You need to add rules for the other direction as well (pub and sub to the phone). Otherwise the phone still receives keepalives. So you need to add these to your access list:
deny ip host 10.10.210.10 host 192.168.12.12 deny ip host 10.10.210.11 host 192.168.12.12 DQ d...@cisco.com<mailto:d...@cisco.com> Sent from my iPhone On Jul 29, 2012, at 10:40 PM, "Randall Crumm" <rrcr...@yahoo.com<mailto:rrcr...@yahoo.com>> wrote: Hello, I am working on PL but with my equipment. I want to make the phones here go into SRST. SO I need to add an access-list, my hoe phone being IP address 192.168.12.12 So I added this ip access-list extended sc deny ip host 192.168.12.12 host 10.10.210.11 deny ip host 192.168.12.12 host 10.10.210.10 permit ip any any Then applied it to the interface: interface FastEthernet0/0 description (Outside Public Interface) ip address dhcp ip access-group sc out <<<<<<<<<<<<<<<<<< no ip unreachables ip mtu 1400 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto ipsec client ezvpn Voice-vRack This is not working. Any thoughts? Cheers, Randall _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com