Test porte aperte

Configurazioni per connettività ADSL, ISDN e switch per privati e piccole network

Moderatore: Federico.Lagni

Rispondi
lucalalo
n00b
Messaggi: 1
Iscritto il: mer 25 giu , 2014 10:57 pm

Ho un cisco 877, ho aperto la udp 5060 o almeno credo, per poter utilizzare un centralino voip da remoto ma il telefono voip(elmeg) non riesce ad accedere errore:

Sent to udp:95.225.6.161:5060 at 25/6/2014 23:37:57:860 (782 bytes):

REGISTER sip:X.X.X.X SIP/2.0
Via: SIP/2.0/UDP X.X.X.X:2051;branch=z9hG4bK-n73jptcsgqwp;rport
From: "47" <sip:[email protected]>;tag=uvryp43nzx
To: "47" <sip:[email protected]>
Call-ID: 3c2670094e20-t482gsl1qjjy@elmegIP290
CSeq: 1 REGISTER
Max-Forwards: 70
Contact: <sip:[email protected]:2051;line=02cy6tjn>;q=1.0;+sip.instance="<urn:uuid:8cb2fd28-f728-4df3-9ba7-359072af18cc>";audio;mobility="fixed";duplex="full";description="elmegIP290";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: elmegIP290/3.61
Supported: gruu
Allow-Events: dialog
X-Real-IP: 192.168.50.47
WWW-Contact: <http://192.168.50.47:80>
WWW-Contact: <https://192.168.50.47:443>
Expires: 3600
Content-Length: 0


Di seguito la configurazione dell'877 (o almeno ciò che credo possa servire per capire dove sbaglio)

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Lacom
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$NnCw$mbtKbtX6dkE7NwgJUV0k9.
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.189
ip dhcp excluded-address 192.168.0.241 192.168.0.254
!
ip dhcp pool ccp-pool1
import all
network 192.168.0.0 255.255.255.0
dns-server 85.37.17.14 85.38.28.78
default-router 192.168.0.1
!
ip dhcp pool Reception
host 192.168.0.23 255.255.255.0
hardware-address 001e.904e.be7b
!
!
ip port-map user-protocol--2 port tcp 2054
ip port-map user-protocol--3 port udp 2054
ip port-map user-protocol--1 port tcp 5060
ip port-map user-protocol--4 port tcp 2051
ip port-map user-protocol--5 port udp 2051
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 85.37.17.14
ip name-server 85.38.28.78
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3151520254
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3151520254
revocation-check none
rsakeypair TP-self-signed-3151520254
!
!
crypto pki certificate chain TP-self-signed-3151520254
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313531 35323032 3534301E 170D3032 30333031 31343138
35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353135
32303235 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B926 B1C56772 1824AC1C 303ECA0E 4FAC24C3 5A521CEE FAF01541 5EB8B557
322F9EC0 A438F8A3 BED35DB7 ECAF012C BBBE44C7 1C1B908C 079F2B7A 71B67CB3
CBA76E6D 907C62AE E1535C0F BF5228BC 5C99364E 6B896D1E 90605D3B 9761C7CD
AA854A1F 0E0460BE EE7B7146 19743CA8 4003CFE9 C56782DD EAB02593 F6873F53
624D0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 146F1B5A A80D2AC8 8929000D C0FB6D39 3EEAB3E4
F4301D06 03551D0E 04160414 6F1B5AA8 0D2AC889 29000DC0 FB6D393E EAB3E4F4
300D0609 2A864886 F70D0101 04050003 8181006D 657C0B19 E6285B08 FED8FC32
FC0D64E5 1C3BAD95 778D6B30 8D5FDA7C 8EA97929 8AD1004A 4AA8FB18 E8651E2C
91AA03F0 1A300475 EFFA989F BBDA1883 CFF7B439 B7D11F3C 77E1B61C 71D98EEE
D8BCF9C5 7BF58FA5 A44DB013 E4498BC4 169BA359 77AC5E6F 69C182F5 47731FA2
A2616068 BE6BDB85 440A4029 0B57526B A35AA4
quit
!
!
username ....l privilege 15 secret 5 .......................
!
!
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 106
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 105
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 104
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 103
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any sdm-service-sdm-pol-NATOutsideToInside-1
match protocol sip
match protocol h225ras
match protocol sip-tls
match protocol h323
match protocol h323callsigalt
match protocol mgcp
match protocol skinny
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all sdm-nat-sip-1
match access-group 102
match class-map sdm-service-sdm-pol-NATOutsideToInside-1
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
pass
class type inspect sdm-nat-sip-1
pass
class type inspect sdm-nat-user-protocol--2-1
pass
class type inspect sdm-nat-user-protocol--3-1
pass
class type inspect sdm-nat-user-protocol--4-1
pass
class type inspect sdm-nat-user-protocol--5-1
pass
class class-default
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
policy-map type inspect ccp-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address X.X.X.X 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname @alicebiz.routed
ppp chap password 7 052B0703284F4B0B101F59000419102F2F
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static udp 192.168.0.100 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.0.100 2054 interface Dialer0 2054
ip nat inside source static udp 192.168.0.100 2054 interface Dialer0 2054
ip nat inside source static tcp 192.168.0.100 2051 interface Dialer0 2051
ip nat inside source static udp 192.168.0.100 2051 interface Dialer0 2051
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.100 5060 interface Dialer0 5060
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 95.225.6.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.0.100
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.0.100
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.0.100
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.0.100
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip any host 192.168.0.100
access-list 106 remark CCP_ACL Category=0
access-list 106 permit ip any host 192.168.0.100
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
banner exec ^C


Usando i tool online le porte risultano bloccate

Grazie
Top
Rispondi

Torna a “Configurazioni End User”