cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
280
Views
0
Helpful
1
Replies

Proxy usage in interzone calls

old_joker
Level 1
Level 1

Hi all,

I have a problem with setting up Cisco MCM environment that I hope somebody can help me with.

I have three networks connected with two Cisco 2621 routers. Let's call networks 1, 2, and 3, and routers A and B. Router A connects networks 1 and 2, and B connects networks 2 and 3.

On both routers, gatekeepers are configured and local zones created at addresses A2 and B3, serving networks 2 and 3 respectively.

On the router A, MCM Proxy is enabled and tied to interface A1. The goal is to mask both networks 2 and 3 from users on network 1.

On the router B, IP routing is enabled, and static route is configured for the network 1 using A2. (The only reason for this route is to reach the proxy interface which is A1). On the router A, IP routing is disabled, and default gateway is set to B2.

On both routers, both local and remote zones are configured, with their respective prefixes.

On router A, default proxy usage settings are set to "use proxy" for all types of calls. However, additional rule is configured as "no use-proxy" for both inbound and outbound terminal calls to/from zone B.

Now, what is wrong. When I make a call from zone B endpoint to a zone A endpoint, everything is connected properly - endpoints communicate directly. However, when I call from zone A endpoint to a zone B endpoint, the call is using a proxy.

What did I do wrong and how to set it up to have calls in both directions (from A to B and from B to A) to not use the proxy?

Configuration for both routers is attached below.

=====================================================

ROUTER A

version 12.2

no parser cache

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname qa-proxy1

!

enable secret xxxxxx

enable password xxxx

!

ip subnet-zero

no ip routing

!

no ip domain-lookup

ip domain-name qa.fvc.com

ip dhcp excluded-address 10.2.1.1 10.2.1.100

!

ip dhcp pool Cisco210

network 10.2.1.0 255.255.255.0

default-router 10.2.1.2

!

proxy h323

!

interface FastEthernet0/0

ip address 10.1.41.26 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

h323 interface

h323 h323-id qaproxy1

h323 gatekeeper id qacisco1 ipaddr 10.2.1.1

h323 t120 bypass

!

interface FastEthernet0/1

ip address 10.2.1.1 255.255.255.0

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

!

ip default-gateway 10.2.1.2

ip classless

no ip http server

ip pim bidir-enable

!

dial-peer cor custom

!

gatekeeper

zone local qacisco1 cisco1.qa.fvc.com 10.2.1.1

zone remote qacisco2 cisco2.qa.fvc.com 10.2.2.1 1719

no zone subnet qacisco1 default enable

zone subnet qacisco1 10.2.1.0/24 enable

zone prefix qacisco1 210*

zone prefix qacisco2 220*

lrq forward-queries

lrq lrj immediate-advance

no use-proxy qacisco1 remote-zone qacisco2 inbound-to terminal

no use-proxy qacisco1 remote-zone qacisco2 outbound-from terminal

no shutdown

endpoint ttl 60

server registration-port 11000

!

line con 0

line aux 0

line vty 0 5

session-timeout 180 output

no login

monitor

!

end

=====================================================

ROUTER B

version 12.2

no parser cache

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname "qa-proxy2"

!

enable secret xxxxx

enable password xxxx!

ip subnet-zero

!

no ip domain lookup

ip domain name qa.fvc.com

ip dhcp excluded-address 10.2.2.1 10.2.2.100

!

ip dhcp pool Cisco220

network 10.2.2.0 255.255.255.0

default-router 10.2.2.1

lease 30

!

interface FastEthernet0/0

ip address 10.2.1.2 255.255.255.0

no ip mroute-cache

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.2.2.1 255.255.255.0

no ip mroute-cache

duplex auto

speed auto

!

ip default-gateway 10.2.2.254

ip classless

ip route 10.1.41.0 255.255.255.0 10.2.1.1 2

no ip http server

ip pim bidir-enable

!

dial-peer cor custom

!

gatekeeper

zone local qacisco2 cisco2.qa.fvc.com 10.2.2.1

zone remote qacisco1 cisco1.qa.fvc.com 10.2.1.1 1719

no zone subnet qacisco2 default enable

zone subnet qacisco2 10.2.2.0/24 enable

zone prefix qacisco1 210*

zone prefix qacisco2 220*

lrq forward-queries

no use-proxy qacisco2 default inbound-to terminal

no use-proxy qacisco2 default outbound-from terminal

no shutdown

endpoint ttl 60

!

line con 0

line aux 0

line vty 0 4

password xxxx

no login

line vty 5

no login

!

end

=====================================================

1 Reply 1

m.singer
Level 4
Level 4

This might work if you disable the proxy on the router A. Use the command "no proxy h323" on Router A . This should work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: