routing issue

Abdulkader Naji · ‎06-01-2016

Hi,

I started new installation of CUCM on my network and I'm stuck oh how to route the internal LAN to reach the SIP Gateway although the router is reaching the my lan vlan ip addresses and the phone is reaching the cucm.

now from my pc with IP address 10.0.0.15 and gateway 10.0.0.249 wants to ping 10.209.4.87 but when I do that from the router with the IP Address 10.0.0.249 to ping 10.209.4.87 it pings fine.

configuration is below .

your fast response is highly appreciated.

/------------------ the router ------------------------------/
Router# sh run
no aaa new-model
ethernet lmi ce
clock timezone GMT 3 0
clock calendar-valid

ip dhcp excluded-address 10.0.0.100 10.0.0.254
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp excluded-address 10.0.0.0 10.0.0.100
!
ip dhcp pool voice
import all
network 10.10.0.0 255.255.0.0
dns-server 10.0.0.15
default-router 10.10.10.1
option 150 ip 10.0.0.245
!
ip dhcp pool data
network 10.0.0.0 255.255.0.0
--More-- dns-server 10.0.0.15
default-router 10.0.0.30
!
!
!
ip domain name nazer.com
ip host sip.nazer.com 10.196.179.85
ip name-server 10.0.0.15
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
voice-card 0
--More-- dspfarm
dsp services dspfarm
!
!
!
voice service voip
mode border-element
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
registrar server expires max 600 min 60
no update-callerid
early-offer forced
midcall-signaling passthru
g729 annexb-all
!
voice class codec 1
--More-- codec preference 1 g711ulaw
codec preference 2 g729r8
!
voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
!
voice class codec 3
codec preference 1 g729r8
codec preference 2 g711ulaw
codec preference 3 g711alaw
!
!
!
voice class custom-cptone CCAjointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
!
voice class custom-cptone CCAleavetone
dualtone conference
frequency 400 800
--More-- cadence 400 50 200 50 200 50
!
voice class custom-cptone Cust_Tone
dualtone busy
frequency 425
cadence 500 500
dualtone ringback
frequency 425
cadence 1000 4000
dualtone reorder
frequency 480 620
cadence 250 250
dualtone out-of-service
frequency 950
cadence 330 330
dualtone number-unobtainable
frequency 480 620
cadence 250 250
dualtone disconnect
frequency 425
cadence 500 500
!
!
--More-- voice class cause-code 1
no-circuit
!
voice register global
mode srst
!
!
!
voice translation-rule 1
!
voice translation-rule 2
rule 1 /^2217/ /7/
rule 2 /^0122217/ /7/
!
voice translation-rule 4
rule 15 // //
!
voice translation-rule 603
rule 1 /^603/ //
!
voice translation-rule 604
rule 1 /^1/ /801/
rule 2 /^22/ /82/
--More-- rule 3 /^26/ /86/
rule 4 /^2/ /802/
rule 5 /^3/ /803/
rule 6 /^4/ /804/
rule 7 /^5/ /805/
rule 8 /^6/ /806/
rule 9 /^7/ /807/
!
voice translation-rule 1000
rule 1 /.*/ //
!
voice translation-rule 1111
!
voice translation-rule 1112
rule 1 /^8/ //
!
voice translation-rule 2000
rule 1 /9955/ /9955/
!
voice translation-rule 2001
!
!
voice translation-profile 603
--More-- translate calling 604
translate called 603
!
voice translation-profile AA_Profile
translate called 2001
!
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
!
voice translation-profile OUT
translate called 1
!
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
!
voice translation-profile PROFILE_ALL_FXO
translate calling 4
!
voice translation-profile SIP-IN
translate called 2
!
voice translation-profile VM_Profile
translate called 2000
--More-- !
voice translation-profile nondialable
translate called 1000
!
!
!
license udi pid CISCO2911/K9 sn FGL201110VK
hw-module pvdm 0/0
!
!
!
username admin secret 5 $1$6W58$eXXpnenMhWDgF4WGmqlk//
!
redundancy
!
!
!
translation-rule 1
Rule 0 6039901 9910
Rule 1 6039902 9910
Rule 3 60399 99
!
!
--More-- translation-rule 2
Rule 0 ^7 807
Rule 1 ^6 806
Rule 2 ^5 805
Rule 3 ^4 804
Rule 4 ^3 803
Rule 5 ^26 86
Rule 6 ^22 82
Rule 7 ^2 802
Rule 8 ^1 801
!
!
translation-rule 3
Rule 0 99 60399
!
!
translation-rule 100
Rule 0 ^80 0
Rule 1 ^82 2
Rule 2 ^86 6
Rule 3 ^89 9
Rule 4 ^88 8
!
--More-- !
translation-rule 9999
Rule 1 6039999 9999
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
!
interface GigabitEthernet0/0
description $_FW_DATA
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $_FW_INSIDE$
no ip address
ip nat inside
--More-- ip virtual-reassembly in
duplex auto
speed auto
h323-gateway voip interface
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.0.0.249 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.100
encapsulation dot1Q 100
ip address 10.10.10.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
description $FW_OUTSIDE$
ip address 10.196.179.86 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
--More-- speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip route 10.209.4.0 255.255.255.0 10.196.179.85
!
!
!
access-list 1 remark ALLOW_ALL_LAN
access-list 1 permit 0.0.0.0 255.255.0.0
access-list 23 permit 10.10.10.0 0.0.0.127
!
control-plane
!
!
--More-- !
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
dspfarm profile 5 transcode
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
codec g729r8
codec g729br8
maximum sessions 10
associate application SCCP
shutdown
!
dspfarm profile 1 conference
description DO NOT MODIFY, active CCA conference profile - CCA2.0 codec711
codec g729br8
codec g729r8
codec g729abr8
codec g729ar8
codec g711alaw
codec g711ulaw
maximum conference-participants 16
conference-join custom-cptone CCAjointone
conference-leave custom-cptone CCAleavetone
associate application SCCP
shutdown
!
dial-peer cor custom
name LOCAL
name NATIONAL
name INTERNATIONAL
name INTERNAL_CALLS
!
!
dial-peer voice 700 voip
description **SIP TO STC**
translation-profile outgoing OUT
destination-pattern 8T
session protocol sipv2
session target ipv4:10.209.4.58
session transport udp
incoming called-number .
voice-class codec 3
dtmf-relay rtp-nte
!
dial-peer voice 701 voip
translation-profile incoming SIP-IN
destination-pattern 603....
session protocol sipv2
session target ipv4:10.209.4.58
incoming called-number .
!
dial-peer voice 10 voip
destination-pattern 9...
session protocol sipv2
session target ipv4:10.0.0.245
!
dial-peer voice 1 voip
incoming called-number .%
no vad
!
dial-peer voice 2 pots
incoming called-number .
direct-inward-dial
!
!
sip-ua
!
!
!
gatekeeper
shutdown
!
!
call-manager-fallback
max-conferences 8 gain -6
transfer-system full-consult
!
line con 0
exec-timeout 5 0
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
!
end

/------------------------ The switch ---------------------------/

SW02>en
Password:
SW02#sh run
no aaa new-model
system mtu routing 1500
ip subnet-zero

!
ip domain-name nazer.com
ip host ucn1.nazer.com 10.0.0.246
ip host ucm-pub.nazer.com 10.0.0.245
ip name-server 10.0.0.15
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
--More-- vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/3
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/4
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
--More-- interface FastEthernet0/5
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/6
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/7
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/8
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/9
switchport mode access
switchport voice vlan 100
--More-- spanning-tree portfast
!
interface FastEthernet0/10
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/11
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/12
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/13
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/14
--More-- switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/15
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/16
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/17
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/18
switchport mode access
switchport voice vlan 100
spanning-tree portfast
--More-- !
interface FastEthernet0/19
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/20
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/21
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/22
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/23
switchport mode access
--More-- switchport voice vlan 100
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode access
switchport voice vlan 100
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
description *** DATA VLAN ***
ip address 10.0.0.248 255.255.0.0
no ip route-cache
!
interface Vlan100
ip address 10.10.10.10 255.255.0.0
no ip route-cache
!
--More-- ip default-gateway 10.0.0.249
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
ntp clock-period 36028591
ntp server 10.0.0.249
end

saif musa · ‎06-01-2016

Hi,

Just for clarification please, you mean you can't ping out from your inside network ( 10.0.0.0/16 ) to destination device ( 10.209.4.87 ). Is that correct ? If yes... then

1- can you ping from your PC to your router inside and outside interface ?

2- what's the result of failed ping to 10.209.4.87 ? Destination host unreachable or request time out.

3- what's the result of ping 10.196.179.85 ? Failed or success ?

paul driver · ‎06-01-2016

Hello

From a routing perspective, The rtr is performing inter-vlan routing so the svi 100 on the switch isn't required - Just its MGT (vlan1) and a default-gateway pointing towards the rtr.

I am assuming the L2 vlan (100) is created on the switch?

Lasty change your nat acl to specify the lan subnet instead of 0.0.0.0 255.255.0.0

No access-list 1
access-list 1 remark ALLOW_ALL_LAN
access-list 1 permit 10.0.0.0.0.0.255.255
access-list 1 permit 10.10.0.0.0.0.255.255

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul