VOIP policy map restricts http and Term Service Traffic - Need Resolution

Discussion in 'Cisco' started by Andrew Albert, Feb 8, 2005.

  1. This is my first time at trying to tune VOIP, and I could use a little
    bit of advice.... I have altered the config of the 2600 series router
    using suggestions from Cisco's site... The problem is that with class
    VoIPovFR enabled on s0/0.1 inbound http and Windows Terminal services
    are unable to connect..... If I remove class VoIPovFR from s0/0.1 then
    it all works again. Any pointers on how to make this work properly
    would be appreciated - and any suggestions on improving the VOIP
    performance would also be appreciated.

    Regards,

    Andy


    ------ -Config from offending Router --------------------



    !
    ! Last configuration change at 23:41:06 UTC Mon Feb 7 2005
    ! NVRAM config last updated at 22:38:33 UTC Mon Feb 7 2005
    !
    version 12.3
    no service pad
    service timestamps debug datetime localtime show-timezone
    service timestamps log datetime localtime show-timezone
    no service password-encryption
    !
    hostname nyc_router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 10000 debugging
    no logging console
    enable password sterility
    !
    clock timezone UTC -5
    clock summer-time UTC recurring
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    ip domain name ourcompany.com
    ip name-server 205.12.1.1
    ip dhcp excluded-address 10.0.0.1 10.0.0.99
    ip dhcp excluded-address 10.0.0.200 10.0.0.254
    !
    ip dhcp pool 100
    network 10.0.0.0 255.255.255.0
    default-router 10.0.0.1
    dns-server 10.0.0.4 205.12.1.1
    !
    ip audit po max-events 100
    ip audit name INFO4U info action alarm
    ip audit name ATTACK4U attack action alarm
    vpdn enable
    !
    !
    !
    !
    voice call carrier capacity active
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    class-map match-all voice-signaling
    match access-group 106
    class-map match-any http-hacks
    match protocol http url "*readme.eml*"
    match protocol http url "*.ida*"
    match protocol http url "*cmd.exe*"
    match protocol http url "*root.exe*"
    match protocol http url "*default.ida*"
    match protocol http url "*x.ida*"
    match protocol http url "*_vti_bin*"
    match protocol http url "*_mem_bin*"
    match protocol http mime "*readme.exe*"
    match protocol http mime "*readme.eml*"
    match protocol http url "*54321.html*"
    class-map match-all voice
    match access-group 105
    !
    !
    policy-map VOIP
    class voice
    priority 64
    class class-default
    fair-queue
    policy-map mark-inbound-http-hacks
    class http-hacks
    set ip dscp 1
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address 10.0.0.1 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    priority-group 1
    !
    interface Serial0/0
    description to LOCALISP
    bandwidth 768
    no ip address
    no ip redirects
    no ip proxy-arp
    encapsulation frame-relay IETF
    no ip mroute-cache
    service-module t1 timeslots 12-23
    frame-relay traffic-shaping
    frame-relay lmi-type ansi
    !
    interface Serial0/0.1 point-to-point
    bandwidth 768
    ip address 207.19.124.254 255.255.255.252
    ip nat outside
    frame-relay interface-dlci 886 IETF
    class VoIPovFR
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    ip nat pool ovrld 207.19.124.254 207.19.124.254 prefix-length 24
    ip nat inside source list 7 pool ovrld overload
    ip nat inside source static tcp 10.0.0.25 25 207.19.124.249 25
    extendable
    ip nat inside source static 10.0.0.250 207.19.124.250
    ip nat inside source static tcp 10.0.0.25 22 207.19.124.249 22
    extendable
    ip nat inside source static tcp 10.0.0.25 9090 207.19.124.249 9090
    extendable
    ip nat inside source static tcp 10.0.0.4 80 207.19.124.249 80
    extendable
    ip nat inside source static tcp 10.0.0.4 3389 207.19.124.249 3389
    extendable
    ip nat inside source static tcp 10.0.0.2 110 207.19.124.249 110
    extendable
    no ip http server
    no ip http secure-server
    ip classless
    ip route 0.0.0.0 0.0.0.0 207.19.124.253
    !
    !
    !
    map-class frame-relay VoIPovFR
    frame-relay cir 128000
    frame-relay bc 1280
    frame-relay be 0
    frame-relay mincir 64000
    service-policy output VOIP
    frame-relay fragment 1000
    access-list 7 permit 10.0.0.0 0.0.0.255
    access-list 10 permit 10.0.0.250
    access-list 11 permit 10.0.0.4
    access-list 12 permit 10.0.0.2
    access-list 25 permit 10.0.0.25
    access-list 103 permit ip any any dscp cs1
    access-list 103 permit ip any any dscp af13
    access-list 103 permit ip any any dscp cs1 log
    access-list 103 permit ip any any dscp af13 log
    access-list 104 remark - Outbound passthrough for priority-list ping
    access-list 104 permit icmp any any
    access-list 105 permit ip any any dscp ef
    access-list 105 permit udp any any range 16384 32767
    access-list 105 permit ip any any precedence critical
    access-list 106 permit tcp any eq 1720 any
    access-list 106 permit tcp any any eq 1720
    access-list 106 permit tcp any eq 5060 any
    access-list 106 permit tcp any any eq 5060
    access-list 106 permit udp any eq 5060 any
    access-list 106 permit udp any any eq 5060
    priority-list 1 protocol ip high list 10
    priority-list 1 protocol ip high udp 5060
    priority-list 1 protocol ip high tcp 5298
    priority-list 1 protocol ip high udp 5298
    priority-list 1 protocol ip high udp 5678
    priority-list 1 protocol ip high udp 5363
    priority-list 1 protocol ip high list 11
    priority-list 1 protocol ip low list 12
    priority-list 1 protocol ip high tcp 22
    priority-list 1 protocol ip high tcp telnet
    priority-list 1 protocol ip medium tcp pop3
    priority-list 1 protocol ip normal tcp smtp
    priority-list 1 protocol ip medium tcp domain
    priority-list 1 protocol ip medium udp domain
    priority-list 1 protocol ip medium tcp www
    priority-list 1 protocol ip normal list 25
    priority-list 1 protocol ip medium tcp 443
    priority-list 1 protocol ip medium list 104
    priority-list 1 protocol ip normal tcp ftp
    priority-list 1 protocol ip high tcp 5060
    priority-list 1 protocol ip high udp 4569
    priority-list 1 protocol ip high udp 5004
    priority-list 1 protocol ip high udp 5036
    priority-list 1 protocol ip normal tcp 9090
    priority-list 1 default low
    !
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    !
    line con 0
    password sterile
    login
    transport preferred none
    line aux 0
    password sterile
    login
    transport preferred none
    line vty 0 4
    password sterile
    login
    transport preferred none
    !
    ntp clock-period 17179453
    ntp server 198.72.72.10
    ntp server 131.144.4.9
    !
    end
    Andrew Albert, Feb 8, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jason Allen

    Cisco 837 and policy-map for VOIP

    Jason Allen, Apr 15, 2005, in forum: Cisco
    Replies:
    6
    Views:
    4,545
  2. Replies:
    1
    Views:
    675
  3. TH O

    TSA restricts lithium batteries on airplanes

    TH O, Dec 29, 2007, in forum: Digital Photography
    Replies:
    156
    Views:
    3,021
    ASAAR
    Jan 16, 2008
  4. Geoffrey Sinclair

    Policy map using policy map

    Geoffrey Sinclair, Jul 27, 2009, in forum: Cisco
    Replies:
    1
    Views:
    506
    bod43
    Jul 27, 2009
  5. milan_9211

    HTTP SOAP/HTTP GET/HTTP POST

    milan_9211, Jan 10, 2011, in forum: Software
    Replies:
    0
    Views:
    3,057
    milan_9211
    Jan 10, 2011
Loading...

Share This Page