Support Center

Configuring Cisco/Linksys Routers

Last Updated: Nov 02, 2016 05:17AM EDT
Configuring Cisco Enterprise-level Devices


SIP Transformations
In order for your Cisco PIX device to work with Sharpen service, you will typically need to disable SIP transformations. Enter the following lines on any Cisco router or switch that is performing a NAT on outbound traffic – this will disable SIP specific transformations done on packets going through the NAT.
no ip nat service SIP udp port 5060


Firmware Version
Cisco PIX’s general release software (release 6.1 and 6.2) has a limitation that does not allow SIP processing to be disabled for UDP. Cisco provides a maintenance release to allow the disabling of SIP processing for UDP. The specific release tested is 6.2.2.125. This load can be obtained from Cisco through their normal support channels.
Configuring Cisco PIX 6.X for VoIP Traffic
In order to configure your device for Sharpen service, follow these steps:
  • Once the load is upgraded to 6.2.2.125, enter the command: show configure
  • You should see the following lines: fixup protocol sip 5060, fixup protocol sip udp 5060
  • To disable SIP processing, enter the commands: no fixup protocol sip 5060, no fixup protocol sip udp 5060
In addition, the RPC timer needs to be extended, or voice path is lost after the default 10 minutes. This can be done by going to the enable prompt and configuring terminal and typing: “timeout rpc never-time-out” and hitting enter. Then save the config to memory and verify the value by typing “sh timeout rpc“. It should be listed as 0:00:0.


Configuring Cisco PIX Firewall Software Version 7.X
In Versions 7.x of the PIX software, “fixup” has been replaced with “inspect”. This line can be found in either a global or interface specific policy map. A generic configuration will contain entries like this:
policy-map asa_global_fw_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
In the example above, you would need to enter configuration mode via the command line and execute the following commands (hitting enter after each line):
  • class-map inspection_default
  • policy-map asa_global_fw_policy
  • no inspect sip


Configuring Cisco ASA 5505 Router


To properly configure your Cisco ASA 5505 Router make sure that the items marked in red are changed to allow proper ingress and egress and timing. The Cisco Inspect SIP command should also be removed from the policy-map global_policy section. Finally, make sure your UDP and TCP timers are okay.
 ASA Version 8.0(4)28
!
hostname DKNSAGN-LR
domain-name thedickinsonagencyinc.local
enable password cH3g.3jrI.9pB0Eb encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.131.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4

interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa804-28-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time DST recurring
dns server-group DefaultDNS
domain-name "yourdomain"
same-security-traffic permit intra-interface
access-list nonat extended permit ip 192.168.131.0 255.255.255.0 192.168.132.0 255.255.255.0
access-list nonat extended permit ip 192.168.131.0 255.255.255.0 192.168.130.0 255.255.255.0
access-list nonat extended permit ip 192.168.131.0 255.255.255.0 192.168.133.0 255.255.255.0
access-list vpn10 extended permit ip 192.168.131.0 255.255.255.0 192.168.132.0 255.255.255.0
access-list vpn10 extended permit ip 192.168.130.0 255.255.255.0 192.168.132.0 255.255.255.0
access-list vpn10 extended permit ip 192.168.133.0 255.255.255.0 192.168.132.0 255.255.255.0
access-list clientvpn extended permit ip 192.168.131.0 255.255.255.0 192.168.130.0 255.255.255.0
access-list clientvpn extended permit ip 192.168.132.0 255.255.255.0 192.168.130.0 255.255.255.0
access-list clientvpn extended permit ip 192.168.133.0 255.255.255.0 192.168.130.0 255.255.255.0
access-list outside-in extended permit udp host 216.147.191.157 host 70.88.14.185 eq sip
access-list outside-in extended permit udp host 216.147.191.157 host 70.88.14.185 eq 2088
access-list outside-in extended permit tcp host 216.147.191.157 host 70.88.14.185 eq 8081
access-list outside-in extended permit udp host 216.147.191.157 host 70.88.14.185 range 15000 15511
access-list outside-in extended permit tcp any host 70.88.14.186 range 81 84
access-list vpn11 extended permit ip 192.168.131.0 255.255.255.0 192.168.133.0 255.255.255.0
access-list vpn11 extended permit ip 192.168.130.0 255.255.255.0 192.168.133.0 255.255.255.0
access-list vpn11 extended permit ip 192.168.132.0 255.255.255.0 192.168.133.0 255.255.255.0
access-list voip extended permit udp any any range 10000 20000
access-list voip extended permit udp any any range sip sip
access-list outside_access_in extended permit udp any any range 10000 20000
access-list outside_access_in extended permit udp any any range sip sip

pager lines 24
logging enable
logging buffered warnings
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 192.168.130.10-192.168.130.15
icmp unreachable rate-limit 1 burst-size 1
icmp permit 192.168.131.0 255.255.255.0 inside
icmp permit 192.168.132.0 255.255.255.0 inside
asdm image disk0:/asdm-61551.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 81 192.168.131.38 81 netmask 255.255.255.255
static (inside,outside) tcp interface 82 192.168.131.31 82 netmask 255.255.255.255
static (inside,outside) tcp interface 83 192.168.131.29 83 netmask 255.255.255.255
static (inside,outside) tcp interface 84 192.168.131.40 84 netmask 255.255.255.255
access-group outside-in in interface outside
route outside 0.0.0.0 0.0.0.0 70.88.14.190 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 1:00:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:05:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:03:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
http server enable
http 199.227.199.0 255.255.255.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYNAMIC 5000 set transform-set esp-3des-sha
crypto map VPN 10 match address vpn10
crypto map VPN 10 set peer 70.90.227.161
crypto map VPN 10 set transform-set esp-3des-sha
crypto map VPN 11 match address vpn11
crypto map VPN 11 set peer 174.79.104.10
crypto map VPN 11 set transform-set esp-3des-sha
crypto map VPN 5000 ipsec-isakmp dynamic DYNAMIC
crypto map VPN interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.131.0 255.255.255.0 inside
telnet 192.168.132.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.131.0 255.255.255.0 inside
ssh 192.168.132.0 255.255.255.0 inside
ssh 199.227.199.0 255.255.255.0 outside
ssh 75.151.69.96 255.255.255.248 outside
ssh timeout 5
console timeout 0
management-access inside
vpdn username ____________________ password *********
dhcpd dns 68.87.68.162 68.87.74.162
dhcpd auto_config outside
!
dhcpd address 192.168.131.50-192.168.131.81 inside
dhcpd enable inside
!

priority-queue outside
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy TDAvpn internal
group-policy TDAvpn attributes
dns-server value 68.94.156.1 68.94.157.1
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value clientvpn
username vendorvpn password 7Va16UTp99sdVNcR encrypted
username atgadmin password xXPhK1482SckLcvK encrypted
tunnel-group 70.90.227.161 type ipsec-l2l
tunnel-group 70.90.227.161 ipsec-attributes
pre-shared-key *
tunnel-group TDA-VPN type remote-access
tunnel-group TDA-VPN general-attributes
address-pool VPNpool
default-group-policy TDAvpn
tunnel-group TDA-VPN ipsec-attributes
pre-shared-key *
tunnel-group 174.79.104.10 type ipsec-l2l
tunnel-group 174.79.104.10 ipsec-attributes
pre-shared-key *
!
class-map Voice
match access-list voip
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy (remove inspect SIP!)
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect netbios
  inspect tftp

policy-map qos_out
class Voice
  priority
policy-map global-policy
!
service-policy global_policy global
service-policy qos_out interface outside
prompt hostname context
Cryptochecksum:c15b4db10d91502044e28a5063db46f6
: end
DKNSAGN-LR#



 

Configuring Cisco RV042G Router


In order for the Cisco RV042G to be compatible with our VoIP service it is necessary that you reconfigure your router. The following screenshots will direct you through the process for correctly configuring your settings within the IP dashboard for your router. 


1. Access the 'System Summary' tab and adjust your Firmware settings. 



2. Next, access the hidden url link described below in order to make necessary adjustments to your SIP ALG. 

Make sure that you are logged into https:// on your computer and type in the hidden URL. This link is comprised of your IP address followed by /f_general_hidden.htm.

Example: https://50.240.88.105/f_general_hidden.htm

Once you've entered the hidden URL you be directed to the firewall general settings tab and will see the page displayed below. Disable both your UDP Timer your SIP ALG. 



3. Next, return to your regular IP dashboard. Under the 'Firewall' tab > 'Access Rules', adjust the Public IP.



4. Within your IP dashboard, access the 'General' tab and enable your firewall (including emote public access) .



5. Now, enter the 'Bandwidth Management' tab and adjust your settings as follows: 



6. Finally, address QoS Management by entering the 'Port Setup' tab and configuring/enabling your Ports. 

Contact Us

53287620774b22021cc5dca627c0df84@fathomvoice.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete