cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1169
Views
0
Helpful
8
Replies
Mark
Beginner

UC540 ACL - Open port 1150 to communicate accross internet.

Customer needs to communicate to server at home location via port 1150. UC540 is using auto generated ACLs. I tried adding a line to permit the IP and the port on ACLs 104 and 102 with no luck.

1 ACCEPTED SOLUTION

Accepted Solutions
paolo bevilacqua
Hall of Fame Master

Outbound connections ar never blocked without need to explcitiely allow them for each port, so either you don't have all the info, or UC500 is not the cause of the problem.

View solution in original post

8 REPLIES 8
paolo bevilacqua
Hall of Fame Master

Outbound connections ar never blocked without need to explcitiely allow them for each port, so either you don't have all the info, or UC500 is not the cause of the problem.

View solution in original post

The vendor is trying to connect via port 1150 to a public IP from our network. When they try outside of our network, they are able to connect to the server which is behind a Netgear with port forwarding turned on.

I’m going to attempt to explain better.

Last week I installed the UC540. Our customer only has three phones on the system. The wireless is active and they will be connecting some PCs via the back of the phones.

VLAN 1 is 192.168.20.0/24 and VLAN 100 is 10.1.1.0/24.

On Wednesday, my customer’s computer vendor installed three PCs that need to connect back to the main branch to a server. Their software communicates via port 1150. Even though the vendor had tested from their location, they were unsuccessful at connecting the same PC from our network through the UC540.

You can test that yourself, a PC issue 'telnet 1150". You should see the connection opened, no matter if you do that from behind the UC540, or any other place.

OK! Thanks for the feedback! It's a two hour drive, but I'm going to visit the customer tomorrow and test for myself. Like you, I don't see why the default, auto generated ACLs wouldn't allow access from our network to another network. They claim to have opened/forwarded ports, etc. Something is missing and it's going to take a site visit to get to the bottom of this issue!.

I will follow-up once we figure it out!

Thanks for your replys!

I would have them launch one of the many remote support apps and check on things from home....

Really no reason to drive (unless scenic route and/or enjoyable vehicle )

OK - The issues turned out to be that both locations (with in a mile of each other) were on the same provider and the same subnet. The provider doesn't allow IPs on the same subnet to communicate.

Changing the IP to one of the locations resolved the issue.

Basically, Paolo was correct when he said "Outbound connections are never blocked without need to explicitly allow them for each port, so either you don't have all the info, or UC500 is not the cause of the problem."

His explanation was repeated by Cisco TAC when I placed a service call. This lead me to make a site visit to both locations where I discovered that the two locations could not see each other.

I installed a UC540 at one of the locations. I had never been to the other. My customer's vendor couldn't figure out the issue and pointed the finger at the UC540.

Paolo - Thanks for your response!!

It was a little tricky issue anyway.

Thank you for the nice rating and good luck!