Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
I got my Cisco PIX reconfigured as the below given. The issue one-way audio, still exists. Here is the call flow. The call comes on an inbound trunk to asterisk. Asterisk plays an IVR. When the user presses 5 it makes an outbound call Dial(SIP/[EMAIL PROTECTED],30) using the same inbound trunk. The dialing happens but there is one way audio. Please help/advise. On 2/10/08, Adam KOSA [EMAIL PROTECTED] wrote: permit udp any host 192.168.5.0 range 1 2 and then I didn't home users typically use /24 netmask. If this is the case, i don't understand why do you write keyword host following a network address. either specify a valid host address, or write 192.168.5.0 255.255.255.0 to specify the whole subnet. if the netmask isn't /24 then, of course the above 5.0 may be a valid host address. regards adam ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Thanks and Regards Ravi Rajagopal Vaishnavy LLC 3910 N 153rd Ct, #113 Omaha, NE 68116 Ph: 402-880-5362 Fax: 209-755-6257 email: [EMAIL PROTECTED] Web: http://www.vaishnavy.com Under Bill S.1618 Title III passed by the 105th U.S. congress, this mail can not be considered spam as long as we include a way to be removed from our mailing list. Simply send us an e-mail with REMOVE in the subject and we will gladly REMOVE you from our mailing list. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Otis,
Can I call and talk to you if you have a US number or chat with you using
Gmail talk etc. Please email me the same to [EMAIL PROTECTED]
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Monday, February 11, 2008 6:08 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: 'Wendell Hamilton'
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix
506
Ravi,
Are you sure that is the IP address of your Asterisk server? If you
are following / using CIDR then
192.168.5.0/24
192.168.5.0 = network address
192.168.5.255 = broadcast
Valid IPs in that range are 192.168.5.1-254 usable
Did you get everything working?
--Otis
Ravichandran Rajagopal wrote:
This is what I implemented
access-list asterisk permit udp any host 192.168.5.0 range 1 2
Thx
Ravi
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 11:07 PM
To: [EMAIL PROTECTED]
Cc: Joris Cras; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix
506
Did you only open up the one port (1)? You need to open up a range,
if you're doing it this way, like 1-10020 and then set your rtp ports in
asterisk to the same range.
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I made the following changes and I am still facing one way audio with
my call flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED]
wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall
?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything
you
needed just in case!! LOL! You are welcome!!!
--Otis
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Ravi,
Are you sure that is the IP address of your Asterisk server? If you
are following / using CIDR then
192.168.5.0/24
192.168.5.0 = network address
192.168.5.255 = broadcast
Valid IPs in that range are 192.168.5.1-254 usable
Did you get everything working?
--Otis
Ravichandran Rajagopal wrote:
This is what I implemented
access-list asterisk permit udp any host 192.168.5.0 range 1 2
Thx
Ravi
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 11:07 PM
To: [EMAIL PROTECTED]
Cc: Joris Cras; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Did you only open up the one port (1)? You need to open up a range, if
you're doing it this way, like 1-10020 and then set your rtp ports in
asterisk to the same range.
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I made the following changes and I am still facing one way audio with
my call flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED]
wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall
?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything
you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the
Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks
once
again
for this help. Let me work on these changes and test the one-way
audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Ravi,
I submitted the easiest way to implement this I think for administrators
new to Cisco there are alternatives but it depends on your IOS. A GUI
might help. .
If you want reply with your network range and server IP and I will send
you a script I will write for the Cisco. I did explain the ACL way
because I thought it would be a bit large if you are not use to seeing
the cisco command line. :-)
Make sure the RTP ports on your Asterisk box reflect that of your ports
open to the Internet. Reloading your config in Asterisk if not working
could help.
Let's do this in your RTP config file.
change your RTP port range in asterisk to 1 to 10030 and reload
asterisk.
rtpstart=1
rtpend=10030
type
asterisk -r
Connected to Asterisk 1.2.x.x currently running on asterisk (pid = xx)
asterisk*CLI reload or restart now (if you need or want)
Copy and paste the below to notepad or wordpad and replace the outside
ip with the real ip address of your WAN link or connection.
and enter enable mode on the cisco pix and type config t and copy and
paste the following in the terminal.
1. pix ena
2. pixpassword: blah
3. pix#config t
4. pix(config)# paste the config below after you change the outside IP
here ( not line per line but the whole deal)
5. pix(config)# sh conduit ( you should see all list below, if
everything seems valid then do next step)
6. pix(config)# write mem
7. pix(config)#exit
8. pix# sh run ( to see running config)
replace the outside ip with your WAN IP.
conduit permit udp host outside ip eq 1 any
conduit permit udp host outside ip eq 10001 any
conduit permit udp host outside ip eq 10002 any
conduit permit udp host outside ip eq 10003 any
conduit permit udp host outside ip eq 10004 any
conduit permit udp host outside ip eq 10005 any
conduit permit udp host outside ip eq 10006 any
conduit permit udp host outside ip eq 10007 any
conduit permit udp host outside ip eq 10008 any
conduit permit udp host outside ip eq 10009 any
conduit permit udp host outside ip eq 10010 any
conduit permit udp host outside ip eq 10011 any
conduit permit udp host outside ip eq 10012 any
conduit permit udp host outside ip eq 10013 any
conduit permit udp host outside ip eq 10014 any
conduit permit udp host outside ip eq 10015 any
conduit permit udp host outside ip eq 10016 any
conduit permit udp host outside ip eq 10017 any
conduit permit udp host outside ip eq 10018 any
conduit permit udp host outside ip eq 10019 any
conduit permit udp host outside ip eq 10020 any
conduit permit udp host outside ip eq 10021 any
conduit permit udp host outside ip eq 10022 any
conduit permit udp host outside ip eq 10023 any
conduit permit udp host outside ip eq 10024 any
conduit permit udp host outside ip eq 10025 any
conduit permit udp host outside ip eq 10026 any
conduit permit udp host outside ip eq 10027 any
conduit permit udp host outside ip eq 10028 any
conduit permit udp host outside ip eq 10029 any
conduit permit udp host outside ip eq 10030 any
--Otis
Wendell Hamilton wrote:
Did you only open up the one port (1)? You need to open up a range, if
you're doing it this way, like 1-10020 and then set your rtp ports in
asterisk to the same range.
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I made the following changes and I am still facing one way audio with
my call flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED]
wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
This is what I implemented
access-list asterisk permit udp any host 192.168.5.0 range 1 2
Thx
Ravi
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 11:07 PM
To: [EMAIL PROTECTED]
Cc: Joris Cras; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Did you only open up the one port (1)? You need to open up a range, if
you're doing it this way, like 1-10020 and then set your rtp ports in
asterisk to the same range.
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I made the following changes and I am still facing one way audio with
my call flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED]
wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall
?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything
you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the
Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks
once
again
for this help. Let me work on these changes and test the one-way
audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Friday, February 08, 2008 11:55 PM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
Ravi,
I will explain changing the config in asterisk and the pix:
Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Otis, I don't have access to ssh into the Cisco PIX firewall. I have been logging in using https into the Cisco PIX (without a username and only with a password). The following is the information in the asterisk server. [rtp.conf] rtpstart=1 rtpend=2 With the Cisco I went in through the https and then I chose the Command line option and I typed the command asterisk permit udp any host 192.168.5.0 range 1 2 and then I didn't know whether I should have done anything else. Should I have issued any other command to save this changes. I am asking that question as in the below sequence of commands you are mentioning write mem One interesting thing that I found was I dialed 4025901000 and then punched 5 which routes the call to my cell phone. If I don't pick up the call it should go to my voicemail at which juncture I expect silence as the audio is not coming through. Instead I hear the dialtone and then after x number of rings I get a fast busy. I know not what happened. I guess with all of the below given the thing that I didn't do yet was touch the asterisk configurations yet. If I am struggling with all of this cisco pix. Can you tell me how to enable firewall in the linux-asterisk server and then disable cisco pix firewall from its firewall behaviours so that I can isolate the problem and move forward. Please advise. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Sunday, February 10, 2008 2:13 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Cc: [EMAIL PROTECTED] Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, I submitted the easiest way to implement this I think for administrators new to Cisco there are alternatives but it depends on your IOS. A GUI might help. . If you want reply with your network range and server IP and I will send you a script I will write for the Cisco. I did explain the ACL way because I thought it would be a bit large if you are not use to seeing the cisco command line. :-) Make sure the RTP ports on your Asterisk box reflect that of your ports open to the Internet. Reloading your config in Asterisk if not working could help. Let's do this in your RTP config file. change your RTP port range in asterisk to 1 to 10030 and reload asterisk. rtpstart=1 rtpend=10030 type asterisk -r Connected to Asterisk 1.2.x.x currently running on asterisk (pid = xx) asterisk*CLI reload or restart now (if you need or want) Copy and paste the below to notepad or wordpad and replace the outside ip with the real ip address of your WAN link or connection. and enter enable mode on the cisco pix and type config t and copy and paste the following in the terminal. 1. pix ena 2. pixpassword: blah 3. pix#config t 4. pix(config)# paste the config below after you change the outside IP here ( not line per line but the whole deal) 5. pix(config)# sh conduit ( you should see all list below, if everything seems valid then do next step) 6. pix(config)# write mem 7. pix(config)#exit 8. pix# sh run ( to see running config) replace the outside ip with your WAN IP. conduit permit udp host outside ip eq 1 any conduit permit udp host outside ip eq 10001 any conduit permit udp host outside ip eq 10002 any conduit permit udp host outside ip eq 10003 any conduit permit udp host outside ip eq 10004 any conduit permit udp host outside ip eq 10005 any conduit permit udp host outside ip eq 10006 any conduit permit udp host outside ip eq 10007 any conduit permit udp host outside ip eq 10008 any conduit permit udp host outside ip eq 10009 any conduit permit udp host outside ip eq 10010 any conduit permit udp host outside ip eq 10011 any conduit permit udp host outside ip eq 10012 any conduit permit udp host outside ip eq 10013 any conduit permit udp host outside ip eq 10014 any conduit permit udp host outside ip eq 10015 any conduit permit udp host outside ip eq 10016 any conduit permit udp host outside ip eq 10017 any conduit permit udp host outside ip eq 10018 any conduit permit udp host outside ip eq 10019 any conduit permit udp host outside ip eq 10020 any conduit permit udp host outside ip eq 10021 any conduit permit udp host outside ip eq 10022 any conduit permit udp host outside ip eq 10023 any conduit permit udp host outside ip eq 10024 any conduit permit udp host outside ip eq 10025 any conduit permit udp host outside ip eq 10026 any conduit permit udp host outside ip eq 10027 any conduit permit udp host outside ip eq 10028 any conduit permit udp host outside ip eq 10029 any conduit permit udp host outside ip eq 10030 any --Otis Wendell Hamilton wrote: Did you only open up the one port (1)? You need to open up a range, if you're doing it this way, like 1-10020 and then set your rtp ports in asterisk to the same range. - Ravichandran Rajagopal [EMAIL PROTECTED] wrote: I made the following changes and I am still facing one way audio with my call
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
permit udp any host 192.168.5.0 range 1 2 and then I didn't home users typically use /24 netmask. If this is the case, i don't understand why do you write keyword host following a network address. either specify a valid host address, or write 192.168.5.0 255.255.255.0 to specify the whole subnet. if the netmask isn't /24 then, of course the above 5.0 may be a valid host address. regards adam ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Ravi, there is a easy way of creating all those commands in linux. just run the following in a shell: for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit permit udp host 192.168.5.0 eq $x any conduit permit udp host;done This will create all your PIX rules at ones. I think you could also use Cisco ACL's access-list [name] permit udp [source] [destination] range This would be in your case something like: access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1 10050 Good luck. Joris Ravichandran Rajagopal wrote: Otis, I wanted to clarify what you said and what I comprehended. the SIP protocols are disabled in fixup. Having said that I guess all I have to do is just the following. the inside IP of asterisk server is 192.168.5.0 On the cisco PIX firewall enter the following. 192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq 10002 any conduit permit udp host ... . 192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq 10050 any conduit permit udp host in the rtp.conf in /etc/asterisk change the ending port 2 (which is what it currently is) to 10050 Is there an easier way to make the entries in Cisco PIX firewall ? Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Saturday, February 09, 2008 12:18 AM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 No problem. :-P I thought it might wise to include everything you needed just in case!! LOL! You are welcome!!! --Otis Ravichandran Rajagopal wrote: LOL I guess all I was asking for the changes to be made in the Cisco PIX 506. I think you gave me a short tutorial on VI as well. Thanks once again for this help. Let me work on these changes and test the one-way audio problem and go from there. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:55 PM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, I will explain changing the config in asterisk and the pix: Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to 1 to 10050 (to start, you will need to increase later as ports fill up) (use insert to make a change in a file) to save: 1. esc 2. shift + colon 3. wq (to save) If you made a mistake and do not want to save but you changed something in the file: 1. esc 2. shift + colon 3. q! (to exit) Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the static and conduit commands so this is a example from my setup. Theses are not usable IPs on the Internet or my IPs but just an example outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) interface ethernet0 100full (sets the duplex and turns on interface) interface ethernet1 100full (sets the duplex and turns on interface) nameif ethernet0 outside security0 ( lower security) nameif ethernet1 dmz security50 (higher security) no fixup protocol sip 5060 no fixup protocol sip udp 5060 ! - this makes things easier so now the pix knows the IP of the asterisk box and maps the ip to the name just for configuration purposes only so if you had 20 servers or devices you wanted public access to it's just easier to remember their names versus IPs. name 192.168.254.11 dns name 192.168.254.10 asterisk ! - the static command is used as a permanent mapper from one inside, dmz, or other to the global ip vice versa. (Rule of thumb if you map using static make sure you have a conduit command) static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 ! - here is where you open the ports on the global side to the asterisk box. (the conduit command allows connections from lower security interfaces to higher security interfaces) conduit permit udp host 192.168.1.22 eq 1 any conduit permit udp host 192.168.1.22 eq 10001 any conduit permit udp host 192.168.1.22 eq 10002 any conduit permit udp host 192.168.1.22 eq 10003 any conduit permit udp host 192.168.1.22 eq 10004 any conduit permit udp host 192.168.1.22 eq 10005 any Hope this helps! --Otis Ravichandran Rajagopal wrote: Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1 2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix 506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1 10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq 10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq 10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq 10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to 10050
Is there an easier way to make the entries in Cisco PIX firewall ?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix
506
No problem. :-P I thought it might wise to include everything you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks once
again
for this help. Let me work on these changes and test the one-way audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Friday, February 08, 2008 11:55 PM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix
506
Ravi,
I will explain changing the config in asterisk and the pix:
Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to
1 to 10050 (to start, you will need to increase later as ports fill
up)
(use insert to make a change in a file)
to save:
1. esc
2. shift + colon
3. wq (to save)
If you made a mistake and do not want to save but you changed something
in the file:
1. esc
2. shift + colon
3. q! (to exit)
Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the
static and conduit commands so this is a example from my setup.
Theses are not usable IPs on the Internet or my IPs but just an
example
outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254)
dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254)
interface ethernet0 100full (sets the duplex and turns on interface)
interface ethernet1 100full (sets the duplex and turns on interface)
nameif ethernet0 outside security0 ( lower security)
nameif ethernet1 dmz security50 (higher security)
no fixup protocol sip 5060
no fixup protocol sip udp 5060
! - this makes things easier so now the pix knows the IP of the asterisk
box and maps the ip to the name just for configuration purposes only so
if you had 20 servers or devices you wanted public access to it's just
easier to remember their names versus IPs.
name 192.168.254.11 dns
name 192.168.254.10 asterisk
! - the static command is used as a permanent mapper from one inside,
dmz, or other to the global ip vice versa. (Rule of thumb
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall ?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the
Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks
once
again
for this help. Let me work on these changes and test the one-way
audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Friday, February 08, 2008 11:55 PM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
Ravi,
I will explain changing the config in asterisk and the pix:
Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port
span to
1 to 10050 (to start, you will need to increase later as ports
fill
up)
(use insert to make a change in a file)
to save:
1. esc
2. shift + colon
3. wq (to save)
If you made a mistake and do not want to save but you changed
something
in the file:
1. esc
2. shift + colon
3. q! (to exit)
Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this
case the
static and conduit commands so this is a example from my setup.
Theses are not usable IPs on the Internet or my IPs but just an
example
outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254)
dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254)
interface ethernet0 100full (sets the duplex and turns on
interface)
interface ethernet1 100full (sets the duplex and turns on
interface)
nameif ethernet0 outside security0 ( lower security)
nameif ethernet1 dmz security50 (higher security)
no fixup protocol sip 5060
no fixup protocol sip udp 5060
! - this makes things easier so now the pix knows the IP of the
asterisk
box and maps the ip to the name just for configuration purposes
only so
if you had 20
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
I made the following changes and I am still facing one way audio with my call
flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall ?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the
Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks
once
again
for this help. Let me work on these changes and test the one-way
audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Friday, February 08, 2008 11:55 PM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
Ravi,
I will explain changing the config in asterisk and the pix:
Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port
span to
1 to 10050 (to start, you will need to increase later as ports
fill
up)
(use insert to make a change in a file)
to save:
1. esc
2. shift + colon
3. wq (to save)
If you made a mistake and do not want to save but you changed
something
in the file:
1. esc
2. shift + colon
3. q! (to exit)
Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this
case the
static and conduit commands so this is a example from my setup.
Theses are not usable IPs on the Internet or my IPs but just an
example
outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254)
dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254)
interface ethernet0 100full (sets
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Did you only open up the one port (1)? You need to open up a range, if
you're doing it this way, like 1-10020 and then set your rtp ports in
asterisk to the same range.
- Ravichandran Rajagopal [EMAIL PROTECTED] wrote:
I made the following changes and I am still facing one way audio with
my call flow.
-Original Message-
From: Wendell Hamilton [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 1:58 PM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial
Discussion
Cc: Joris Cras; [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco
pix 506
try:
access-list asterisk permit udp any host x.x.x.x eq 1
- Ravichandran Rajagopal [EMAIL PROTECTED]
wrote:
I tried the following ACL command
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
2
and I got the following response back
[no] access-list id [line line-num] deny|permit icmp
sip smask | interface if_name | object-group
network_obj_grp_id
dip dmask | interface if_name | object-group
network_obj_grp_id
[icmp_type | object-group icmp_type_obj_grp_id]
[log [disable|default] | [level] [interval secs]]
Restricted ACLs for route-map use:
[no] access-list id deny|permit {any | prefix mask | host
address}
Command failed
I don't know how to enter into the linux interface of the Cisco Pix
506
firewall
-Original Message-
From: Joris Cras [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 3:23 AM
To: [EMAIL PROTECTED]; Asterisk Users Mailing List -
Non-Commercial
Discussion
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco
pix
506
Ravi,
there is a easy way of creating all those commands in linux.
just run the following in a shell:
for x in $(seq 10001 10050); do echo 192.168.5.0 eq $x any conduit
permit udp host 192.168.5.0 eq $x any conduit permit udp host;done
This will create all your PIX rules at ones.
I think you could also use Cisco ACL's
access-list [name] permit udp [source] [destination] range
This would be in your case something like:
access-list asterisk permit udp 0.0.0.0 192.168.5.0 range 1
10050
Good luck.
Joris
Ravichandran Rajagopal wrote:
Otis,
I wanted to clarify what you said and what I comprehended.
the SIP protocols are disabled in fixup.
Having said that I guess all I have to do is just the following.
the inside IP of asterisk server is 192.168.5.0
On the cisco PIX firewall enter the following.
192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq
10001 any
conduit permit udp host
192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq
10002 any
conduit permit udp host
...
.
192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq
10050 any
conduit permit udp host
in the rtp.conf in /etc/asterisk
change the ending port 2 (which is what it currently is) to
10050
Is there an easier way to make the entries in Cisco PIX firewall
?
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Saturday, February 09, 2008 12:18 AM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
No problem. :-P I thought it might wise to include everything
you
needed just in case!! LOL! You are welcome!!!
--Otis
Ravichandran Rajagopal wrote:
LOL I guess all I was asking for the changes to be made in the
Cisco PIX
506. I think you gave me a short tutorial on VI as well. Thanks
once
again
for this help. Let me work on these changes and test the one-way
audio
problem and go from there.
Thx
Ravi
-Original Message-
From: ListAcct [mailto:[EMAIL PROTECTED]
Sent: Friday, February 08, 2008 11:55 PM
To: [EMAIL PROTECTED]
Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] oneway audio with asterisk behind
cisco pix
506
Ravi,
I will explain changing the config in asterisk and the pix:
Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port
span to
1 to 10050 (to start, you will need to increase later as
ports
fill
up)
(use insert to make a change in a file)
to save:
1. esc
2. shift + colon
3. wq (to save)
If you made a mistake and do not want to save but you changed
something
in the file:
1. esc
2. shift + colon
3. q! (to exit)
Cisco Pix
[asterisk-users] oneway audio with asterisk behind cisco pix 506
Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the fixups disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1,Dial(SIP/[EMAIL PROTECTED],30) [incoming] exten = 4025901000,1,Goto(1000,1) exten = 1000,1,Goto(customer_ivr,s,1) Thanks sunMoonstar. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup and no more logging/debugging from the cisco. I actually fixed while a call was coming in. LOL! Let me know!!! --Otis Ravichandran Rajagopal wrote: Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the “fixups” disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1,Dial(SIP/[EMAIL PROTECTED],30) [incoming] exten = 4025901000,1,Goto(1000,1) exten = 1000,1,Goto(customer_ivr,s,1) Thanks sunMoonstar. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:11 PM To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup and no more logging/debugging from the cisco. I actually fixed while a call was coming in. LOL! Let me know!!! --Otis Ravichandran Rajagopal wrote: Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the fixups disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1,Dial(SIP/[EMAIL PROTECTED],30) [incoming] exten = 4025901000,1,Goto(1000,1) exten = 1000,1,Goto(customer_ivr,s,1) Thanks sunMoonstar. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Ravi, I will explain changing the config in asterisk and the pix: Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to 1 to 10050 (to start, you will need to increase later as ports fill up) (use insert to make a change in a file) to save: 1. esc 2. shift + colon 3. wq (to save) If you made a mistake and do not want to save but you changed something in the file: 1. esc 2. shift + colon 3. q! (to exit) Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the static and conduit commands so this is a example from my setup. Theses are not usable IPs on the Internet or my IPs but just an example outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) interface ethernet0 100full (sets the duplex and turns on interface) interface ethernet1 100full (sets the duplex and turns on interface) nameif ethernet0 outside security0 ( lower security) nameif ethernet1 dmz security50 (higher security) no fixup protocol sip 5060 no fixup protocol sip udp 5060 ! - this makes things easier so now the pix knows the IP of the asterisk box and maps the ip to the name just for configuration purposes only so if you had 20 servers or devices you wanted public access to it's just easier to remember their names versus IPs. name 192.168.254.11 dns name 192.168.254.10 asterisk ! - the static command is used as a permanent mapper from one inside, dmz, or other to the global ip vice versa. (Rule of thumb if you map using static make sure you have a conduit command) static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 ! - here is where you open the ports on the global side to the asterisk box. (the conduit command allows connections from lower security interfaces to higher security interfaces) conduit permit udp host 192.168.1.22 eq 1 any conduit permit udp host 192.168.1.22 eq 10001 any conduit permit udp host 192.168.1.22 eq 10002 any conduit permit udp host 192.168.1.22 eq 10003 any conduit permit udp host 192.168.1.22 eq 10004 any conduit permit udp host 192.168.1.22 eq 10005 any Hope this helps! --Otis Ravichandran Rajagopal wrote: Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:11 PM To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup and no more logging/debugging from the cisco. I actually fixed while a call was coming in. LOL! Let me know!!! --Otis Ravichandran Rajagopal wrote: Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the fixups disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1,Dial(SIP/[EMAIL PROTECTED],30) [incoming] exten = 4025901000,1,Goto(1000,1) exten = 1000,1,Goto(customer_ivr,s,1) Thanks sunMoonstar. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
LOL I guess all I was asking for the changes to be made in the Cisco PIX 506. I think you gave me a short tutorial on VI as well. Thanks once again for this help. Let me work on these changes and test the one-way audio problem and go from there. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:55 PM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, I will explain changing the config in asterisk and the pix: Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to 1 to 10050 (to start, you will need to increase later as ports fill up) (use insert to make a change in a file) to save: 1. esc 2. shift + colon 3. wq (to save) If you made a mistake and do not want to save but you changed something in the file: 1. esc 2. shift + colon 3. q! (to exit) Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the static and conduit commands so this is a example from my setup. Theses are not usable IPs on the Internet or my IPs but just an example outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) interface ethernet0 100full (sets the duplex and turns on interface) interface ethernet1 100full (sets the duplex and turns on interface) nameif ethernet0 outside security0 ( lower security) nameif ethernet1 dmz security50 (higher security) no fixup protocol sip 5060 no fixup protocol sip udp 5060 ! - this makes things easier so now the pix knows the IP of the asterisk box and maps the ip to the name just for configuration purposes only so if you had 20 servers or devices you wanted public access to it's just easier to remember their names versus IPs. name 192.168.254.11 dns name 192.168.254.10 asterisk ! - the static command is used as a permanent mapper from one inside, dmz, or other to the global ip vice versa. (Rule of thumb if you map using static make sure you have a conduit command) static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 ! - here is where you open the ports on the global side to the asterisk box. (the conduit command allows connections from lower security interfaces to higher security interfaces) conduit permit udp host 192.168.1.22 eq 1 any conduit permit udp host 192.168.1.22 eq 10001 any conduit permit udp host 192.168.1.22 eq 10002 any conduit permit udp host 192.168.1.22 eq 10003 any conduit permit udp host 192.168.1.22 eq 10004 any conduit permit udp host 192.168.1.22 eq 10005 any Hope this helps! --Otis Ravichandran Rajagopal wrote: Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:11 PM To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup and no more logging/debugging from the cisco. I actually fixed while a call was coming in. LOL! Let me know!!! --Otis Ravichandran Rajagopal wrote: Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the fixups disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
No problem. :-P I thought it might wise to include everything you needed just in case!! LOL! You are welcome!!! --Otis Ravichandran Rajagopal wrote: LOL I guess all I was asking for the changes to be made in the Cisco PIX 506. I think you gave me a short tutorial on VI as well. Thanks once again for this help. Let me work on these changes and test the one-way audio problem and go from there. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:55 PM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, I will explain changing the config in asterisk and the pix: Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to 1 to 10050 (to start, you will need to increase later as ports fill up) (use insert to make a change in a file) to save: 1. esc 2. shift + colon 3. wq (to save) If you made a mistake and do not want to save but you changed something in the file: 1. esc 2. shift + colon 3. q! (to exit) Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the static and conduit commands so this is a example from my setup. Theses are not usable IPs on the Internet or my IPs but just an example outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) interface ethernet0 100full (sets the duplex and turns on interface) interface ethernet1 100full (sets the duplex and turns on interface) nameif ethernet0 outside security0 ( lower security) nameif ethernet1 dmz security50 (higher security) no fixup protocol sip 5060 no fixup protocol sip udp 5060 ! - this makes things easier so now the pix knows the IP of the asterisk box and maps the ip to the name just for configuration purposes only so if you had 20 servers or devices you wanted public access to it's just easier to remember their names versus IPs. name 192.168.254.11 dns name 192.168.254.10 asterisk ! - the static command is used as a permanent mapper from one inside, dmz, or other to the global ip vice versa. (Rule of thumb if you map using static make sure you have a conduit command) static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 ! - here is where you open the ports on the global side to the asterisk box. (the conduit command allows connections from lower security interfaces to higher security interfaces) conduit permit udp host 192.168.1.22 eq 1 any conduit permit udp host 192.168.1.22 eq 10001 any conduit permit udp host 192.168.1.22 eq 10002 any conduit permit udp host 192.168.1.22 eq 10003 any conduit permit udp host 192.168.1.22 eq 10004 any conduit permit udp host 192.168.1.22 eq 10005 any Hope this helps! --Otis Ravichandran Rajagopal wrote: Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:11 PM To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup and no more logging/debugging from the cisco. I actually fixed while a call was coming in. LOL! Let me know!!! --Otis Ravichandran Rajagopal wrote: Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the fixups disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Otis, I wanted to clarify what you said and what I comprehended. the SIP protocols are disabled in fixup. Having said that I guess all I have to do is just the following. the inside IP of asterisk server is 192.168.5.0 On the cisco PIX firewall enter the following. 192.168.5.0 eq 1 any conduit permit udp host 192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq 10001 any conduit permit udp host 192.168.5.0 eq 10002 any conduit permit udp host ... . 192.168.5.0 eq 10049 any conduit permit udp host 192.168.5.0 eq 10050 any conduit permit udp host in the rtp.conf in /etc/asterisk change the ending port 2 (which is what it currently is) to 10050 Is there an easier way to make the entries in Cisco PIX firewall ? Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Saturday, February 09, 2008 12:18 AM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 No problem. :-P I thought it might wise to include everything you needed just in case!! LOL! You are welcome!!! --Otis Ravichandran Rajagopal wrote: LOL I guess all I was asking for the changes to be made in the Cisco PIX 506. I think you gave me a short tutorial on VI as well. Thanks once again for this help. Let me work on these changes and test the one-way audio problem and go from there. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:55 PM To: [EMAIL PROTECTED] Cc: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, I will explain changing the config in asterisk and the pix: Asterisk Box - vi to /etc/asterisk/rtp.conf and change the port span to 1 to 10050 (to start, you will need to increase later as ports fill up) (use insert to make a change in a file) to save: 1. esc 2. shift + colon 3. wq (to save) If you made a mistake and do not want to save but you changed something in the file: 1. esc 2. shift + colon 3. q! (to exit) Cisco Pix - on my old Pix 520 UR I do not use the ACLs for this case the static and conduit commands so this is a example from my setup. Theses are not usable IPs on the Internet or my IPs but just an example outside (interface) - 192.168.1.0/24 (192.168.1.1-192.168.1.254) dmz (interface) - 192.168.254.0/24 (192.168.254.1-192.168.254.254) interface ethernet0 100full (sets the duplex and turns on interface) interface ethernet1 100full (sets the duplex and turns on interface) nameif ethernet0 outside security0 ( lower security) nameif ethernet1 dmz security50 (higher security) no fixup protocol sip 5060 no fixup protocol sip udp 5060 ! - this makes things easier so now the pix knows the IP of the asterisk box and maps the ip to the name just for configuration purposes only so if you had 20 servers or devices you wanted public access to it's just easier to remember their names versus IPs. name 192.168.254.11 dns name 192.168.254.10 asterisk ! - the static command is used as a permanent mapper from one inside, dmz, or other to the global ip vice versa. (Rule of thumb if you map using static make sure you have a conduit command) static (dmz,outside) 192.168.1.22 asterisk netmask 255.255.255.255 0 0 ! - here is where you open the ports on the global side to the asterisk box. (the conduit command allows connections from lower security interfaces to higher security interfaces) conduit permit udp host 192.168.1.22 eq 1 any conduit permit udp host 192.168.1.22 eq 10001 any conduit permit udp host 192.168.1.22 eq 10002 any conduit permit udp host 192.168.1.22 eq 10003 any conduit permit udp host 192.168.1.22 eq 10004 any conduit permit udp host 192.168.1.22 eq 10005 any Hope this helps! --Otis Ravichandran Rajagopal wrote: Otis, I am new to Cisco PIX 506 and I am learning this. If you can help me with how to do this change on Cisco PIX it would be greatly appreciated. Thx Ravi -Original Message- From: ListAcct [mailto:[EMAIL PROTECTED] Sent: Friday, February 08, 2008 11:11 PM To: [EMAIL PROTECTED]; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Ravi, Open up the RTP (UDP) ports on your pix. (EX. conduit permit udp host x.x.x.x eq 10049 any). Also set your asterisk rtp config span to something you can configure (1 to 10200) unless you write a script to just copy and paste about 1 to 2 ports in your config on the pix. Cisco's are strange but secure. It took me about two hours to figure out after taking off the fixup
Re: [asterisk-users] oneway audio with asterisk behind cisco pix 506
Note also that if you point to the DNS name rather than the IP address of the asterisk server on the phones trying to register, you can set NAT=NO on the asterisk side and the sip FIXUP command on the PIX will handle everything correctly making this workaround unnecessary - Original Message - From: Ravichandran Rajagopal [EMAIL PROTECTED] To: asterisk-users@lists.digium.com Sent: Friday, February 8, 2008 8:54:23 PM (GMT-0800) America/Los_Angeles Subject: [asterisk-users] oneway audio with asterisk behind cisco pix 506 Hi, I have the Cisco PIX 506 firewall right in front of the asterisk and I am getting a one-way audio. I need your help/guidance to resolve this problem. I have the “fixups” disabled for SIP in the Cisco PIX 506. Any help rendered by you in this subject is greatly appreciated. I have been breaking my head trying to resolve this problem for more than one month. I have included the sip.conf and the extensions.conf below. [SIP.conf] ; SIP Configuration example for Asterisk [general] context=incoming allowoverlap=no bindport=5060 bindaddr=0.0.0.0 localnet=192.168.5.0/255.255.255.0 externip=a.b.ccc.dd srvlookup=yes allow=ulaw allow=alaw [incoming] type=peer nat=no canreinvite=no host=xx.y.z.aaa qualify=yes dtmfmode=rfc2833 context=default [extensions.conf] [general] static=yes writeprotect=yes clearglobalvars=no [default] include = customer exten = h,1,Hangup exten = i,1,Congestion exten = i,2,Hangup [agnosco] include = local-extensions include = customer_ivr include = incoming [customer_ivr] include = local-extensions exten = s,1,Answer exten = s,n,Background(agnosco_intro) exten = s,n,WaitExten ;Dial said extensions exten = 5,1,Dial(SIP/[EMAIL PROTECTED],30) [incoming] exten = 4025901000,1,Goto(1000,1) exten = 1000,1,Goto(customer_ivr,s,1) Thanks sunMoonstar.___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Oneway audio
Hi list, I'm testingtransfer withsip re-inviteand bristuff-0.0.8-RCnusing anHFC pci card connetced directly to telco; this is what happen: 1.SIP phone calls a mobile phone (or another residential phone) 2. The called party answers the call 3. Now the sip phone puts on hold the calland calls another sip phone 4. They speak normally 5. Now hte phone that called the mobile transfer the session to the second one phone 6. The sip phone can hear the mobile phone, but not viceversa. This works perfectly if i try a blind transfer. Whaerecould be the problem? On the phoneon asterisk ? Anyone can help me? Thanks in advance Giordano ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Oneway Audio
Hi all, I did not get this error in Asterisk 1.2.5 release. I am testing on Asterisk SVN-trunk-r15187 to avail the PARKEDAT variable. - I park the call using ParkAndAnnounce - plays moh. - accept the call using ParkedCall The following errors are coming on the console and there is oneway audio - no audio after Music-On-Hold at caller's side. Please advice. I am testing using cisco 7902 phones and using cisco 2800 router. Codec is g711ulaw regards, -- Executing ParkedCall(SIP/192.168.50.2-09cbd610, 366) -- Channel SIP/192.168.50.2-09cbd610 connected to parked call 366Mar 29 17:59:16 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) Mar 29 17:59:16 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4)Mar 29 17:59:16 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) Mar 29 17:59:16 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4)Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4)Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4)Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4)Mar 29 17:59:17 WARNING[13774]: chan_sip.c:2692 sip_write: Asked to transmit frame type 64, while native formats is 4 (read/write = 4/4) ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
