08-12-2003 12:44 PM - edited 03-17-2019 08:04 PM
Hi all,
I have a problem with setting up Cisco MCM environment that I hope somebody can help me with.
I have three networks connected with two Cisco 2621 routers. Let's call networks 1, 2, and 3, and routers A and B. Router A connects networks 1 and 2, and B connects networks 2 and 3.
On both routers, gatekeepers are configured and local zones created at addresses A2 and B3, serving networks 2 and 3 respectively.
On the router A, MCM Proxy is enabled and tied to interface A1. The goal is to mask both networks 2 and 3 from users on network 1.
On the router B, IP routing is enabled, and static route is configured for the network 1 using A2. (The only reason for this route is to reach the proxy interface which is A1). On the router A, IP routing is disabled, and default gateway is set to B2.
On both routers, both local and remote zones are configured, with their respective prefixes.
On router A, default proxy usage settings are set to "use proxy" for all types of calls. However, additional rule is configured as "no use-proxy" for both inbound and outbound terminal calls to/from zone B.
Now, what is wrong. When I make a call from zone B endpoint to a zone A endpoint, everything is connected properly - endpoints communicate directly. However, when I call from zone A endpoint to a zone B endpoint, the call is using a proxy.
What did I do wrong and how to set it up to have calls in both directions (from A to B and from B to A) to not use the proxy?
Configuration for both routers is attached below.
=====================================================
ROUTER A
version 12.2
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname qa-proxy1
!
enable secret xxxxxx
enable password xxxx
!
ip subnet-zero
no ip routing
!
no ip domain-lookup
ip domain-name qa.fvc.com
ip dhcp excluded-address 10.2.1.1 10.2.1.100
!
ip dhcp pool Cisco210
network 10.2.1.0 255.255.255.0
default-router 10.2.1.2
!
proxy h323
!
interface FastEthernet0/0
ip address 10.1.41.26 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
h323 interface
h323 h323-id qaproxy1
h323 gatekeeper id qacisco1 ipaddr 10.2.1.1
h323 t120 bypass
!
interface FastEthernet0/1
ip address 10.2.1.1 255.255.255.0
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
!
ip default-gateway 10.2.1.2
ip classless
no ip http server
ip pim bidir-enable
!
dial-peer cor custom
!
gatekeeper
zone local qacisco1 cisco1.qa.fvc.com 10.2.1.1
zone remote qacisco2 cisco2.qa.fvc.com 10.2.2.1 1719
no zone subnet qacisco1 default enable
zone subnet qacisco1 10.2.1.0/24 enable
zone prefix qacisco1 210*
zone prefix qacisco2 220*
lrq forward-queries
lrq lrj immediate-advance
no use-proxy qacisco1 remote-zone qacisco2 inbound-to terminal
no use-proxy qacisco1 remote-zone qacisco2 outbound-from terminal
no shutdown
endpoint ttl 60
server registration-port 11000
!
line con 0
line aux 0
line vty 0 5
session-timeout 180 output
no login
monitor
!
end
=====================================================
ROUTER B
version 12.2
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname "qa-proxy2"
!
enable secret xxxxx
enable password xxxx!
ip subnet-zero
!
no ip domain lookup
ip domain name qa.fvc.com
ip dhcp excluded-address 10.2.2.1 10.2.2.100
!
ip dhcp pool Cisco220
network 10.2.2.0 255.255.255.0
default-router 10.2.2.1
lease 30
!
interface FastEthernet0/0
ip address 10.2.1.2 255.255.255.0
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.2.2.1 255.255.255.0
no ip mroute-cache
duplex auto
speed auto
!
ip default-gateway 10.2.2.254
ip classless
ip route 10.1.41.0 255.255.255.0 10.2.1.1 2
no ip http server
ip pim bidir-enable
!
dial-peer cor custom
!
gatekeeper
zone local qacisco2 cisco2.qa.fvc.com 10.2.2.1
zone remote qacisco1 cisco1.qa.fvc.com 10.2.1.1 1719
no zone subnet qacisco2 default enable
zone subnet qacisco2 10.2.2.0/24 enable
zone prefix qacisco1 210*
zone prefix qacisco2 220*
lrq forward-queries
no use-proxy qacisco2 default inbound-to terminal
no use-proxy qacisco2 default outbound-from terminal
no shutdown
endpoint ttl 60
!
line con 0
line aux 0
line vty 0 4
password xxxx
no login
line vty 5
no login
!
end
=====================================================
08-19-2003 06:51 AM
This might work if you disable the proxy on the router A. Use the command "no proxy h323" on Router A . This should work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: