target is 172.16.0.0/24. ASA config is attached.

View 11 Replies View Related

Cisco Firewall :: Getting Any Traffic Out Of ASA 5505

Jul 24, 2011

We have a BT Infinity broadband circuit which terminates at a vdsl modem, I've plugged an ASA 5505 into the back of this modem and gone through the ADSM quick setup wizard (yes I'm that much of a beginner!) The config that's been generated is pasted below, the symptomns I'm seeing are;
 
The ASA is setup with PPPOE on the internet connection, I assume this is correct as if I do a show IP on the ASA I'm getting an IP address that has been assigned, if I change the password to the wrong one then I get no IP (as expected).
 
If I ping from the ASA to an internet connection I'm getting "no route" error messages, if I try a "ping outside x.x.x.x" then I get no repsonses.
 
The ASA can ping it's external IP, the client machines can ping it's internal, however nothing appears to be able to get out.
 
ASA Version 8.4(1)
!
hostname xxxxxx
enable password xxxxxx encrypted

[Code].....

View 15 Replies View Related

Cisco :: ASA 5505 Same Security Level Traffic?

Jun 27, 2011

I have ASA 5505 that has two inside security level 100 interfaces and an outside interface.On the inside interface we have corporate domain subnet with DC and 30 hosts. On the inside2 interface I have few servers that runs specific application important for our business needs, and dumb terminals that are connected to them.I have a laptop user that periodically needs access from our corporate vlan1 to one of the servers on inside 2 vlan via remote desktop or some other remote viewer client,so he can view reports etc.I have enabled same-security-traffic intra-interface command and added nat exempt command pointing specific laptop host machine to that specific server.

Now my main concern is regarding security. This user carries his laptop home, browses the web, puts USB memory, and you can imagine how this machine is susceptible to all kind of malicious software. Inside2 vlan is very important and until now it has been a very secure environment.This is no longer the case since all traffic between this inside sec level 100 vlan host and corresponding inside2 sec level 100 server is now allowed because of the enabled same level interface traffic and nat exemption rule. Do I have another solution that would allow communication based on just a tcp port number for this host? Something like port forwarding from outside to inside Vlan interface?

View 10 Replies View Related

Cisco VPN :: No Traffic Over Tunnel Between ASA 5505 And 5510

Dec 5, 2010

I've a asa 5510 on the main site and different ASA 5505 on secundary sites for VPN tunneling between the sites. The problem is that the tunnels are acomplished but no traffic is going over them. What am i doing wrong? For the moment there is a ASA 5505 on the main site managing the tunnels but I want the 5510 to take over the job.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Throttling Traffic?

Apr 11, 2012

We have 110mbps internet service.  When we have the 5505 behind the cable modem, our speed drops to 55mbps or so.  If we remove the 5505, we see the full 100mbps.  I assume the 5505 can handle the speed; if so, what other things should I be looking at?As an aside, we used to have 50mbps wich worked fine, then the ISP upgraded to 60mbps and the through put dropped to 30mbps  (It always seems to be half)

View 2 Replies View Related

Cisco Firewall :: Traffic With 5505 Goes To High To Low

Jun 25, 2012

My understanding is for insight to outside we need global and NAT, and for outside to inside we need static and ACL? Traffic goes to high to low, I'm just start working with 5505 recently.

View 2 Replies View Related

Cisco VPN :: ASA 5505 - AnyConnect Traffic Is Being Dropped

Feb 1, 2011

So I have an asa 5505 running ipsec and anyconnect and it has been working great for months. I have not made any changes to the config, but suddenly all of my anyconnect traffic is being dropped. The vpn uses the same subnet as the LAN. I tried putting a rule in to allow all traffic from the LAN subnet on the outside interface. Now I just get the WEBVPN-SVC Action-Drop in packet tracer.

View 1 Replies View Related

Cisco VPN :: ASA 5505 - L2L Tunnel Up / No Traffic Passes

Feb 4, 2013

Two 5505 ASA's for a customer main site and a local office.  I have the tunnel up.  But I'm unable to pass traffic across it. 
 
Main Site:
 
ASA Version 7.2(4)
!
hostname Town
enable password iNbSyJZ1ffmb9kn1 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names

[code]....

View 7 Replies View Related

Cisco VPN :: ASA 5505 - No Return Traffic Is Being Encrypted

May 26, 2012

I've configured an ASA5505 to be  Lan to Lan VPN tunnel endpoint, peering with a linux box.  The ASA is full licensed so that side isn't an issue.PROBLEM:When the tunnel is initialised from the linux box everything comes up okay except the ASA isn't encapsulation any packets.  It is decrypted the packets received from the Linux box okay but no return traffic is being encrypted.When the tunnel is initialised from the ASA, nothing happens.After some troubleshooting I've found that the ACL defining interesting traffic nor the ACL defining NO_NAT aren't being hit at all.
 
ACL for NO_NAT:
access-list NO_NAT line 1 remark ACL USED TO DEFINE WHAT TRAFFIC NOT TO NAT OVER THE VPN
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER object-group LINUX-BOXES 0xc736d5fb
access-list NO_NAT line 2 extended permit ip host PAMS_SERVER 10.11.228.0 255.255.255.0 (hitcnt=0)

[code]....
 
I've checked with the administrator of the linux box and the definition for interesting traffic is exactly the same (except in reverse as should be the case).The firewall is doing other things like NATs and such like too but those NATs have nothing to do with this VPN.  The setup is a LAN to LAN connection with no natting in between.The main parts of the config are attached, i've deleted things that should have a bearing on this however if you think it necessary i can sanitise the config and re-post.  I think it will be working fine as long as the traffic hits those ACLs, however they're not and I'm unsure why.At this time i'm not seeing anything at all when doing an debug cry ipsec or debug cry isa.  The ACL's aren't being hit so i'm guessing it's not even trying to form the VPN as it can't see any traffic that constitutes being 'interesting'.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - IPSec VPN L2L Tunnel Up But No Traffic

Mar 19, 2011

I have a Site to Site IPSEC VPN Tunnel created with ASDM wizard.
 
Cisco ASA-5505
Peer A: x.x.x.x
Lan A:     192.168.0.0    255.255.255.0
 Fortinet FortiGate-50b
Peer B: y.y.y.y
Lan B:     192.168.23.0  255.255.255.0
 
I start traffic from LAN B with a ping (or telnet it doesn't matter) that receive no reply but tunnel goes up fine.
 
"show isakmp sa" seems ok (says "State   : MM_ACTIVE")
"show ipsec sa" seems ok but all #pkts are zero
 
try ftp, telnet from LAN B to LAN A systems but no one work. "show ipsec sa" all #pkts are zero As soon as I generate traffic from LAN A to LAN B these works (with tunnel already up) also traffic from LAN B to LAN A works.Obviously if I end VPN and start tunnel making traffic from LAN A all work fine bidirectionally, LAN A reach LAN B and LAN B reach LAN A.No msg logged in either two appliance.
 
Seems a very strange problem because seems not related to Phase1 or Phase2 already established.Traffic (routing ?) start works only after at least one packet goes from LAN A to LAN B.No msg logged in either two appliance.Problems begun in ASA version 8.0(4) ASDM version 6.1(3) and remain/continue after upgrade to ASA Version 8.4(1) ASDM version 6.4(1).

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - VPN Up And Running But No Traffic

Oct 27, 2011

I have VPN up and running between two sites. Both sites have Cisco ASA 5505. I can ping across the devices from both networks. But I cannot remote into the servers on the other network.

View 8 Replies View Related

Cisco Firewall :: VLAN Traffic On ASA 5505?

Aug 15, 2011

I have a Cisco ASA 5505 that I have configured.  The outside interface is vlan 2 and the inside interface is vlan 1.  Port 0 of the ASA is configured to be in vlan 2 and is connected to the ISP provided subnet.  Port 1 is connected to my private LAN subnet.  I have an additional router connected to Port 2 for guest connectivity.  Port 2 is configured to be a member of VLAN 2 so that it can access the ISP provided subnet.  From the device connected to port 2 I can ping the vlan 2 interface address of the ASA and from the ASA I can ping the Default gateway of the ISP provided subnet.  For some reason the router on port 2 cannot ping the default gateway of the ISP provided subnet.  If the vlan were working the same as a vlan in a switch, I would expect to be able to do this. why it is not working or what I can do to get it working?

View 4 Replies View Related

Cisco Firewall :: 5505 Allow SSH Traffic From Internet To DMZ

May 24, 2011

I'm trying to allow SSH traffic from the Internet to my DMZ. I gave my remote guy my ip and he can see the ASA 5505 but not get into the DMZ. The outside is 70.165.19.137. The DMZ server is 192.168.60.2. I have the inside talking to the DMZ fine. [code]

View 9 Replies View Related

Cisco Firewall :: ASA 5505 Traffic Flow Between Interfaces

Jun 13, 2012

I am fairly new to configuring ASA's. I have an ASA 5505 with one outside interface and three inside interfaces (inside1, inside2, and management). I need inside1 and inside2 to be able to talk to eachother but cannot work out how to make this happen. They are both configured to the same security level and the 'Enable traffic between interfaces with same security level' box is ticked. I have also tried adding appropriate NAT and Access rules. The packet tracer suggests the rules are correct for allowing traffic flow between interfaces but obviosly this may not be the case.

View 14 Replies View Related

Cisco Firewall :: Bandwidth Reservation For VC Traffic In ASA 5505?

Jun 4, 2013

We have 10MB dedicated Internet BW and want to run VC device and due to heavy traffic and BW high utilization at peak hours, VC performance is not sufficient. We would like to reserve 2MB for VC device. How much possible to fix up this configuration in ASA5505 version disk0:/asa724-k8.bin [URL]

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Reserve 2Mbps For RTP Traffic

Jul 31, 2012

I have a Cisco 5505 with a 12Mbps feed.  I want to reserve 2Mbps for RTP traffic.  I followed the QoS guide here: url... The goal would be that any traffic destined for port 5000 through 5100 UDP or TCP from any IP to any IP on any interface.should always have 2Mbps available to it. 

View 5 Replies View Related

Cisco Firewall :: Traffic Shaping ASA 5510 Vs 5505?

Oct 19, 2011

Is there any difference with traffic shaping capability on the 5510 as opposed to the 5505? is there anything the 5510 can do that the 5505 cant? with regards to TShaping?

View 4 Replies View Related

Cisco VPN :: 5505 Unable To Route Traffic Through VPN Tunnel

Mar 17, 2011

We have a VPN setup and here's the configuration on the Cisco ASA 5505: [code] The problem is that i'm able to ping the otherside of the tunnel i.e. 192.168.23.14 from the dmz IP 172.16.1.2 but i'm unable to ping from the hosts behind the ASA.Also the other side is able to ping 172.16.1.2 IP but no IP's behind the ASA.

View 9 Replies View Related

Cisco Firewall :: ASA 5505 Not Allowing Incoming Traffic

Mar 15, 2012

I am trying to switch out a cisco pix 501 firewall with a cisco ASA 5505 firewall.  I am not very familiar with all of the commands for the firewalls and have always relied on a standard command line script that I use when building a new one.  Unfortunately, my script is not working with the 5505.  What I am doing wrong with the following script?  I've masked public IP info with xxx.xxx.xxx and I run it right after restoring the firewall to the factory defaults.  I am able to get out to the internet if I browse directly from one of the servers, but cannot access a web page when trying to browse to it from an outside network. [code]

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved