Cisco 871、NAT、端口形成和 VOIP 配置 - 电话扬声器嗡嗡声

网络工程 思科 纳特 网络电话
2021-07-13 21:45:55

我对 Cisco 的所有东西都不熟悉,我需要配置 nettalk VOIP。我有带有两个 ISP 的 Cisco 871 设备 - 一个通过 PPP(公共 IP 666.666.666.666),另一个通过 eth(公共 IP 999.999.999.999)。

主要ISP是通过PPP的ISP,eth ISP用于WWW/mail/VOIP。

Nettalk 设备使用以下端口:

端口 69:用于更新(电话呼叫不需要)。端口 5060:用于配置到 netTALK 网络的标准 SIP 端口。端口 10,000 - 20,000:用于语音传输。如果您的路由器不允许您放置一系列端口,则选择端口 12000。协议:UDP。不使用 TCP。

对于 VOIP,我只需要 5060 和 10000-20000(如果无法转发端口范围​​,则需要 12000)。

设备 IP 为 192.168.1.6

我在“webmailvoip”访问列表中创建了许可规则:

permit tcp host 192.168.1.6 any eq 5060
permit udp host 192.168.1.6 any eq 5060
permit udp host 192.168.1.6 any range 10000 20000
permit tcp any eq 5060 host 192.168.1.6
permit udp any eq 5060 host 192.168.1.6
permit udp any range 10000 20000 host 192.168.1.6

但这似乎不起作用 - 我只能听到嗡嗡声。

任何想法哪些规则是错误的,我还应该配置什么?

谢谢您最好的问候!

附注。我目前的配置:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw
!
boot-start-marker
boot-end-marker
!
logging buffered 128000
logging console warnings
!
no aaa new-model
!
!
dot11 syslog
ip cef
!
no ip domain lookup
ip domain name blablabla
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
 request-dialin
  protocol pppoe
!
!
!
username admin privilege 15 password 0 blablabla
!
!
archive
 log config
  logging enable
  hidekeys
!
!
ip ssh version 2
!
track 1 rtr 1
!
track 2 rtr 2
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip policy route-map loop
!
interface Loopback1
 ip address 1.1.1.5 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip policy route-map loop1
!
interface FastEthernet0
 switchport access vlan 2
!
interface FastEthernet1
 switchport access vlan 2
!
interface FastEthernet2
 switchport access vlan 2
!
interface FastEthernet3
 switchport access vlan 3
!
interface FastEthernet4
 mac-address b055.5555.0775
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
interface Vlan2
 ip address 192.168.1.252 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip policy route-map webmailvoip
!
interface Vlan3
 no ip address
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Dialer0
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1450
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname blablabla
 ppp chap password 0 blablabla
 ppp ipcp dns request
 ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 999.999.999.001 100 track 2
!
no ip http server
no ip http secure-server
ip nat pool POOL 1.1.1.2 1.1.1.2 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.5 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.7 10000 interface Dialer0 10000
ip nat inside source static udp 192.168.1.7 10000 interface Dialer0 10000
ip nat inside source static esp 192.168.1.7 interface Dialer0
ip nat inside source route-map rmap-dial interface Dialer0 overload
ip nat inside source route-map rmap-f4 interface FastEthernet4 overload
ip nat outside source list publicip pool POOL
!
ip access-list extended inside
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended publicip
 permit ip 192.168.1.0 0.0.0.255 host 999.999.999.999
 permit ip 192.168.1.0 0.0.0.255 host 666.666.666.666
 permit ip host 666.666.666.666 192.168.1.0 0.0.0.255
 permit ip host 999.999.999.999 192.168.1.0 0.0.0.255
ip access-list extended webmailvoip
 deny   ip host 192.168.1.25 any
 permit tcp 192.168.1.0 0.0.0.255 any eq www
 permit tcp 192.168.1.0 0.0.0.255 any eq 443
 permit tcp 192.168.1.0 0.0.0.255 any eq 143
 permit tcp 192.168.1.0 0.0.0.255 any eq 993
 permit tcp 192.168.1.0 0.0.0.255 any eq 587
 permit tcp 192.168.1.0 0.0.0.255 any eq 465
 permit tcp 192.168.1.0 0.0.0.255 any eq pop3
 permit tcp 192.168.1.0 0.0.0.255 any eq 995
 permit tcp 192.168.1.0 0.0.0.255 any eq 22
 permit tcp host 192.168.1.6 any eq 5060
 permit udp host 192.168.1.6 any eq 5060
 permit udp host 192.168.1.6 any range 10000 20000
 permit tcp any eq 5060 host 192.168.1.6
 permit udp any eq 5060 host 192.168.1.6
 permit udp any range 10000 20000 host 192.168.1.6
!
ip sla 1
 icmp-echo 666.666.666.001 source-interface Dialer0
 timeout 3000
 frequency 3
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 999.999.999.001 source-interface FastEthernet4
 timeout 3000
 frequency 3
ip sla schedule 2 life forever start-time now
access-list 115 permit ip host 192.168.1.35 any log
access-list 115 permit ip any host 192.168.1.35 log
access-list 115 permit ip any any
access-list 117 permit ip 192.168.1.0 0.0.0.255 host 999.999.999.999
access-list 117 permit ip 192.168.1.0 0.0.0.255 host 666.666.666.666
access-list 117 permit ip host 666.666.666.666 192.168.1.0 0.0.0.255 log
access-list 117 permit ip host 999.999.999.999 192.168.1.0 0.0.0.255 log
dialer-list 1 protocol ip permit
no cdp run
!
route-map webmailvoip permit 10
 match ip address webmailvoip
 set ip next-hop verify-availability 999.999.999.001 1 track 2
 set ip next-hop verify-availability
!
route-map loop permit 10
 set ip next-hop 1.1.1.6
!
route-map loop1 permit 10
 set interface Vlan2
!
route-map rmap-dial permit 10
 match interface Dialer0
!
route-map rmap-f4 permit 10
 match interface FastEthernet4
!
control-plane
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 30 0
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
!
end
0个回答
没有发现任何回复~
其它你可能感兴趣的问题
上一篇L2L VPN 问题 Pix 506e 和 ASA5520 下一篇BGP - 某些路由的源路由中断