Dear All, tried all possible ways but still not able to get this working talking to support also but someone have any suggestion will be appreciated, here is my config:
I'm using 2821 router and all my phones are connected to 3560 no vlans. Router#show running-config Building configuration... Current configuration : 3515 bytes ! version 12.4 service timestamps debug datetime service timestamps log datetime service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! card type command needed for slot/vwic-slot 0/1 ! card type command needed for slot/vwic-slot 0/3 logging message-counter syslog logging buffered 512000 informational enable secret 5 $1$BbSU$D1GeD44ZhXIIS4wYTDwkF0 ! no aaa new-model ! dot11 syslog ip source-route ! ! ip cef ip dhcp excluded-address 192.168.7.1 192.168.7.10 ! ip dhcp pool DHCP-Pool import all network 192.168.7.0 255.255.255.0 option 150 ip 10.10.210.10 default-router 192.168.7.1 dns-server 209.124.41.100 domain-name proctorlabs.com lease 8 ! ! ip inspect name CBAC-FW tcp timeout 3600 ip inspect name CBAC-FW udp timeout 3600 ip inspect name CBAC-FW http java-list 1 timeout 3600 ip inspect name CBAC-FW https timeout 3600 ip inspect name CBAC-FW icmp ip inspect name CBAC-FW ddns-v3 ip inspect name CBAC-FW smtp ip inspect name CBAC-FW pop3 ip inspect name CBAC-FW pop3s ip inspect name CBAC-FW imap ip inspect name CBAC-FW ftps ip inspect name CBAC-FW ntp ip inspect name CBAC-FW ftp timeout 3600 no ipv6 cef ! multilink bundle-name authenticated ! ! voice-card 0 ! ! archive log config hidekeys ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! ! crypto ipsec client ezvpn IPx-Voice-vRack connect auto / manual also group vpodgroup key proctorvoice mode client / network-extension also peer 74.126.20.247 xauth userid mode interactive ! ! ! interface GigabitEthernet0/0 description insdie interface ip address 192.168.7.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto crypto ipsec client ezvpn IPx-Voice-vRack inside ! interface GigabitEthernet0/1 description (Outside Public Interface) ip address dhcp ip access-group FW-IN in no ip unreachables ip mtu 1300 ip nat outside ip inspect CBAC-FW out ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn IPx-Voice-vRack ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 dhcp ip http server no ip http secure-server ! ! ip nat inside source list 101 interface GigabitEthernet0/1 overload ! ip access-list extended FW-IN permit udp any any eq bootpc deny ip 10.0.0.0 0.255.255.255 any log deny ip 172.16.0.0 0.15.255.255 any log deny ip 192.168.0.0 0.0.255.255 any log deny ip 224.0.0.0 15.255.255.255 any log deny ip host 0.0.0.0 any log deny ip host 255.255.255.255 any log deny ip 169.254.0.0 0.0.255.255 any log deny ip 127.0.0.0 0.255.255.255 any log permit tcp any any eq 22 permit esp host 74.126.20.247 any permit esp host 12.159.40.185 any permit udp host 74.126.20.247 any eq isakmp permit udp host 12.159.40.185 any eq isakmp permit udp host 74.126.20.247 any eq non500-isakmp permit udp host 12.159.40.185 any eq non500-isakmp deny ip any any log ! access-list 1 permit any access-list 101 deny ip 192.168.0.0 0.0.255.255 10.10.0.0 0.0.255.25 access-list 101 permit ip 192.168.0.0 0.0.255.255 any ! ! ! control-plane ! ! ! ccm-manager fax protocol cisco ! mgcp fax t38 ecm ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 line aux 0 line vty 0 4 exec-timeout 30 0 privilege level 15 password 7 121015120A1B09163E232B2536 logging synchronous login line vty 5 15 exec-timeout 30 0 privilege level 15 password 7 121015120A1B09163E232B2536 logging synchronous login ! scheduler allocate 20000 1000 end Router# thanks arun
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
