cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2673
Views
0
Helpful
9
Replies

Can't ping UC from CUE

Hello,

I,ve problems with CCA 2.2(5) making a backup of the config and installing new software. So I found the nice articel "CCA Prerequisites for UC500 connection - check list" and tried it. I'm stuck at check routing CUE->PC. I can't ping the default gateway. My UC has 192.168.1.199 and this can't be pinged from the CUE prompt. Any ideas?

Please help

Ognian

1 Accepted Solution

Accepted Solutions

Here are the relevant portions of the base config for CUE connectivity.

interface Loopback0

description $FW_INSIDE$

ip address 10.1.10.2 255.255.255.252

ip access-group 101 in

ip nat inside

!

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip access-group 104 in

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

!

interface Integrated-Service-Engine0/0

ip unnumbered Loopback0

ip nat inside

ip virtual-reassembly

service-module ip address 10.1.10.1 255.255.255.252

service-module ip default-gateway 10.1.10.2

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly

!

interface Vlan100

description $FW_INSIDE$

ip address 10.1.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly

!

ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0

!

!

ip http server

ip http authentication local

ip http secure-server

ip http path flash:/gui/

ip dns server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 10.1.10.0 0.0.0.3

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip 192.168.10.0 0.0.0.255 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 deny   ip 192.168.10.0 0.0.0.255 any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny   ip 10.1.10.0 0.0.0.3 any

access-list 102 deny   ip 10.1.1.0 0.0.0.255 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

access-list 103 remark auto generated by SDM firewall configuration

access-list 103 remark SDM_ACL Category=1

access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp  any 10.1.10.0 0.0.0.3 range 16384 32767

access-list 103 permit udp  10.1.10.0 0.0.0.3 range 16384 32767 any

access-list 103 deny   ip 192.168.10.0 0.0.0.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 permit ip any any

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any

access-list 104 deny   ip 192.168.10.0 0.0.0.255 any

access-list 104 deny   ip 10.1.1.0 0.0.0.255 any

access-list 104 permit udp any eq bootps any eq bootpc

access-list 104 permit icmp any any echo-reply

access-list 104 permit icmp any any time-exceeded

access-list 104 permit icmp any any unreachable

access-list 104 deny   ip 10.0.0.0 0.255.255.255 any

access-list 104 deny   ip 172.16.0.0 0.15.255.255 any

access-list 104 deny   ip 192.168.0.0 0.0.255.255 any

access-list 104 deny   ip 127.0.0.0 0.255.255.255 any

access-list 104 deny   ip host 255.255.255.255 any

access-list 104 deny   ip any any

!

!

FYI, you can pull this out of the UC5xx ZIP file.  It's the .cfg file in the package:

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=8.0%284%29&mdfid=281163511&sftType=Unified+Communications+Software+Packs&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+Unified+Communications+520+for+Small+Business&treeMdfId=2788...

View solution in original post

9 Replies 9

David Hornstein
Level 7
Level 7

Hi Ognian,

I am not sure I completely understand your question, but English is not my first language.

But it sure sound like a problem I once had  when my PC was using a Windows based DHCP server and the UC520 data VLAN IP address  was not the gateway for PC clients.

I'm guessing that your PC is getting it's IP address from something other than the UC500.

I am wondering if you have to add a static route in the PC to point to the 10.1.x.x network, maybe something like the following;


route add 10.1.0.0 mask 255.255.0.0 192.168.1.199

I'm guessing the CUE module can ping your PC , but your PC is sending replies to it's default gateway (which may not be the UC500).

regards Dave

Is your computer firewall blocking the PINGS?  Can you ping anything else on the same subnet?

What is your PC default gateway?  What is the default gateway

Hello,

thanks for the replies.

The problem is within the UC. I can't even ping the UC or the loopback adapter from within the CUE prompt:

In CUE:

            ping 10.1.10.1 OK (this is ping on itself)

            ping 10.1.10.2 -> 10.1.10.1 reports host unreachable (this is CUE is pinging UC's loopback if, and cant ping)

            ping 192.168.1.199 -> failed (this is CUE is pinging UC-> Not OK)

this means i have a problem with the uc<->cue connection, but the following is checked:

UC500#sh ip int brief

UC500#sh interfaces int0/0

UC500-CUE#sh ip route

Sounds crazy but i'm missing something...

Ognian

Hi Ognian,

At least I am seeing the following from my UC520;

se-10-1-10-1# sh ip rou

Main Routing Table:

           DEST            GATE            MASK IFACE

      10.1.10.0         0.0.0.0 255.255.255.252 eth0

        0.0.0.0       10.1.10.2         0.0.0.0 eth0

Might i humbly suggest that you call your local SBSC via the following URL for assistance;

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

regards dave

If you let me know if this is a UC520, UC540, or UC560, then I can provide you with a sample config, which will get you good for CME->CUE connectivity.  The UC520 and 540/60 configs differ slightly, though, so I need to know what specific platform you are on first.

Hello,

It would be great to get a sample config, it is a UC520

Thanks

Ognian

Here are the relevant portions of the base config for CUE connectivity.

interface Loopback0

description $FW_INSIDE$

ip address 10.1.10.2 255.255.255.252

ip access-group 101 in

ip nat inside

!

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip access-group 104 in

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

!

interface Integrated-Service-Engine0/0

ip unnumbered Loopback0

ip nat inside

ip virtual-reassembly

service-module ip address 10.1.10.1 255.255.255.252

service-module ip default-gateway 10.1.10.2

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly

!

interface Vlan100

description $FW_INSIDE$

ip address 10.1.1.1 255.255.255.0

ip access-group 103 in

ip nat inside

ip virtual-reassembly

!

ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0

!

!

ip http server

ip http authentication local

ip http secure-server

ip http path flash:/gui/

ip dns server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 10.1.10.0 0.0.0.3

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip 192.168.10.0 0.0.0.255 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 deny   ip 192.168.10.0 0.0.0.255 any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny   ip 10.1.10.0 0.0.0.3 any

access-list 102 deny   ip 10.1.1.0 0.0.0.255 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

access-list 103 remark auto generated by SDM firewall configuration

access-list 103 remark SDM_ACL Category=1

access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp  any 10.1.10.0 0.0.0.3 range 16384 32767

access-list 103 permit udp  10.1.10.0 0.0.0.3 range 16384 32767 any

access-list 103 deny   ip 192.168.10.0 0.0.0.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 permit ip any any

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any

access-list 104 deny   ip 192.168.10.0 0.0.0.255 any

access-list 104 deny   ip 10.1.1.0 0.0.0.255 any

access-list 104 permit udp any eq bootps any eq bootpc

access-list 104 permit icmp any any echo-reply

access-list 104 permit icmp any any time-exceeded

access-list 104 permit icmp any any unreachable

access-list 104 deny   ip 10.0.0.0 0.255.255.255 any

access-list 104 deny   ip 172.16.0.0 0.15.255.255 any

access-list 104 deny   ip 192.168.0.0 0.0.255.255 any

access-list 104 deny   ip 127.0.0.0 0.255.255.255 any

access-list 104 deny   ip host 255.255.255.255 any

access-list 104 deny   ip any any

!

!

FYI, you can pull this out of the UC5xx ZIP file.  It's the .cfg file in the package:

http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=8.0%284%29&mdfid=281163511&sftType=Unified+Communications+Software+Packs&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+Unified+Communications+520+for+Small+Business&treeMdfId=2788...

Hello,

thanks a lot for your help. With the above config  I've been able to find the problem:

Instead of

ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine 0/0

I had

ip route 10.1.10.1 255.255.255.255 Loopback0

No idea how this happend, but it is possible that someone else played with the box before...

I'm now able to transfer from CUE via tftp to my notebook.

CCA has still a problem with SW update, but I have to investigate further...

Thanks

Ognian

Took me a couple of hours to find this fix but it worked 

I also had the wrong ip route to the loopback

 

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: