 |
Здравствуйте, гость ( Вход | Регистрация ) |
Форум системных администраторов > Просмотр профиля|
Профиль
Фотография
Рейтинг
Опции
О себе
MacroS не указал(а) ничего о себе.
Личная информация
MacroS
Новичок
Возраст не указан
Пол не указан
Место жительства не указано
День рождения не указан
Интересы
Нет данных
Другая информация
Skype: a.dudnikoff
Jabber ID: Нет данных
Статистика
Регистрация: 30.12.2007
Просмотров профиля: 499*
Последнее посещение: 25.12.2009, 12:52
Часовой пояс: 9.2.2010, 14:43
34 сообщений (0 за день)
Контактная информация
 Нет данных
 Нет данных
 Нет данных
 Нет данных
 скрыто
* Просмотры профиля обновляются каждый час
|
Темы
Сообщения
Комментарии
Друзья
Содержимое
29 апр 2009
Добрый день!
Имею следующее: Cisco Unified Communication Manager 6.0.1 Cisco 2851 (Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(3i)). Схему подключения смотрите во вложении. Конфиг 2851: Код version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname Cisco2851-MTK ! boot-start-marker boot-end-marker ! card type e1 0 0 logging buffered 51200 warnings enable secret . ! aaa new-model ! ! aaa authentication login vty-in local-case aaa authorization exec default local aaa authorization network default local ! aaa session-id common ! resource policy ! clock timezone KRG 6 no network-clock-participate wic 0 ip subnet-zero ! ! ip cef ! ! ip domain name yourdomain.com ip name-server .................. ip name-server .................. ip inspect name Firewall dns timeout 30 ip inspect name Firewall esmtp ip inspect name Firewall ftp ip inspect name Firewall ftps ip inspect name Firewall h323 ip inspect name Firewall http ip inspect name Firewall https ip inspect name Firewall realaudio ip inspect name Firewall rtsp ip inspect name Firewall ssh ip inspect name Firewall imap reset ip inspect name Firewall rcmd ip inspect name Firewall sqlnet ip inspect name Firewall tftp ip inspect name Firewall tcp ip inspect name Firewall udp ip inspect name Firewall icmp ip inspect name Firewall pptp ip inspect name Firewall pop3 ip inspect name Firewall ntp ! carrier-id Test ! voice-card 0 no dspfarm ! ! voice call send-alert voice call disc-pi-off voice call convert-discpi-to-prog voice rtp send-recv ! voice service voip allow-connections h323 to h323 allow-connections h323 to sip allow-connections sip to h323 allow-connections sip to sip ! ! ! voice class codec 1 codec preference 1 g711ulaw codec preference 2 g711alaw codec preference 3 g729br8 codec preference 4 g729r8 codec preference 5 g723r53 codec preference 6 g723r63 ! voice class codec 2 codec preference 1 g729br8 codec preference 2 g729r8 codec preference 3 g711ulaw codec preference 4 g711alaw ! ! ! voice class h323 1 h225 timeout tcp establish 30 call start fast ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-3112367344 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3112367344 revocation-check none rsakeypair TP-self-signed-3112367344 ! ! crypto pki certificate chain TP-self-signed-3112367344 certificate self-signed 01 ------------------------- ! application service cmeaa flash:aa/its-CISCO.2.0.2.0.tcl paramspace english language en paramspace english index 0 param aa-pilot 5000 param operator 100 paramspace english location flash:aa/ ! ! username Macros ............. ! ! controller E1 0/0/0 ! controller E1 0/0/1 ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 10.40.5.1 255.255.255.192 ip virtual-reassembly no snmp trap link-status ! interface GigabitEthernet0/0.80 encapsulation dot1Q 80 ip address 10.30.0.1 255.255.254.0 ip virtual-reassembly no snmp trap link-status ! interface GigabitEthernet0/0.100 encapsulation dot1Q 100 ip address 10.40.0.1 255.255.255.0 ip virtual-reassembly no snmp trap link-status ! interface GigabitEthernet0/0.101 encapsulation dot1Q 101 ip address 10.40.1.1 255.255.255.0 ip virtual-reassembly no snmp trap link-status ! interface GigabitEthernet0/1 ip address YYY.YYY.YYY.YYY 255.255.255.248 ip virtual-reassembly duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 10.40.5.62 ip route XXX.XXX.XXX.XXX 255.255.255.255 ZZZ.ZZZ.ZZZ.ZZZ ! ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat service allow-h323-keepalive ! ip access-list extended From_Inet_KT permit ip host XXX.XXX.XXX.XXX host YYY.YYY.YYY.YYY deny ip any any ! access-list 23 permit ............ access-list 23 permit ............ access-list 23 permit ............ access-list 23 permit ............ access-list 23 permit ............ ! ! ! ! control-plane ! ! ! ! ! ! ! dial-peer voice 15 voip huntstop service cmeaa destination-pattern 1.. progress_ind setup enable 3 session target ipv4:10.30.0.3 incoming called-number 5000 dtmf-relay h245-alphanumeric codec g711ulaw ! dial-peer voice 20 voip huntstop destination-pattern 996. progress_ind setup enable 3 voice-class codec 2 session target ipv4:XXX.XXX.XXX.XXX dtmf-relay cisco-rtp no vad ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 23 in privilege level 15 logging synchronous transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 logging synchronous transport input telnet ssh ! scheduler allocate 20000 1000 ntp clock-period 17180272 ntp server 208.67.115.181 ntp server 203.158.118.3 ntp server 81.0.235.220 ntp server 195.10.6.126 prefer ! end 2851 прописана на CUCM как H.323 Gateway. Мера нужна для выхода на международку. В общем проблема в следующем делаю вызов себе на мобилку (в принцыпе без разницы), в телефоне слышу гудки (вызов), начинает звонить мобила, поднимаю трубку. В мобилке тишина, в телефоне (IP) продолжают идти гудки (вызов), так продолжается секунд 10 потом все отваливается. Что и где не доконфигурял не могу понять. Если звонить без 2851, прописав Меру как H323 Gateway и идти через нат на ASA5510 то все работает, но задача организовать все именно через 2851.
Эскизы прикрепленных изображений
21 марта 2009
Приветствую всех! Вопрос собственно по сабжу. Имею:
HP DL380- G5E5410 (Rack2U XeonQC2.5Ghz(12Mb)/2x1Gb/P400wBBWC(256Mb/RAID6/5/1/0/1+0)/3x146Gb10kSFFHDD(8)/DVD-RW.noFDD/iLO2std/2xGigEth) SW Only, Unified CM 6.0 For HP DL380-G5 /1CPU or 7835-H2 Поставил как по доке положено: Boot order: CD, C:, Floppy Сконфигурял: RAID type: 1(1+0) и один добавил в spare. После медиа чек выдает: The hardware you are using is not supported for this product. Installation will now halt. И соответственно далее не ставится. На cisco.com не нашел поддержку процессора Xeon 5410 - в этом ли причина? Помогите разобраться? Может ли это быть из-за не выбранного - OS Selection: Linux? P.S.: Пытаюсь ставить удаленно поключившись через iLO.
1 апр 2008
Имеем туннель между ASA 5505 и Cisco 2851. Имеем средство мониторинга ZaBBiX за 2851 пингует через туннель Принтер находящийся за ASA. Проблема в том, что в конце рабочего дня принтер отключают, и соответственно zabbix начинает ругаться. Хотелось бы пинговать внутренний интерфейс ASA через туннель.
sh ver: CODE Cisco Adaptive Security Appliance Software Version 8.0(3) Device Manager Version 6.0(3) Compiled on Tue 06-Nov-07 22:59 by builders System image file is "disk0:/asa803-k8.bin" Config file at boot was "startup-config" Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Internal ATA Compact Flash, 128MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0) Boot microcode : CN1000-MC-BOOT-2.00 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.01 IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04 0: Int: Internal-Data0/0 : address is 001e.f761.9364, irq 11 1: Ext: Ethernet0/0 : address is 001e.f761.935c, irq 255 2: Ext: Ethernet0/1 : address is 001e.f761.935d, irq 255 3: Ext: Ethernet0/2 : address is 001e.f761.935e, irq 255 4: Ext: Ethernet0/3 : address is 001e.f761.935f, irq 255 5: Ext: Ethernet0/4 : address is 001e.f761.9360, irq 255 6: Ext: Ethernet0/5 : address is 001e.f761.9361, irq 255 7: Ext: Ethernet0/6 : address is 001e.f761.9362, irq 255 8: Ext: Ethernet0/7 : address is 001e.f761.9363, irq 255 9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255 10: Int: Not used : irq 255 11: Int: Not used : irq 255 Licensed features for this platform: Maximum Physical Interfaces : 8 VLANs : 3, DMZ Restricted Inside Hosts : 10 Failover : Disabled VPN-DES : Enabled VPN-3DES-AES : Enabled VPN Peers : 10 WebVPN Peers : 2 Dual ISPs : Disabled VLAN Trunk Ports : 0 AnyConnect for Mobile : Disabled AnyConnect for Linksys phone : Disabled Advanced Endpoint Assessment : Disabled This platform has a Base license. sh run: CODE ASA Version 8.0(3) ! hostname ASA5505-exs-4mk-OK03 domain-name exs.com enable password ************** encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 172.17.22.49 255.255.255.240 ! interface Vlan2 nameif outside security-level 0 ip address XXX.XXX.XX.162 255.255.255.248 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd *************** encrypted ftp mode passive clock timezone WAZ 6 dns server-group DefaultDNS domain-name exs.com access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 172.17.5.0 255.255.255.248 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.74 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.88 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.26 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 172.17.44.0 255.255.255.0 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.2 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.90 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.87 access-list VPN_filial_exs extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.99 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 172.17.5.0 255.255.255.248 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.74 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.88 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.26 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 172.17.44.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.2 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.90 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.87 access-list inside_nat0_outbound extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.99 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 172.17.5.0 255.255.255.248 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.74 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.88 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.26 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 172.17.44.0 255.255.255.0 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.123.2 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.90 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.87 access-list Inside_Permited extended permit ip host 172.17.22.62 host ZZZ.ZZ.ZZ.190 access-list Inside_Permited extended permit ip 172.17.22.48 255.255.255.240 host 172.17.5.99 pager lines 24 mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 global (outside) 101 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 101 0.0.0.0 0.0.0.0 access-group Inside_Permited in interface inside route outside 0.0.0.0 0.0.0.0 XXX.XXX.XX.161 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication serial console LOCAL aaa authentication ssh console LOCAL http server enable http 172.17.22.50 255.255.255.255 inside http ZZZ.ZZ.ZZ.190 255.255.255.255 outside http YYY.YY.YY.18 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 20 match address VPN_filial_exs crypto map outside_map 20 set peer YYY.YY.YY.18 crypto map outside_map 20 set transform-set ESP-AES-256-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 telnet timeout 5 ssh YYY.YY.YY.18 255.255.255.255 outside ssh ZZZ.ZZ.ZZ.190 255.255.255.255 outside ssh timeout 6 console timeout 0 threat-detection basic-threat threat-detection statistics access-list ntp server YYY.YY.YY.18 prefer username ******************************** encrypted privilege 15 username ******************************** encrypted privilege 15 tunnel-group YYY.YY.YY.18 type ipsec-l2l tunnel-group YYY.YY.YY.18 ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect xdmcp inspect pptp ! service-policy global_policy global prompt hostname context При посыле пинга на внутренний интерфейс ASA она отвечает с внешнего интерфейса, соответственно пинг не возвращается: CODE debug icmp trace 255 debug icmp trace enabled at level 255 CISCO# ICMP echo request from 172.17.44.12 to 172.17.22.49 ID=1280 seq=27395 len=32 ICMP echo reply from XXX.XXX.XX.162 to 172.17.44.12 ID=1280 seq=27395 len=32 ICMP echo request from 172.17.44.12 to 172.17.22.49 ID=1280 seq=27651 len=32 ICMP echo reply from XXX.XXX.XX.162 to 172.17.44.12 ID=1280 seq=27651 len=32 ICMP echo request from 172.17.44.12 to 172.17.22.49 ID=1280 seq=27907 len=32 ICMP echo reply from XXX.XXX.XX.162 to 172.17.44.12 ID=1280 seq=27907 len=32 ICMP echo request from 172.17.44.12 to 172.17.22.49 ID=1280 seq=28163 len=32 ICMP echo reply from XXX.XXX.XX.162 to 172.17.44.12 ID=1280 seq=28163 len=32 Конфиг 2851 не могу выложить, но уверяю туннель работает и живой, с туннелем ни каких проблем. Имеются ли у кого либо какие идеи? Или может кто сталкивался с подобной ситуацией? |
Просмотры
Комментарии
Другие пользователи не оставили комментарии для MacroS.
Друзья
Друзей нет.
|
|
Текстовая версия | Сейчас: 9.2.2010, 11:43 |
| ||
8 Jul 2009 - 7:10