08-02-2012 10:34 AM - edited 03-07-2019 08:07 AM
HI guys. I hope for ur help . i have such diagram : IPOffice500(LAN:172.16.2.220, WAN:192.168.15.110/24)<->Cisco881(WAN:192.168.15.1, interface vlan20 : 192.168.20.1)<-> IP phone 192.168.20.2 .
the problem is ip phone cannot discover IPOffice. I put PC instead of ipphone with static ip 192.168.20.9/24 and able to ping 192.168.20.1, 192.168.15.1 but can not 192.168.15.110 and 172.16.2.220. then I put PC to lan port of IP office500 with 172.16.2.9/24 and able to ping 192.168.20.1, 192.168.15.1 but can not ping 192.168.20.2 or .20.10 , tracert go till .15.1 ; it's look like there is not route between .15.0 net and .20.0 network but I have configured interfaces in router and they are directly connected . Also IPOffice has route to 192.168.20.0 /28 trough 192.168.15.1 , and configured LAN& WAN interfaces. here are configs on cisco:
Current configuration : 5626 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 16:49:09 UTC Tue Jul 31 2012 by cisco
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Remote_r
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-3874039267
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3874039267
revocation-check none
rsakeypair TP-self-signed-3874039267
!
!
ip source-route
!
!
!
ip dhcp pool voice20
network 192.168.20.0 255.255.255.240
default-router 192.168.20.1
option 176 ascii "MCIPADD=172.16.2.220, 192.168.15.110,TFTPSRVR=172.16.2.220,MCPORT=1719,L2QVLAN=20,VLANTEST=600"
lease 8
!
ip dhcp pool data30
network 192.168.30.0 255.255.255.240
default-router 192.168.30.1
option 176 ascii "MCIPADD=172.16.2.220, 192.168.15.110,TFTPSRVR=172.16.2.220,MCPORT=1719,L2QVLAN=20,VLANTEST=600"
lease 8
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX162683CE
!
!
username admin privilege 15 secret 5 $1$bEaR$C/W2WAirkkytWbYHQinNf0
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 20
!
interface FastEthernet3
!
interface FastEthernet4
description WAN
ip address 192.168.15.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1452
!
interface Vlan20
ip address 192.168.20.1 255.255.255.240
!
interface Vlan30
ip address 192.168.30.1 255.255.255.240
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 172.16.2.0 255.255.255.0 192.168.15.110
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 24 permit 192.168.1.2
no cdp run
!
!
!
!
!
control-plane
!
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 24 in
privilege level 15
password sana1723
logging synchronous
login local
transport input telnet
!
scheduler max-task-time 5000
end
show ip route
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.2.0 [1/0] via 192.168.15.110
192.168.15.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.15.0/24 is directly connected, FastEthernet4
L 192.168.15.1/32 is directly connected, FastEthernet4
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/28 is directly connected, Vlan20
L 192.168.20.1/32 is directly connected, Vlan20
sho vlan-sw
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0, Fa1, Fa3
10 VLAN0010 active
20 voice active Fa2
30 data active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0
08-03-2012 12:47 PM
I resolved it myself so now my vpn is up and my ipphones are registered . The solution is one need to create ACLs to deny NATing then route-map to exclude voice net from Nating and let traffic go trough NAT outside .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide