Alfredo, Voice gurus I presently have aaa enabled on my gatekeeper and gateways, with a radius server for authentication, authorisation and accounting. All's kosher, no issues.
Now, I imagine how useful the option: security password xyz level all and security token required-for all on the gateway and gatekeeper respectively can be if where I want CPE gateways to authenticate not only for registration but also per call. I imagine I can remove aaa for a gateway, define xyz password on the radius server for the gateway, enter above commands and have gatekeeper authenticate gateway for registration, authorize it, and send accounting info for all calls to radius server, and hence eliminate radius traffic between each gateway and radius server. So I enter on the gatekeeper "security token required-for all" and on the gateway "security password xyz level all". I however could not register the gateway to the gatekeeper. I will appreciate pointers from anybody. TIA >From: "Idecnet Admin" >To: "Tunji Suleiman" >Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] >Date: Tue, 17 Sep 2002 12:22:59 +0100 > >Ohhhh my god you are an angel that enlightened my away, just kiding. > > Ok Tunji, now the registration is OK, I added new prefix to 827 how to >say me. > >I had seen this message too "%CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars] >failed to register with > > Gatekeeper [chars] even after [dec] retries " . > > Thanks Thanks for you help Tunji, > >Many Regards for you and I hope you have a good day. > > >-- > Alfredo Pulido [EMAIL PROTECTED] > Dept. Sistemas, IdecNet S.A. > Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, > Las Palmas // SPAIN > Tel: +34 828 111 000 Fax: +34 828 111 112 > http://www.idecnet.com/ >-- >----- Original Message ----- >From: "Tunji Suleiman" >To: >Sent: Tuesday, September 17, 2002 10:25 AM >Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] > > > > That is a new one to me, I checked on CCO, see below: > > > > %CCH323-2-GTWY_REGSTR_FAILED: Gateway [chars] failed to register with > > Gatekeeper [chars] even after [dec] retries > > > > Explanation: A gateway has failed to register with the gatekeeper. > > > > Recommended Action: Copy the error message exactly as it appears on >the > > console or in the system log. Issue the show tech-support command to >gather > > data that may help identify the nature of the error. If you cannot >determine > > the nature of the error from the error message text or from the show > > tech-support command output, contact your Cisco technical support > > representative and provide the representative with the gathered >information. > > > > > > Try this, add a prefix on the GK for the gateway pruea827, just like u >did > > for the as5300-1. Take out the "security token required-for all" under > > gatekeeper config and "security password prueba level endpoint" under > > gateway, and see if it registers. > > > > Regards > > > > > > > > >From: "Idecnet Admin" > > >To: "\"Tunji Suleiman\"" > > >Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] > > >Date: Tue, 17 Sep 2002 09:40:03 +0100 > > > > > >Hello Tunji, I don't Know because the e-mail that I sent to news >groupstudy > > >is corrupt in the news. > > > > > >Below is the original e-mail I wrote in my PC, and I sent to >groupstudy. > > > > > >If you not receive the configuration gatekeeper and gateway, please you > > >contact with me again. > > > > > >Thanks for all, > > > > > >Waiting for you answerr, > > > > > >Regards, > > > > > >-- > > > Alfredo Pulido [EMAIL PROTECTED] > > > Dept. Sistemas, IdecNet S.A. > > > Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, > > > Las Palmas // SPAIN > > > Tel: +34 828 111 000 Fax: +34 828 111 112 > > > http://www.idecnet.com/ > > >-- > > > > > > > > >ORIGINAL E-MAIL: > > > > > > > > >Hello people, > > > > > > I have a problem when I want support AAA in my Gatekeeper. If > > >Gatekeeper > > >is configured without AAA, all run OK. > > > My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. > > > Gateway 827. > > > > > > The configuration with AAA is in LOCAL, in the future they will be > > >with > > >RADIUS. > > > > > >CONFIGURATION: > > > > > >************ > > >GATEKEEPER: > > >. > > >. > > >. > > >aaa new-model > > >! > > >! > > >aaa authentication login h323 local > > >aaa authorization exec default local > > >aaa authorization exec h323 local > > >aaa session-id common > > >! > > >username pruea827 password prueba > > >. > > >. > > >! > > >gatekeeper > > > zone local NetGK idecnet.com 212.64.XXX.YYY > > > zone prefix NetGK 928...... gw-priority 10 as5300-1 > > > security token required-for all > > > gw-type-prefix 1#* default-technology > > > no shutdown > > >! > > >. > > > > > >************* > > >CONFIGURATION GATEWAY 827 > > >. > > >. > > >! > > >interface Dialer0 > > > ip address 212.64.xxx.zzz 255.255.255.0 > > > encapsulation ppp > > > dialer pool 1 > > > ppp pap sent-username adsl password 7tttttttttt > > > h323-gateway voip interface > > > h323-gateway voip id NetGK ipaddr 212.64.xxx.yyy 1719 > > > h323-gateway voip h323-id pruea827 > > >! > > >dial-peer voice 1 pots > > > destination-pattern 928112000 > > > port 1 > > >! > > >dial-peer voice 5 voip > > > destination-pattern 928...... > > > session target ras > > >! > > >gateway > > > security password prueba level endpoint > > >! > > >. > > >. > > > > > >************** > > > When I run "sh ga end" in the Gatekeeper > > > > > >C3600#sh ga endpoints > > > GATEKEEPER ENDPOINT REGISTRATION > > > ================================ > > >CallSignalAddr Port RASSignalAddr Port Zone Name Type >Flags > > >------------- ----- --------------- ----- --------- ---- ----- > > >Total number of active registrations = 0 > > > > > > > > > > > > And in the console Gateway 827 there is a error message: > > > > > >%CCH323-2-GTWY_REGSTR_FAILED: Gateway pruea827 failed to register with > > >Gatekeeper NetGK even after 2 retries > > > > > > > > > > > >If I configure Gatekeeper without AAA, this is the "sh ga end" > > > > > >GATEKEEPER: > > > > > >GATEKEEPER ENDPOINT REGISTRATION > > > ================================ > > >CallSignalAddr Port RASSignalAddr Port Zone Name Type >Flags > > >------------- ----- --------------- ----- --------- ---- ----- > > >212.64.xxx.zzz 1720 212.64.xxx.zzz 1193 NetGK VOIP-GW > > > H323-ID: as5300-1 > > >212.64.xxx.zzz 1720 212.64.xxx.zzz 52359 NetGK VOIP-GW > > > E164-ID: 92811200 > > > H323-ID: pruea827 > > >Total number of active registrations = 3 > > > > > > And I can call between gateways and Public Telco. > > > > > > > > >Can anybody help me? What is it the problem ? > > > > > >Waiting for your answers, > > > > > >Regards for all. > > > > > > > > > > > > > > >-- > > >-- > > > Alfredo Pulido [EMAIL PROTECTED] > > > Dept. Sistemas, IdecNet S.A. > > > Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, > > > Las Palmas // SPAIN > > > Tel: +34 828 111 000 Fax: +34 828 111 112 > > > http://www.idecnet.com/ > > >-- > > > > > > > > >-- > > > Alfredo Pulido [EMAIL PROTECTED] > > > Dept. Sistemas, IdecNet S.A. > > > Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, > > > Las Palmas // SPAIN > > > Tel: +34 828 111 000 Fax: +34 828 111 112 > > > http://www.idecnet.com/ > > >-- > > >----- Original Message ----- > > >From: ""Tunji Suleiman"" > > >Newsgroups: groupstudy.cisco > > >Sent: Tuesday, September 17, 2002 9:12 AM > > >Subject: Re: Problem Gatekeeper and registratio gateway [7:53420] > > > > > > > > > > Let's see config for gatekeeper and unregistering gateway. > > > > > > > > Tunji > > > > > > > > > > > > >From: "Alfredo Pulido" > > > > >Reply-To: "Alfredo Pulido" > > > > >To: [EMAIL PROTECTED] > > > > >Subject: Problem Gatekeeper and registratio gateway [7:53420] > > > > >Date: Mon, 16 Sep 2002 17:14:45 GMT > > > > > > > > > >Hello people, > > > > > > > > > > I have a problem when I want support AAA in my Gatekeeper. If > > > > >Gatekeeper > > > > >is configured without AAA, all run OK. > > > > > My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. > > > > > Gateway 827. > > > > > > > > > > The configuration with AAA is in LOCAL, in the future they >will >be > > > > >with > > > > >RADIUS. > > > > > > > > > >CONFIGURATION: > > > > >----------------------------------------------- > > > > >GATEKEEPER: > > > > >FAQ, list archives, and subscription info: > > > > >http://www.groupstudy.com/list/cisco.html > > > > >Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > > Send and receive Hotmail on your mobile device: >http://mobile.msn.com >[EMAIL PROTECTED] > > > > > > > > > > > > > > _________________________________________________________________ > > MSN Photos is the easiest way to share and print your photos: > > http://photos.msn.com/support/worldwide.aspx > > _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53491&t=53420 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
