No problem. :-P I thought it might wise to include everything you needed just in case!! LOL! You are welcome!!!
--Otis Ravichandran Rajagopal wrote: > LOL I guess all I was asking for the changes to be made in the Cisco PIX > 506. I think you gave me a short tutorial on VI as well. Thanks once again > for this help. Let me work on these changes and test the one-way audio > problem and go from there. > Thx > Ravi > > -----Original Message----- > From: ListAcct [mailto:[EMAIL PROTECTED] > Sent: Friday, February 08, 2008 11:55 PM > To: [EMAIL PROTECTED] > Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' > Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix > 506 > > Ravi, > > I will explain changing the config in asterisk and the pix: > > Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to > 10000 to 10050 (to start, you will need to increase later as ports fill up) > > (use insert to make a change in a file) > > to save: > > 1. esc > 2. shift + colon > 3. wq (to save) > > If you made a mistake and do not want to save but you changed something > in the file: > > 1. esc > 2. shift + colon > 3. q! (to exit) > > > Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the > static and conduit commands so this is a example from my setup. > > Theses are not usable IPs on the Internet or my IPs but just an example.... > > outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) > dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) > > interface ethernet0 100full (sets the duplex and turns on interface) > interface ethernet1 100full (sets the duplex and turns on interface) > > nameif ethernet0 outside security0 ( lower security) > nameif ethernet1 dmz security50 (higher security) > > no fixup protocol sip 5060 > no fixup protocol sip udp 5060 > > ! - this makes things easier so now the pix knows the IP of the asterisk > box and maps the ip to the name just for configuration purposes only so > if you had 20 servers or devices you wanted public access to it's just > easier to remember their names versus IPs. > name 192.168.254.11 dns > name 192.168.254.10 asterisk > > ! - the static command is used as a permanent mapper from one inside, > dmz, or other to the global ip vice versa. (Rule of thumb if you map > using static make sure you have a conduit command) > static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 > > ! - here is where you open the ports on the global side to the asterisk > box. (the conduit command allows connections from lower security > interfaces to higher security interfaces) > conduit permit udp host 192.168.1.22 eq 10000 any > conduit permit udp host 192.168.1.22 eq 10001 any > conduit permit udp host 192.168.1.22 eq 10002 any > conduit permit udp host 192.168.1.22 eq 10003 any > conduit permit udp host 192.168.1.22 eq 10004 any > conduit permit udp host 192.168.1.22 eq 10005 any > > Hope this helps! > > --Otis > > > Ravichandran Rajagopal wrote: > >> Otis, >> I am new to Cisco PIX 506 and I am learning this. If you can help me with >> how to do this change on Cisco PIX it would be greatly appreciated. >> >> Thx >> Ravi >> >> -----Original Message----- >> From: ListAcct [mailto:[EMAIL PROTECTED] >> Sent: Friday, February 08, 2008 11:11 PM >> To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial >> Discussion >> Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix >> 506 >> >> Ravi, >> >> Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host >> x.x.x.x eq 10049 any). Also set your asterisk rtp config span to >> something you can configure (10000 to 10200) unless you write a script >> to just copy and paste about 10000 to 20000 ports in your config on the >> pix. Cisco's are strange but secure. >> >> It took me about two hours to figure out after taking off the fixup and >> no more logging/debugging from the cisco. I actually fixed while a call >> was coming in. LOL! Let me know!!! >> >> --Otis >> >> Ravichandran Rajagopal wrote: >> >> >>> Hi, >>> >>> I have the Cisco PIX 506 firewall right in front of the asterisk and I >>> am getting a one-way audio. I need your help/guidance to resolve this >>> problem. I have the "fixups" disabled for SIP in the Cisco PIX 506. >>> Any help rendered by you in this subject is greatly appreciated. I >>> have been breaking my head trying to resolve this problem for more >>> than one month. I have included the sip.conf and the extensions.conf >>> below. >>> >>> [SIP.conf] >>> >>> ; SIP Configuration example for Asterisk >>> >>> [general] >>> >>> context=incoming >>> >>> allowoverlap=no >>> >>> bindport=5060 >>> >>> bindaddr=0.0.0.0 >>> >>> localnet=192.168.5.0/255.255.255.0 >>> >>> externip=a.b.ccc.dd >>> >>> srvlookup=yes >>> >>> allow=ulaw >>> >>> allow=alaw >>> >>> [incoming] >>> >>> type=peer >>> >>> nat=no >>> >>> canreinvite=no >>> >>> host=xx.y.z.aaa >>> >>> qualify=yes >>> >>> dtmfmode=rfc2833 >>> >>> context=default >>> >>> [extensions.conf] >>> >>> [general] >>> >>> static=yes >>> >>> writeprotect=yes >>> >>> clearglobalvars=no >>> >>> [default] >>> >>> include => customer >>> >>> exten => h,1,Hangup >>> >>> exten => i,1,Congestion >>> >>> exten => i,2,Hangup >>> >>> [agnosco] >>> >>> include => local-extensions >>> >>> include => customer_ivr >>> >>> include => incoming >>> >>> [customer_ivr] >>> >>> include => local-extensions >>> >>> exten => s,1,Answer >>> >>> exten => s,n,Background(agnosco_intro) >>> >>> exten => s,n,WaitExten >>> >>> ;Dial said extensions >>> >>> exten => 5,1,Dial(SIP/[EMAIL PROTECTED],30) >>> >>> [incoming] >>> >>> exten => 4025901000,1,Goto(1000,1) >>> >>> exten => 1000,1,Goto(customer_ivr,s,1) >>> >>> Thanks >>> >>> sunMoonstar. >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >> >> > > > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
