Solved: Configuration of Cisco 2911 for Asterisk

trinhphanle · ‎11-14-2013

Hi all

I use Cisco 2911 for Asterisk phone system communicate with external.

However, sometime I can make call in and out. Sometime, just call in or out. Sometime, cannot make any call.

I think it is the NAT, PAT and ACL in Cisco 2911 problem. This Cisco is also a gateway to internet for users.

Please any advice

Thanks a lot

Here is the configuration:

Router#show run

Building configuration...

Current configuration : 1981 bytes

!

! Last configuration change at 20:06:06 UTC Thu Nov 14 2013

! NVRAM config last updated at 15:04:59 UTC Tue Nov 5 2013

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxxxx

!

no aaa new-model

memory-size iomem 20

!

no ipv6 cef

ip source-route

ip cef

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2911/K9 sn FTX1603AH9C

!

interface Embedded-Service-Engine0/0

no ip address

!

interface GigabitEthernet0/0

description internal-LAN

ip address 172.x.x.x 255.255.0.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

encapsulation dot1Q 11

ip address 172.16.x.x 255.255.240.0

!

interface GigabitEthernet0/2

description internet

ip address 50.240.x.x 255.255.255.240

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/2 overload

ip route profile

ip route 0.0.0.0 0.0.0.0 50.240.x.x

ip route 0.0.0.0 0.0.0.0 172.10.0.30 name ROUTE-VPN-REMOTE

ip route 172.16.240.0 255.255.254.0 172.10.x.x

!

access-list 100 permit ip 172.10.0.0 0.0.255.255 any

access-list 100 permit ip 172.16.240.0 0.0.0.255 any

access-list 100 permit udp any any range 5004 5090

access-list 100 permit udp any any range 10000 20000

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

Leo Laohoo · ‎11-14-2013

Who is your voice service provider (VSP)? Verify if they support NAT and/or ALG?

View solution in original post

Leo Laohoo · ‎11-14-2013

Who is your voice service provider (VSP)? Verify if they support NAT and/or ALG?

trinhphanle · ‎11-14-2013

Oh!

So if they not support NAT. I hust use no NAT at all, is it correct?

Thanks

Leo Laohoo · ‎11-14-2013

There are some VSP where they do the NAT. If your VSP (like mine) do the NAT, then you need to globally disable NAT in your Asterisk.

My VSP also recommends I disable ALG on my router.

So you need to ask you VSP.

trinhphanle · ‎11-14-2013

Thanks, but I really confuse that if VSP do not need NAT, I can disable it in Asterisk. But with Cisco 2911, what can I do with NAT?

Thanks