Solved: dial-peer-pstn - Page 2

nettuno8_20111 · ‎11-22-2021

hi i am sorrenrino ciro i have a router 2901 cme 7.0, i configured a dial-peer .T that goes on the pstn and i configured the g0 / 0 interface as pppoe which is connected to the internet, but i have a problem sometimes the pstn line and busy I did a dial-peer show and I saw that there are numbers like 0065349980 that I think come from the internet and I occupy the pstn that I can do to prevent this.

nettuno8_20111 · ‎11-28-2021

hi it seems that I solved the problem as you said I gave a ccsip debug and they were packets sip udp / rtp port which ranged from 5060 to 5205 and dynamic ip addresses that were connected to my ip address. my router is connected to the internet because i have 25 hosts that connect to the internet and a local server, which can also be connected remotely. take a look at the ACL configuration. now I have only a small problem I have created a standart ACL for the vty line, from local it is fine but remotely I do not know how to configure it in fact remotely I no longer connect to the router.

Standard IP access list 1
10 permit 192.168.0.2
20 deny any (44 matches)
Extended IP access list 100
10 permit ip 192.168.0.0 0.0.0.255 any (1282 matches)
20 permit ip host 192.168.10.10 any
30 deny ip any any (1249 matches)
Extended IP access list 101
10 permit tcp any any eq telnet (45 matches)
20 permit tcp any any established (5782 matches)
30 permit tcp any any eq 3389 (15 matches)
34 deny udp any any range 5060 6000 (13 matches)
40 permit udp any any (3419 matches)
80 deny ip any any (504 matches)
router-isp(config)#

Roger Kallberg · ‎11-28-2021

Your standard ACL only allows traffic from one IP. If you want to allow access to the VTYs from multiple devices you can define a range of IPs to allow access from internal networks. For example allow traffic from any IP in the 192.168.x.x networks by this 10 permit 192.168.0.0 0.0.255.255.