Форум программистов, компьютерный форум, киберфорум
Наши страницы
Cisco
Войти
Регистрация
Восстановить пароль
 
Рейтинг 4.64/11: Рейтинг темы: голосов - 11, средняя оценка - 4.64
whoim
7 / 7 / 1
Регистрация: 27.02.2013
Сообщений: 148
1

Cisco ASA и RTP-трафик астериска

24.02.2014, 13:38. Просмотров 2200. Ответов 2
Метки нет (Все метки)

как обычно - нет звука )
freepbx
sip settings - external ip
указан внешний адрес и локальная подсеть.
на циске вроде бы (делается не мною) проброшены 5060 и диапазон rpt, согласованный с настройкою во freepbx

коннектимся из внешки клиентом, который сам находится за натом (роутер).

rtp set debug on показывает, что пакеты уходят только на внутренний IP клиента (192.168.1.3) выданный роутером. Не пытаются идти во внешку.

Код
Connected to Asterisk 11.7.0 currently running on localhost (pid = 28176)
localhost*CLI> rtp set debug on
RTP Debugging Enabled
localhost*CLI> sip set debug on
SIP Debugging enabled
Really destroying SIP dialog '7e77c3040923685844d2f3652929261f@внешнийIPasterisk:5060' Method: OPTIONS

<--- SIP read from UDP:внешнийIPклиента:5060 --->
INVITE sip:9500@внешнийIPasterisk SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0beed5f7c841bdb;rport
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 8 INVITE
Contact: <sip:121@192.168.1.3(внутренний клиента):5060>
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Max-Forwards: 70
Supported: 100rel, replaces, from-change
User-Agent: SIPPER for PhonerLite
P-Preferred-Identity: <sip:121@внешнийIPasterisk>
Content-Length: 441

v=0
o=- 4092726581 1 IN IP4 192.168.1.3(внутренний клиента)
s=SIPPER for PhonerLite
c=IN IP4 192.168.1.3(внутренний клиента)
t=0 0
m=audio 5062 RTP/AVP 107 8 0 2 3 97 110 111 9 101
a=rtpmap:107 opus/48000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:97 iLBC/8000
a=rtpmap:110 speex/8000
a=rtpmap:111 speex/16000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ssrc:1759885768
a=sendrecv
<------------->
--- (14 headers 19 lines) ---
Sending to внешнийIPклиента:5060 (no NAT)
Sending to внешнийIPклиента:5060 (no NAT)
Using INVITE request as basis request - 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
Found peer '121' for '121' from внешнийIPклиента:5060

<--- Reliably Transmitting (NAT) to внешнийIPклиента:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0beed5f7c841bdb;received=внешнийIPклиента;rport=5060
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>;tag=as49da5fda
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 8 INVITE
Server: FPBX-2.11.0(11.7.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="28bf0eb5"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)' in 6400 ms (Method: INVITE)

<--- SIP read from UDP:внешнийIPклиента:5060 --->
ACK sip:9500@внешнийIPasterisk SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0beed5f7c841bdb;rport
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>;tag=as49da5fda
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 8 ACK
Content-Length: 0

<------------->
--- (7 headers 0 lines) ---

<--- SIP read from UDP:внешнийIPклиента:5060 --->
INVITE sip:9500@внешнийIPasterisk SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0bfed5f7c841bdb;rport
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 9 INVITE
Contact: <sip:121@192.168.1.3(внутренний клиента):5060>
Authorization: Digest username="121", realm="asterisk", nonce="28bf0eb5", uri="sip:9500@внешнийIPasterisk", response="181a6cea9f2b2021d61f8651199a8c6a", algorithm=MD5
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Max-Forwards: 70
Supported: 100rel, replaces, from-change
User-Agent: SIPPER for PhonerLite
P-Preferred-Identity: <sip:121@внешнийIPasterisk>
Content-Length: 441

v=0
o=- 4092726581 1 IN IP4 192.168.1.3(внутренний клиента)
s=SIPPER for PhonerLite
c=IN IP4 192.168.1.3(внутренний клиента)
t=0 0
m=audio 5062 RTP/AVP 107 8 0 2 3 97 110 111 9 101
a=rtpmap:107 opus/48000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:97 iLBC/8000
a=rtpmap:110 speex/8000
a=rtpmap:111 speex/16000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ssrc:1759885768
a=sendrecv
<------------->
--- (15 headers 19 lines) ---
Sending to внешнийIPклиента:5060 (NAT)
Using INVITE request as basis request - 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
Found peer '121' for '121' from внешнийIPклиента:5060
  == Using SIP VIDEO TOS bits 136
  == Using SIP VIDEO CoS mark 6
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
Found RTP audio format 107
Found RTP audio format 8
Found RTP audio format 0
Found RTP audio format 2
Found RTP audio format 3
Found RTP audio format 97
Found RTP audio format 110
Found RTP audio format 111
Found RTP audio format 9
Found RTP audio format 101
Found unknown media description format opus for ID 107
Found audio description format PCMA for ID 8
Found audio description format PCMU for ID 0
Found audio description format G726-32 for ID 2
Found audio description format GSM for ID 3
Found audio description format iLBC for ID 97
Found audio description format speex for ID 110
Found audio description format speex for ID 111
Found audio description format G722 for ID 9
Found audio description format telephone-event for ID 101
Capabilities: us - (gsm|ulaw|alaw|g729|g722|h263|h263p|h264), peer - audio=(gsm|ulaw|alaw|g726|speex|speex16|ilbc|g722)/video=(nothing)/text=(nothing), combined - (gsm|ulaw|alaw|g722)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 192.168.1.3(внутренний клиента):5062
Peer doesn't provide video
Looking for 9500 in from-internal (domain внешнийIPasterisk)
list_route: hop: <sip:121@192.168.1.3(внутренний клиента):5060>

<--- Transmitting (NAT) to внешнийIPклиента:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0bfed5f7c841bdb;received=внешнийIPклиента;rport=5060
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 9 INVITE
Server: FPBX-2.11.0(11.7.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Contact: <sip:9500@внешнийIPasterisk:5060>
Content-Length: 0


<------------>
    -- Executing [9500@from-internal:1] Macro("SIP/121-00000012", "user-callerid,") in new stack
    -- Executing [s@macro-user-callerid:1] Set("SIP/121-00000012", "TOUCH_MONITOR=1392983970.18") in new stack
    -- Executing [s@macro-user-callerid:2] Set("SIP/121-00000012", "AMPUSER=121") in new stack
    -- Executing [s@macro-user-callerid:3] GotoIf("SIP/121-00000012", "0?report") in new stack
    -- Executing [s@macro-user-callerid:4] ExecIf("SIP/121-00000012", "1?Set(REALCALLERIDNUM=121)") in new stack
    -- Executing [s@macro-user-callerid:5] Set("SIP/121-00000012", "AMPUSER=121") in new stack
    -- Executing [s@macro-user-callerid:6] Set("SIP/121-00000012", "AMPUSERCIDNAME=test exten") in new stack
    -- Executing [s@macro-user-callerid:7] GotoIf("SIP/121-00000012", "0?report") in new stack
    -- Executing [s@macro-user-callerid:8] Set("SIP/121-00000012", "AMPUSERCID=121") in new stack
    -- Executing [s@macro-user-callerid:9] Set("SIP/121-00000012", "__DIAL_OPTIONS=Ttr") in new stack
    -- Executing [s@macro-user-callerid:10] Set("SIP/121-00000012", "CALLERID(all)="test exten" <121>") in new stack
    -- Executing [s@macro-user-callerid:11] GotoIf("SIP/121-00000012", "0?limit") in new stack
    -- Executing [s@macro-user-callerid:12] ExecIf("SIP/121-00000012", "0?Set(GROUP(concurrency_limit)=121)") in new stack
    -- Executing [s@macro-user-callerid:13] GosubIf("SIP/121-00000012", "7?sub-ccss,s,1(from-internal,9500)") in new stack
    -- Executing [s@sub-ccss:1] ExecIf("SIP/121-00000012", "0?Return()") in new stack
    -- Executing [s@sub-ccss:2] Set("SIP/121-00000012", "CCSS_SETUP=TRUE") in new stack
    -- Executing [s@sub-ccss:3] GosubIf("SIP/121-00000012", "0?monitor_config,1(from-internal,9500):monitor_default,1(from-internal,9500)") in new stack
    -- Executing [monitor_default@sub-ccss:1] GotoIf("SIP/121-00000012", "0?is_exten") in new stack
    -- Executing [monitor_default@sub-ccss:2] StackPop("SIP/121-00000012", "") in new stack
    -- Executing [monitor_default@sub-ccss:3] Return("SIP/121-00000012", "FALSE") in new stack
    -- Executing [s@macro-user-callerid:14] GotoIf("SIP/121-00000012", "0?continue") in new stack
    -- Executing [s@macro-user-callerid:15] Set("SIP/121-00000012", "__TTL=64") in new stack
    -- Executing [s@macro-user-callerid:16] GotoIf("SIP/121-00000012", "1?continue") in new stack
    -- Goto (macro-user-callerid,s,27)
    -- Executing [s@macro-user-callerid:27] Set("SIP/121-00000012", "CALLERID(number)=121") in new stack
    -- Executing [s@macro-user-callerid:28] Set("SIP/121-00000012", "CALLERID(name)=test exten") in new stack
    -- Executing [s@macro-user-callerid:29] Set("SIP/121-00000012", "CDR(cnum)=121") in new stack
    -- Executing [s@macro-user-callerid:30] Set("SIP/121-00000012", "CDR(cnam)=test exten") in new stack
    -- Executing [s@macro-user-callerid:31] Set("SIP/121-00000012", "CHANNEL(language)=ru") in new stack
    -- Executing [9500@from-internal:2] Answer("SIP/121-00000012", "") in new stack
Audio is at 15428
Adding codec 100003 (ulaw) to SDP
Adding codec 100004 (alaw) to SDP
Adding codec 100002 (gsm) to SDP
Adding codec 100012 (g722) to SDP
Adding non-codec 0x1 (telephone-event) to SDP

<--- Reliably Transmitting (NAT) to внешнийIPклиента:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0bfed5f7c841bdb;received=внешнийIPклиента;rport=5060
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>;tag=as20e2f5ce
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 9 INVITE
Server: FPBX-2.11.0(11.7.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Contact: <sip:9500@внешнийIPasterisk:5060>
Content-Type: application/sdp
Content-Length: 306

v=0
o=root 2047478799 2047478799 IN IP4 внешнийIPasterisk
s=Asterisk PBX 11.7.0
c=IN IP4 внешнийIPasterisk
t=0 0
m=audio 15428 RTP/AVP 0 8 3 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv

<------------>

<--- SIP read from UDP:внешнийIPклиента:5060 --->
ACK sip:9500@внешнийIPasterisk:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3(внутренний клиента):5060;branch=z9hG4bK800538435d99e311b0c0ed5f7c841bdb;rport
From: "PhonerLite" <sip:121@внешнийIPasterisk>;tag=3726319628
To: <sip:9500@внешнийIPasterisk>;tag=as20e2f5ce
Call-ID: 80053843-5D99-E311-B0BD-ED5F7C841BDB@192.168.1.3(внутренний клиента)
CSeq: 9 ACK
Contact: <sip:121@192.168.1.3(внутренний клиента):5060>
Authorization: Digest username="121", realm="asterisk", nonce="28bf0eb5", uri="sip:9500@внешнийIPasterisk", response="181a6cea9f2b2021d61f8651199a8c6a", algorithm=MD5
Max-Forwards: 70
Content-Length: 0

<------------->
--- (10 headers 0 lines) ---
    -- Executing [9500@from-internal:3] ExecIf("SIP/121-00000012", "1?Set(__QUEUEWAIT=1392983970)") in new stack
    -- Executing [9500@from-internal:4] Set("SIP/121-00000012", "__NODEST=9500") in new stack
    -- Executing [9500@from-internal:5] Set("SIP/121-00000012", "QCIDPP=") in new stack
    -- Executing [9500@from-internal:6] Set("SIP/121-00000012", "VQ_CIDPP=") in new stack
    -- Executing [9500@from-internal:7] ExecIf("SIP/121-00000012", "0?Macro(prepend-cid,)") in new stack
    -- Executing [9500@from-internal:8] Set("SIP/121-00000012", "QAINFO=") in new stack
    -- Executing [9500@from-internal:9] Set("SIP/121-00000012", "VQ_AINFO=") in new stack
    -- Executing [9500@from-internal:10] ExecIf("SIP/121-00000012", "0?Set(__ALERT_INFO=)") in new stack
    -- Executing [9500@from-internal:11] Set("SIP/121-00000012", "QJOINMSG=ru/thank-you-for-calling&ru/razgovor-mozhet-byt-zapisan&ru/queue-callswaiting") in new stack
    -- Executing [9500@from-internal:12] Set("SIP/121-00000012", "VQ_JOINMSG=") in new stack
    -- Executing [9500@from-internal:13] Set("SIP/121-00000012", "QMOH=Radio") in new stack
    -- Executing [9500@from-internal:14] Set("SIP/121-00000012", "VQ_MOH=") in new stack
    -- Executing [9500@from-internal:15] ExecIf("SIP/121-00000012", "1?Set(__MOHCLASS=Radio)") in new stack
    -- Executing [9500@from-internal:16] Set("SIP/121-00000012", "QRETRY=") in new stack
    -- Executing [9500@from-internal:17] Set("SIP/121-00000012", "VQ_RETRY=") in new stack
    -- Executing [9500@from-internal:18] Set("SIP/121-00000012", "QOPTIONS=t") in new stack
    -- Executing [9500@from-internal:19] Set("SIP/121-00000012", "VQ_OPTIONS=") in new stack
    -- Executing [9500@from-internal:20] Set("SIP/121-00000012", "QGOSUB=") in new stack
    -- Executing [9500@from-internal:21] Set("SIP/121-00000012", "VQ_GOSUB=") in new stack
    -- Executing [9500@from-internal:22] Set("SIP/121-00000012", "QAGI=") in new stack
    -- Executing [9500@from-internal:23] Set("SIP/121-00000012", "VQ_AGI=") in new stack
    -- Executing [9500@from-internal:24] Set("SIP/121-00000012", "QRULE=") in new stack
    -- Executing [9500@from-internal:25] Set("SIP/121-00000012", "VQ_RULE=") in new stack
    -- Executing [9500@from-internal:26] Set("SIP/121-00000012", "QPOSITION=") in new stack
    -- Executing [9500@from-internal:27] Set("SIP/121-00000012", "VQ_POSITION=") in new stack
    -- Executing [9500@from-internal:28] Set("SIP/121-00000012", "__MIXMON_FORMAT=wav") in new stack
    -- Executing [9500@from-internal:29] Gosub("SIP/121-00000012", "sub-record-check,s,1(q,9500,always)") in new stack
    -- Executing [s@sub-record-check:1] Set("SIP/121-00000012", "REC_POLICY_MODE_SAVE=") in new stack
    -- Executing [s@sub-record-check:2] GotoIf("SIP/121-00000012", "1?check") in new stack
    -- Goto (sub-record-check,s,7)
    -- Executing [s@sub-record-check:7] Set("SIP/121-00000012", "__MON_FMT=wav") in new stack
    -- Executing [s@sub-record-check:8] GotoIf("SIP/121-00000012", "1?next") in new stack
    -- Goto (sub-record-check,s,11)
    -- Executing [s@sub-record-check:11] ExecIf("SIP/121-00000012", "0?Return()") in new stack
    -- Executing [s@sub-record-check:12] ExecIf("SIP/121-00000012", "1?Set(__REC_POLICY_MODE=always)") in new stack
    -- Executing [s@sub-record-check:13] GotoIf("SIP/121-00000012", "0?q,1") in new stack
    -- Executing [s@sub-record-check:14] Set("SIP/121-00000012", "__REC_STATUS=INITIALIZED") in new stack
    -- Executing [s@sub-record-check:15] Set("SIP/121-00000012", "NOW=1392983970") in new stack
    -- Executing [s@sub-record-check:16] Set("SIP/121-00000012", "__DAY=21") in new stack
    -- Executing [s@sub-record-check:17] Set("SIP/121-00000012", "__MONTH=02") in new stack
    -- Executing [s@sub-record-check:18] Set("SIP/121-00000012", "__YEAR=2014") in new stack
    -- Executing [s@sub-record-check:19] Set("SIP/121-00000012", "__TIMESTR=20140221-155930") in new stack
    -- Executing [s@sub-record-check:20] Set("SIP/121-00000012", "__FROMEXTEN=121") in new stack
    -- Executing [s@sub-record-check:21] Set("SIP/121-00000012", "__CALLFILENAME=q-9500-121-20140221-155930-1392983970.18") in new stack
    -- Executing [s@sub-record-check:22] Goto("SIP/121-00000012", "q,1") in new stack
    -- Goto (sub-record-check,q,1)
    -- Executing [q@sub-record-check:1] GosubIf("SIP/121-00000012", "1?recq,1(q,9500,121)") in new stack
    -- Executing [recq@sub-record-check:1] Set("SIP/121-00000012", "AUDIOHOOK_INHERIT(MixMonitor)=yes") in new stack
    -- Executing [recq@sub-record-check:2] Set("SIP/121-00000012", "MONITOR_FILENAME=2014/02/21/q-9500-121-20140221-155930-1392983970.18") in new stack
    -- Executing [recq@sub-record-check:3] MixMonitor("SIP/121-00000012", "2014/02/21/q-9500-121-20140221-155930-1392983970.18.wav,,") in new stack
    -- Executing [recq@sub-record-check:4] Set("SIP/121-00000012", "__REC_STATUS=RECORDING") in new stack
    -- Executing [recq@sub-record-check:5] Set("SIP/121-00000012", "CDR(recordingfile)=q-9500-121-20140221-155930-1392983970.18.wav") in new stack
    -- Executing [recq@sub-record-check:6] Return("SIP/121-00000012", "") in new stack
    -- Executing [q@sub-record-check:2] Return("SIP/121-00000012", "") in new stack
    -- Executing [9500@from-internal:30] Set("SIP/121-00000012", "__CFIGNORE=TRUE") in new stack
    -- Executing [9500@from-internal:31] Set("SIP/121-00000012", "__FORWARD_CONTEXT=block-cf") in new stack
  == Begin MixMonitor Recording SIP/121-00000012
    -- Executing [9500@from-internal:32] ExecIf("SIP/121-00000012", "1?Playback(ru/thank-you-for-calling&ru/razgovor-mozhet-byt-zapisan&ru/queue-callswaiting, )") in new stack
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028598, ts 000160, len 000160)
    -- <SIP/121-00000012> Playing 'ru/thank-you-for-calling.slin' (language 'ru')
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028599, ts 000320, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028600, ts 000480, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028601, ts 000640, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028602, ts 000800, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028603, ts 000960, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028604, ts 001120, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028605, ts 001280, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028606, ts 001440, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028607, ts 001600, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028608, ts 001760, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028609, ts 001920, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028610, ts 002080, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028611, ts 002240, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028612, ts 002400, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028613, ts 002560, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028614, ts 002720, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028615, ts 002880, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028616, ts 003040, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028617, ts 003200, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028618, ts 003360, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028619, ts 003520, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028620, ts 003680, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028621, ts 003840, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028622, ts 004000, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028623, ts 004160, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028624, ts 004320, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028625, ts 004480, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028626, ts 004640, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028627, ts 004800, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028628, ts 004960, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028629, ts 005120, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028630, ts 005280, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028631, ts 005440, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028632, ts 005600, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028633, ts 005760, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028634, ts 005920, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028635, ts 006080, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028636, ts 006240, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028637, ts 006400, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028638, ts 006560, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028639, ts 006720, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028640, ts 006880, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028641, ts 007040, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028642, ts 007200, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028643, ts 007360, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028644, ts 007520, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028645, ts 007680, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028646, ts 007840, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028647, ts 008000, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028648, ts 008160, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028649, ts 008320, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028650, ts 008480, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028651, ts 008640, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028652, ts 008800, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028653, ts 008960, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028654, ts 009120, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028655, ts 009280, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028656, ts 009440, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028657, ts 009600, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028658, ts 009760, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028659, ts 009920, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028660, ts 010080, len 000160)
Sent RTP packet to      192.168.1.3(внутренний клиента):5062 (type 00, seq 028661, ts 010240, len 000160)
Код
vmexten=*97
faxdetect=yes
context=from-sip-external
callerid=Unknown
notifyringing=yes
notifyhold=yes
tos_sip=cs3
tos_audio=ef
tos_video=af41
alwaysauthreject=yes
useragent=FPBX-2.11.0(11.7.0)
disallow=all
allow=ulaw
allow=alaw
allow=gsm
allow=g722
allow=g729
allow=h264
allow=h263p
allow=h263
alwaysauthreject=yes
tcpenable=yes
language=ru
accept_outofcall_message=yes
outofcall_message_context=messages
auth_message_requests=no
callevents=no
language=ru
jbenable=no
defaultexpiry=120
allowguest=no
srvlookup=no
minexpiry=60
maxexpiry=3600
registerattempts=0
registertimeout=20
notifyhold=yes
rtpkeepalive=0
g726nonstandard=no
videosupport=yes
maxcallbitrate=384
canreinvite=no
rtptimeout=30
rtpholdtimeout=300
notifyringing=yes
checkmwi=10
nat=no
externip=XX.XXX.XX.XX
localnet=192.168.100.0/255.255.255.0
Код
[general]
rtpstart=15000
rtpend=16000
Код
[121]
deny=0.0.0.0/0.0.0.0
secret=XXXXX
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=yes
port=5060
qualify=yes
qualifyfreq=60
transport=tcp,udp,tls
avpf=no
icesupport=no
encryption=no
callgroup=
pickupgroup=
dial=SIP/121
mailbox=121@default
permit=0.0.0.0/0.0.0.0
callerid=test exten <121>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic
конфиг циски
Код
Result of the command: "sh run"

: Saved
:
ASA Version 9.1(1) 
!
terminal width 200
hostname msk-co-gw1
domain-name rg.ru
enable password dd encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd dd encrypted
names
!
interface Ethernet0/0
 speed 100
 nameif outside
 security-level 0
 ip address 95.DD.DD.33 255.255.255.224 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.10.10.1 255.255.255.248 
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.118.6 255.255.255.0 
!
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone MSK 4
clock summer-time MSK/MDD recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.100.4
 domain-name fd.ru
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network inside-net
 subnet 192.168.100.0 255.255.255.0
object network Mail-Int
 host 192.168.100.3
object network Mail-Int-smtp
 host 192.168.100.3
object network Mail-Int-pop3
 host 192.168.100.3
object network Mail-Int-pop3s
 host 192.168.100.3
object network Mail-Int-https
 host 192.168.100.3
object network Mail-Int-http
 host 192.168.100.3
object network Mail-Int-imap4
 host 192.168.100.3
object network Mail-Int-imap4s
 host 192.168.100.3
object network Mail-Int-SMTP_ssl
 host 192.168.100.3
object network Mail-Int-ldap
 host 192.168.100.3
object network Mail-Int-ldaps
 host 192.168.100.3
object network andrey
 host 192.168.100.100
object service SMTP_ssl
 service tcp source eq 587 destination eq 587 
object service imap4s
 service tcp source eq 993 destination eq 993 
object service pop3s
 service tcp source eq 995 destination eq 995 
object network 2-Nets
 subnet 192.168.96.0 255.255.240.0
object network 1-Nets
 subnet 172.16.20.0 255.255.255.0
object network Gu-Nets
 subnet 192.168.1.0 255.255.255.0
object network Cl_Bank
 host 192.168.100.163
object network Sip
 host 192.168.100.102
object service ports-10000
object network Sip_SSH
 host 192.168.100.102
object network Sip_889
 host 192.168.100.102
object service tcp_5060
 service tcp source eq sip destination eq sip 
object service udp_5060
 service udp source eq sip destination eq sip 
object network Sip_tcp_5060
 host 192.168.100.102
object network sip_tcp_rtp
object network sip_udp
 host 192.168.100.102
object service sip_udp_rtp
 service udp source range 15000 16000 destination range 15000 16000 
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit icmp any4 host 192.168.100.3 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq smtp log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq https log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq 8100 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq pop3 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq ldap log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq ldaps log disable 
access-list outside_access_in extended permit ip any host 192.168.100.3 inactive 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq imap4 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq 587 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq 993 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq www log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq 995 log disable 
access-list outside_access_in extended permit tcp any host 192.168.100.3 eq domain inactive 
access-list outside_access_in extended permit tcp any host 192.168.100.102 eq ssh 
access-list outside_access_in extended permit tcp any host 192.168.100.102 eq www 
access-list outside_access_in extended permit object-group TCPUDP any host 192.168.100.102 eq sip 
access-list outside_access_in extended permit object sip_udp_rtp any host 192.168.100.102 
access-list global_mpc extended permit tcp any4 any4 object-group DM_INLINE_TCP_1 
access-list global_mpc_1 extended permit tcp any4 any4 object-group DM_INLINE_TCP_2 
access-list inside_access_in extended permit tcp object Mail-Int any eq smtp log debugging 
access-list inside_access_in extended permit tcp object Cl_Bank any eq smtp log debugging 
access-list inside_access_in extended deny tcp any any eq smtp 
access-list inside_access_in extended permit ip any any log disable 
access-list rosgeolog-iteco extended permit ip 192.168.96.0 255.255.224.0 172.16.20.0 255.255.255.0 
access-list rosgeolog-gu extended permit ip 192.168.96.0 255.255.224.0 192.168.1.0 255.255.255.0 
no pager
logging enable
logging monitor debugging
logging asdm informational
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
flow-export destination inside 192.168.100.152 9996
flow-export template timeout-rate 1
flow-export delay flow-create 15
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-712.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static 2-Nets 2-Nets destination static 1-Nets 1-Nets no-proxy-arp route-lookup
nat (inside,outside) source static 2-Nets 2-Nets destination static Gu-Nets Gu-Nets no-proxy-arp route-lookup
nat (inside,outside) source static Sip interface service sip_udp_rtp sip_udp_rtp
!
object network obj_any
 nat (inside,outside) dynamic interface
object network Mail-Int
 nat (inside,outside) static interface service tcp 8100 8100 
object network Mail-Int-smtp
 nat (inside,outside) static interface service tcp smtp smtp 
object network Mail-Int-pop3
 nat (inside,outside) static interface service tcp pop3 pop3 
object network Mail-Int-pop3s
 nat (inside,outside) static interface service tcp 995 995 
object network Mail-Int-https
 nat (inside,outside) static interface service tcp https https 
object network Mail-Int-http
 nat (inside,outside) static interface service tcp www www 
object network Mail-Int-imap4
 nat (inside,outside) static interface service tcp imap4 imap4 
object network Mail-Int-imap4s
 nat (inside,outside) static interface service tcp 993 993 
object network Mail-Int-SMTP_ssl
 nat (inside,outside) static interface service tcp 587 587 
object network Mail-Int-ldap
 nat (inside,outside) static interface service tcp ldap ldap 
object network Mail-Int-ldaps
 nat (inside,outside) static interface service tcp ldaps ldaps 
object network Sip_SSH
 nat (inside,outside) static interface service tcp ssh 622 
object network Sip_889
 nat (inside,outside) static interface service tcp www 889 
object network Sip_tcp_5060
 nat (inside,outside) static interface service tcp sip sip 
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 95.140.24.33 1
route outside 192.168.1.0 255.255.255.0 95.140.24.33 1
route inside 192.168.96.0 255.255.224.0 10.10.10.2 1
route management 192.168.104.0 255.255.255.0 192.168.118.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.100.0 255.255.255.0 inside
http 192.168.118.0 255.255.255.0 management
http 192.168.104.0 255.255.255.0 management
snmp-server host inside 192.168.100.152 community ***** udp-port 161
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES esp-3des esp-sha-hmac 
crypto ipsec security-association pmtu-aging infinite
crypto map MAP 5 match address rosgeolog-gu
crypto map MAP 5 set peer 37.FF.RR.333 
crypto map MAP 5 set ikev1 transform-set ESP-3DES
crypto map MAP 10 match address rosgeolog-iteco
crypto map MAP 10 set peer 95.FF.RR.333 
crypto map MAP 10 set ikev1 transform-set ESP-3DES
crypto map MAP interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 100
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.118.0 255.255.255.0 management
ssh 192.168.100.0 255.255.255.0 management
ssh 192.168.104.0 255.255.255.0 management
ssh timeout 10
ssh version 2
console timeout 0
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp authenticate
ntp server 62.117.76.140 source outside
ntp server 62.117.76.141 source outside
ntp server 62.117.76.142 source outside prefer
ntp server 10.10.10.2
tunnel-group 95.FF.RR.333 type ipsec-l2l
tunnel-group 95.FF.RR.333 ipsec-attributes
 ikev1 pre-shared-key *****
tunnel-group 37.FF.RR.333 type ipsec-l2l
tunnel-group 37.FF.RR.333 ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map global-class
 match access-list global_mpc_1
class-map inspection_default
 match default-inspection-traffic
class-map global-class1
 description flow_export_class
 match any
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map type inspect sip 1111
 parameters
  max-forwards-validation action drop log
policy-map global_policy
 description flow_export
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect sunrpc 
  inspect xdmcp 
  inspect netbios 
  inspect tftp 
  inspect ip-options 
  inspect icmp 
  inspect icmp error 
  inspect esmtp 
 class global-class
  csc fail-close
 class global-class1
  flow-export event-type all destination 192.168.100.152
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:9a0f4c1afb14523c9584a9a86e3cbfec
: end
0
QA
Эксперт
41792 / 34177 / 6122
Регистрация: 12.04.2006
Сообщений: 57,940
24.02.2014, 13:38
Ответы с готовыми решениями:

Cisco ASA-5505 + Cisco AnyConnect + интернет от Megafon
Здравствуйте, коллеги! Подскажите пожалуйста, где рыть? Ситуация: в СПб стоит настроенная Cisco...

Есть ли Cisco Feature Navigator, для Cisco ASA?
Добрый день. Меня интересует вопрос, есть ли Cisco Feature Navigator, для Cisco ASA? Необходимо...

Cisco ASA<->Cisco Router L2L VPN
Добрый день. Столкнулся с проблемой - не поднимается туннель между ASAv4 и R. Между ASAv4 и ASAv5 -...

Cisco 1841 + QoS + RTP непонятная работа
Добрый день уважаемые форумчане, а кому и не день, а ночь =). Прошу помочь с разъяснение работы...

Торрент трафик на ASA
Добрый день! Подскажите, как можно закрыть торрент трафик? Может кто-то что-то реализовал подобное?

2
contik
1 / 0 / 0
Регистрация: 30.05.2013
Сообщений: 4
03.06.2014, 14:22 2
Привет!

так включи в ASDM лог и посмотри, кто и куда из пакетов ломится! =)
0
whoim
7 / 7 / 1
Регистрация: 27.02.2013
Сообщений: 148
03.06.2014, 14:24  [ТС] 3
contik, привет! Дела давно минувших дней, театр одного админа )
0
Answers
Эксперт
37091 / 29110 / 5898
Регистрация: 17.06.2006
Сообщений: 43,301
03.06.2014, 14:24

Cisco ASA CX
Привет всем. А на ASA CX уже установлен Prime Manager, или его надо отдельно приобретать? В гугле...

Cisco ASA-SM
Доброго времени суток! Необходимо руководство по монтажу сервисного модуля asa 55xx серии....

CISCO ASA и порты
Здравствуйте, уважаемые сисадмины, создавал подобную тему на другом форуме, посему займусь...


Искать еще темы с ответами

Или воспользуйтесь поиском по форуму:
3
Ответ Создать тему
Опции темы

КиберФорум - форум программистов, компьютерный форум, программирование
Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Рейтинг@Mail.ru