Friday, August 24, 2012

Cisco CME with ATA186 using FAX Pass Through mode

This finally worked after getting a bad ATA the first time round that would not respond to https. The first thing you want to do is point your browser to the ATAs IP address (https://IPAddr/dev) and make the following changes:

I configured ATA with static IP address and disabled TFTP.

Network Parameters

Audio Parameters

On the CME I had the fax DID number 5552496501 first get translated to extension 101 using a profile. With the usual suspects of dial-peers and ephones referencing 101, the Fax call is placed to port 1 (determined by the MAC address) of the ATA.

CME Configs
voice service voip
  modem passthrough nse codec g711ulaw

voice translation-rule 9

 rule 1 /^55522672\(..\)$/ /1\1/
 rule 3 /^5552496501/ /101/  <---Fax number. Translates to 101

voice translation-profile SIP_IN

 translate calling 3
 translate called 9 <--Incoming SIP calls

tftp-server flash:ATA030203SCCP051201A.zup

dial-peer voice 101 voip

 destination-pattern 101
 modem passthrough nse codec g711ulaw
 session target ipv4:
 codec g711ulaw
 fax rate disable
 no vad


 load ata ATA030203SCCP051201A.zup

ephone-dn  101

 number 101

ephone  28

 device-security-mode none
 mac-address 001D.4595.6401 <--MAC Address of Port 1 on ATA
 max-calls-per-button 2
 type ata
 button  1:101

Saturday, August 11, 2012

Cisco 3560X License Update

We initially received wrong licenses from Cisco to upgrade the feature on our 3560X switches from ipbase to ipservices - we only realize this when we installed the .lic file. This is what we got:

Switch#sh license udi
Device#   PID                   SN              UDI
*0        WS-C3560X-48T-S       FDO1520P0KG     WS-C3560X-48T-S:FDO1520P0KG

A wrongly generated .lic file from Cisco:

Switch#license install flash:FDO1520P0KG_20110622144858347.lic

Installing licenses from "flash:FDO1520P0KG_20110622144858347.lic"
% Error: Install failed. UDI L-C3560X-LIC=:FDO1520P0KG on license does not match any device
0/1 licenses were successfully installed
0/1 licenses were existing licenses
1/1 licenses were failed to install

In order to correct this just send an email to with the PID and UDI to have them correct this. Then install as follows:

Copy the license to the flash and run the license install command.

Switch#copy tftp flash:
Address or name of remote host []?
Source filename [FDO1520P0KG_20110622144858347.lic]? FDO1520P0KG_20110622174501853.lic
Destination filename [FDO1520P0KG_20110622174501853.lic]?
Accessing tftp://
Loading FDO1520P0KG_20110622174501853.lic from (via Vlan1): !
[OK - 1160 bytes]

1160 bytes copied in 8.204 secs (141 bytes/sec)

Switch#license install flash:FDO1520P0KG_20110622174501853.lic

Installing licenses from "flash:FDO1520P0KG_20110622174501853.lic"
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install


*Mar  1 00:10:29.657: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Module name = c3560x Next reboot level = ipservices and License = ipservices
*Mar  1 00:10:30.118: %LICENSE-6-INSTALL: Feature ipservices 1.0 was installed in this device. UDI=WS-C3560X-48T-S:FDO1520P0KG; StoreIndex=1:Primary License Storage

Switch#sh license feature

Feature name      Enforcement  Evaluation  Clear Allowed  Enabled
ipservices               yes             yes                yes            yes
ipbase                   yes              no                 yes            no
lanbase                  no               no                 yes            no

Switch#sh license all

License Store: Primary License Storage
StoreIndex: 0   Feature: ipbase                            Version: 1.0
        License Type: Permanent
        License State: Active, Not in Use
        License Priority: Medium
        License Count: Non-Counted

StoreIndex: 1   Feature: ipservices                        Version: 1.0

        License Type: Permanent
        License State: Active, In Use
        License Priority: Medium
        License Count: Non-Counted

License Store: Evaluation License Storage

StoreIndex: 0   Feature: ipservices                        Version: 1.0
        License Type: Evaluation
        License State: Inactive
            Evaluation total period: 8  weeks 4  days
            Evaluation period left: 8  weeks 4  days
        License Priority: None
        License Count: Non-Counted

Cisco ASA Management over VPN Client

Here is an example of a working configuration on version 8.4 to manage (via ssh and http or ASDM) a Cisco ASA over a VPN client.

interface GigabitEthernet0/0

 nameif untrust
 security-level 0
 ip address
interface GigabitEthernet0/1
 nameif trust
 security-level 100
 ip address

ip local pool vpnpool mask

management-access trust

nat (trust,untrust) source static destination static route-lookup

ssh trust

http trust

This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!