<div>Stu, </div>
<div>Thank you for the reply, I use windows 2003 DHCP server for my phones in LAN but I can get my outside phone connect to CCM through internet. Do you have IP phones connect to your CCM through internet without using VPN?
</div>
<div> </div>
<div>Thanks,</div>
<div>Manoj</div>
<div> <br><br> </div>
<div><span class="gmail_quote">On 9/9/06, <b class="gmail_sendername">Stu Packett</b> <<a href="mailto:SPackett@fenwick.com">SPackett@fenwick.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>
<div>
<div dir="ltr" align="left"><span><font face="Tahoma" color="#0000ff" size="2">Manoj:<br>Is your PIX giving out DHCP addresses? On my PIX 501, I have it setup as a DHCP server and these are my DHCP commands:</font></span>
</div>
<div dir="ltr" align="left"><span><font face="Tahoma" color="#0000ff" size="2"></font></span> </div>
<div dir="ltr" align="left"><span><font face="Tahoma" color="#0000ff" size="2">dhcpd address xxx.xxx.xxx.xxx<br>dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx<br>dhcpd wins xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx<br>dhcpd lease 36000
<br>dhcpd ping_timeout 750<br>dhcpd domain <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://internaldomain.com/" target="_blank">internaldomain.com</a><br>dhcpd option 150 ip xxx.xxx.xxx.xxx <--TFTP address
<br>dhcpd enable inside</font></span></div><br>
<div lang="en-us" dir="ltr" align="left">
<hr>
<font face="Tahoma" size="2"><b>From:</b> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">
cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Manoj Kalpage<br><b>Sent:</b> Friday, September 08, 2006 4:18 AM<br><b>To:</b> <a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:cisco-voip@puck.nether.net" target="_blank">
cisco-voip@puck.nether.net</a><br><b>Subject:</b> [cisco-voip] Internet IP phone connect through PIX Firewall<br></font><br> </div></div>
<div><span class="q">
<div></div>Hi All,<br>Does any one has configured PIX firewall to connect internet IP phones to Call Manager. I have configure firewall to open all the port which CCM need but still no luck. Bellow is the config of my PIX. Am i missing anything?
<br><font face="Arial" color="#000000" size="2"><br>Here is the link I refered to open the TCP and UDP Ports<br><br><a title="http://www.cisco.com/application/pdf/en/us/guest/products/ps5820/c1693/ccmigration_09186a0080536eae.pdf" onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.cisco.com/application/pdf/en/us/guest/products/ps5820/c1693/ccmigration_09186a0080536eae.pdf" target="_blank">
http://www.cisco.com/application/pdf/en/us/guest/products/ps5820/c1693/ccmigration_09186a0080536eae.pdf</a><br><br></font>Thank you in advance.<br>Manoj<br><br>:<br>PIX Version 6.3(5)<br>interface ethernet0 auto<br>interface ethernet1 auto
<br>nameif ethernet0 outside security0<br>nameif ethernet1 inside security100<br>enable password u2zabJUOK.TTL3K1 encrypted<br>passwd 1P5CrRl.dL8Oe4k2 encrypted<br>hostname PBXLPIX01<br>domain-name <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://pbxl.jp/" target="_blank">
pbxl.jp</a><br></span></div>
<div><span class="e" id="q_10d8e4d6072ddc6a_2">clock timezone JST 9<br>fixup protocol dns maximum-length 512<br>fixup protocol ftp 21<br>fixup protocol h323 h225 1720<br>fixup protocol h323 ras 1718-1719<br>fixup protocol http 80
<br>fixup protocol pptp 1723 <br>fixup protocol rsh 514<br>fixup protocol rtsp 554<br>fixup protocol sip 5060<br>fixup protocol sip udp 5060<br>fixup protocol skinny 2000<br>fixup protocol smtp 25<br>fixup protocol snmp 161
<br>fixup protocol sqlnet 1521 <br>fixup protocol tftp 69<br>names<br>object-group service outbound-tcp tcp<br> port-object eq www<br> port-object eq https<br> port-object eq smtp<br> port-object eq ftp<br> port-object eq pop3
<br> port-object eq imap4 <br> port-object eq domain<br> port-object eq 123<br> port-object eq ssh<br> port-object eq citrix-ica<br>object-group service outbound-udp udp<br> port-object eq domain<br> port-object eq ntp
<br>object-group service mail-inbound tcp <br> port-object eq www<br> port-object eq https<br> port-object eq smtp<br>object-group service VoIP-udp udp<br> port-object range 16384 32768<br> port-object eq tftp<br>object-group service VoIP-tcp tcp
<br> port-object eq 3804 <br> port-object eq 2443<br> port-object eq 2000<br> port-object eq www<br> port-object eq 69<br> port-object eq https<br></span></div>
<div>access-list 102 permit tcp <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> any object-group VoIP-tcp<br>access-list 102 permit udp <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> any object-group VoIP-udp<br>access-list 102 permit tcp <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> any object-group outbound-tcp<br>access-list 102 permit udp <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> any object-group outbound-udp <br>access-list 101 permit tcp any host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.195/" target="_blank">210.81.12.195</a> object-group mail-inbound
<br>access-list 101 permit tcp any host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.196/" target="_blank">210.81.12.196</a> object-group VoIP-tcp <br>access-list 101 permit udp any host
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.196/" target="_blank">210.81.12.196</a> object-group VoIP-udp<br>access-list 101 permit tcp any host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.197/" target="_blank">
210.81.12.197</a> object-group VoIP-tcp<br>access-list 101 permit udp any host <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.197/" target="_blank">210.81.12.197</a> object-group VoIP-udp
</div>
<div><span class="q"><br>pager lines 24<br>logging on<br>logging trap informational<br>logging host inside <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.26/" target="_blank">172.16.0.26</a>
<br></span></div>
<div><span class="q">logging host inside <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.12/" target="_blank">172.16.0.12</a><br></span></div>
<div><span class="q">icmp permit any unreachable outside<br>icmp permit any outside<br>mtu outside 1500<br>mtu inside 1500<br>ip address outside xxx.xxx.xxx.xxx <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.240/" target="_blank">
255.255.255.240</a><br></span></div>
<div>ip address inside <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.2/" target="_blank">172.16.0.2</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a></div>
<div><span class="q"><br>ip audit info action alarm<br>ip audit attack action alarm <br>ip local pool pbxlpool 10.1.0.100-10.1.0.200<br></span></div>
<div>pdm locationxxx.xxx.xxx.xxx <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255</a> outside</div>
<div><span class="q"><br>pdm history enable<br>arp timeout 14400<br>global (outside) 1 interface<br>nat (inside) 0 access-list VPNREMOTE <br></span></div>
<div>nat (inside) 1 <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> 0 0<br>static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255 </a>0 1000<br>
static (inside,outside) xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255</a> 0 1000<br>static (inside,outside)
xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">255.255.255.255</a> 0 1000</div>
<div><span class="q"><br>access-group 101 in interface outside<br>access-group 102 in interface inside<br></span></div>
<div>route outside <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">0.0.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">
0.0.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.81.12.193/" target="_blank">210.81.12.193</a> 1</div>
<div><span class="q"><br>timeout xlate 3:00:00<br>timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00<br>timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00<br>timeout sip-disconnect 0:02:00 sip-invite 0:03:00
<br>timeout uauth 0:05:00 absolute<br>aaa-server TACACS+ protocol tacacs+<br>aaa-server TACACS+ max-failed-attempts 3<br>aaa-server TACACS+ deadtime 10<br>aaa-server RADIUS protocol radius<br>aaa-server RADIUS max-failed-attempts 3
<br>aaa-server RADIUS deadtime 10<br>aaa-server LOCAL protocol local<br><br>aaa authentication ssh console LOCAL<br><br></span></div>
<div>http <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.12/" target="_blank">172.16.0.12</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">
255.255.255.255</a> inside</div>
<div><span class="q"><br>snmp-server host inside <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.12/" target="_blank">172.16.0.12</a><br></span></div>
<div><span class="q">snmp-server location pbxl-pix-datacentre<br><br>snmp-server community pbxl<br>snmp-server enable traps<br>floodguard enable<br><br></span></div>
<div>telnet <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> inside<br>telnet <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.0.0/" target="_blank">192.168.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">
255.255.255.0</a> inside<br>telnet timeout 60 <br>ssh <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://210.101.94.211/" target="_blank">210.101.94.211</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">
255.255.255.255</a> outside<br>ssh <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">0.0.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://0.0.0.0/" target="_blank">
0.0.0.0</a> outside<br>ssh <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.12/" target="_blank">172.16.0.12</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.255/" target="_blank">
255.255.255.255</a> inside<br>ssh <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://172.16.0.0/" target="_blank">172.16.0.0</a> <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.0.0/" target="_blank">
255.255.0.0</a> inside<br>ssh <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.1.0/" target="_blank">192.168.1.0 </a><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://255.255.255.0/" target="_blank">
255.255.255.0</a> inside</div>
<div><span class="q"><br>ssh timeout 60<br>console timeout 0<br>PBXLPIX01(config)#<br>PBXLPIX01(config)#<br><br><br></span></div>
<div></div></div></blockquote></div><br>