Using Wireshark, I see the issue is when doing a TCP/IP connection to the CUCM via SIP protocol/port, it connects to the server, the server acks, but then instead of sending the first request of the SIP protocol, the Jabber client sends FIN, ending the TCP/IP session it just opened.
It makes no sense. The TCP/IP connection works fine, no actual data even gets transmitted, (just SYN, ACK, and FIN packets). No idea why Jabber suddenly thinks that it is " Unable to reach corporate network."
I don't see any hints in the network traffic... Anyone have a clue to this one?
I have Jabber v 126.96.36.19964 and
About Cisco Unified CallManager Express Operating System: Cisco Internetwork Operating System. Cisco IOS (tm) C2801 Cisco IOS Software: C2801-ADVENTERPRISEK9-M Software Version: 15.1(4)M6 / CME 8.6 Feature Package: IP|SLA|IPv6|IS-IS|FIREWALL|VOICE|PLUS|QoS|HA|NAT|MPLS|VPN|LEGACY PROTOCOLS|3DES|SSH|IPSE
Jabber Voice (at least v 188.8.131.5264) seems to try the SIP TCP connection over the regular network connection, NOT the VPN connection, even through the TFTP goes to the same server IP over the VPN. So Jabber Voice seems to want you to have a site-to-site VPN, rather than VPN on the client. The really odd thing, though, is I thought I had this working just fine for the longest time, and now I'm having issues. I am using OpenVPN server 2.3.4 and the latest OpenVPN client on iPhone with iOS 9.1.
EDIT2: I just restarted my iPhone, turned off wiFi, started my openVPN tunnel, started Jabber Voice, and it is working just fine now.
Maybe I've just wasted my entire morning.
... View more
See http://www.dslreports.com/forum/r26895551-Cisco-877-NVG510-IP-Passthrough-block-of-public-addresses I got some help there. Turns out there is no reason to use Passthrough mode in the NVG510 at all. Here is what I did, as described in the link above, in case it will help other businesses that get UVerse service and want to connect their existing router/firewall to the Motorola NVG510... I'm using 184.108.40.206/255.255.255.248 public range in this example for demonstration purposes, where the NVG510 has the .62 address assigned to it. So I get to use .57,58,59,60, and 61. First, setting up the NVG510 was very simple, though not at all intuitive... On the NVG510, Home Network/Subnet page, I clicked the radio button to support public addresses through DHCP. While I'm not actually going to use DHCP to assign any addresses, this is where I assign the NVG510 itself the lsat public address in my public address block assigned to me by ATT, 220.127.116.11 for this discussion. I've turned off the wireless AP, to ensure no other device will be assigned any of these DHCP addresses by accident. The only device plugged into the NVG510 is my Cisco 877 - into FastEthernet0 port. Now for the Cisco 877 configuration details: The crypto map will end up communicating with the default address of Vlan2, in this example 18.104.22.168. If you don't have any site-to-site VPNs, you can ignore the crypto map related lines below. I already had one setup through Dialer1 interface, so part of this exercise was to ensure it still worked going through the NVG510 instead of the DSL interface I used to use. Also, the default route is specified as the .62 public address, which I assigned to the NVG510 in the public DHCP section described above. Any machine address specified in access-list 110 will have access to the internet through the default address of vlan2 - in this case the .57 address. Then for inbound traffic, I forward to specific machines at specific addresses. And I can now NAT inbound traffic from the internet at any of the public IP addresses, any port, as I see fit. The key is that I can NAT the 5 available public IP's the same way I used to when using DSL directly attached to my Cisco 877, but now using Vlan2 instead of the old configuration that used Dialer1, which is no longer there... Here are the relevant sections of my configuration: crypto map myMapKey local-address Vlan2 ! ... interface FastEthernet0 switchport access vlan 2 no cdp enable ! ... interface Vlan2 description internet ip address 22.214.171.124 255.255.255.248 ip address 126.96.36.199 255.255.255.248 secondary ip address 188.8.131.52 255.255.255.248 secondary ip address 184.108.40.206 255.255.255.248 secondary ip address 220.127.116.11 255.255.255.248 secondary ip nat outside ip virtual-reassembly crypto map myMapKey ! ... ip route 0.0.0.0 0.0.0.0 18.104.22.168 ... ip nat inside source list 110 interface Vlan2 overload ip nat inside source static tcp 192.168.1.10 80 22.214.171.124 80 extendable ip nat inside source static tcp 192.168.1.20 80 126.96.36.199 80 extendable ip nat inside source static tcp 192.168.1.30 80 188.8.131.52 80 extendable ... I hope this is helpful to someone else trying to do this...
... View more
I am a routing hack, not professionally trained in Cisco terminology, so bear with me. I currently have the Cisco 877-K9, full details at the bottom of this post (and current config attached) It supports DSL directly, and we have a lot of things configured to go through dialer1 interface, including NATs and including a site-to-site crypto-map. Next week we plan to upgrade to U-Verse from ATT, a VHDSL service, not supported directly by this 877 model. But ATT will install a Modem/router, comes with the package, but I don't know many details about it. I would like to simply make this new router simply push all traffic to the CISCO 877 that comes in from the outside, make the 877 direct all traffic to this new router rather than through its current ATM/Dialer1 interface... Perhaps I can have that new router simply forward all traffic to my CISCO 877, perhaps thorugh one of the FastEthernet interfaces not currently in use. Then I could, conceptually, setup the default route of the 877 to go to the new router through the FastEthernet interface, rather than Dialer1 as it is setup today. So the rest of my network continues to use the 877, and the 877 would now use this new router as its next hop and for "outside" access, including NAT's and the cypto-map... I am unclear then how I would change things such that the "ip nat outside" would be linked to the FastEthernet interface the other router is plugged into, and the crypto-map would also be reconfigured to be linked to this same FastEthernet interface... Is this even possible? Here are some details about my router, if that would help... And I've attached a copy of our configuration with passwords and ip addresses mangled a bit. Thanks in advance for any advice! #sh ver Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2009 by Cisco Systems, Inc. Compiled Thu 26-Feb-09 07:56 by prod_rel_team ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE #sh diag C877 Mainboard Motherboard is analyzed Motherboard insertion time unknown EEPROM contents at hardware discovery: Chassis MAC Address : <> MAC Address block size : 10 PCB Serial Number : <> Hardware Revision : 3.0 Part Number : 74-3501-05 Board Revision : A0 Top Assy. Part Number : 800-26784-04 Deviation Number : 0 Fab Version : 03 CLEI Code : VAMGW10ERA RMA Test History : 00 RMA Number : 0-0-0-0 RMA History : 00 Product (FRU) Number : CISCO877-K9 Version Identifier : V03 Processor type : 94 Chassis Serial Number : <> Radio Country Code : FFFF EEPROM format version 4
... View more
Odd. I could not add to interface atm0.1 I did not write down the error, but it said it could not be put on a subinterface. So I put it on the ATM interface, but while it is there, some counts at the bottom of this report make me think nothing is matching... Well, here are a couple reports, maybe it is working... What do you think? r12#sh policy-map int atm0 ATM0 Service-policy output: App-QoS Class-map: pri-app (match-all) 22365 packets, 6707964 bytes 5 minute offered rate 22000 bps, drop rate 0 bps Match: access-group 101 Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 200 (kbps) Burst 5000 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0 Class-map: class-default (match-any) 251771 packets, 62042165 bytes 5 minute offered rate 170000 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 256 (total queued/total drops/no-buffer drops) 3/0/0 r12#sh policy-map int atm0 ATM0 Service-policy output: App-QoS Class-map: pri-app (match-all) 22712 packets, 6840907 bytes 5 minute offered rate 26000 bps, drop rate 0 bps Match: access-group 101 Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 200 (kbps) Burst 5000 (Bytes) (pkts matched/bytes matched) 0/0 (total drops/bytes drops) 0/0 Class-map: class-default (match-any) 251873 packets, 62084585 bytes 5 minute offered rate 162000 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 256 (total queued/total drops/no-buffer drops) 3/0/0 r12#
... View more