ASA raw data capture

by Leave a Comment

Recently when replacing an ASA5510 with a new ASA5545X, I noticed the nat was not working for a couple public ips. I used the following command to capture any packets attempting to hit that ip. The problem ended up being an arp cache issue that had to involve the provider. Something to keep in mind with fiber services – the device on site is not a layer 3 device, it only converts fiber to copper. The device that needed to be flushed was at the provider end, miles away.

cap o type raw-data int OUTSIDE match ip any host 60.33.70.69

show cap

ASA X series IPS

by Leave a Comment

I recently configured one of the new software IPS modules in an ASA X series firewall and after the initial setup, I could not access the IPS module from ASDM or from IME (IPS Management Express). I found that there are two requirements before the IPS will talk.

1. If the IPS ip address is on a different subnet than the management network (192.168.1.0 by default), you’ll need to issue “no nameif” on the Management0/0 interface

2. Even if you decide not to use the Management0/0 for ASA management, it must be in an UP and UP state, so you’ll need to connect it to your switch.

application dial rules

by Leave a Comment

The problem with dialing from Cisco Jabber is that contacts that are synced from Outlook and/or AD need to be dialed from both Jabber and Mobile phones.

Instead of adding a “9” or pstn prefix to your Outlook contacts or in Active Directory, CUCM can automatically prepend your PSTN prefix when dialing from Jabber.

First, add the application dial rules in CUCM under Call Routing, Dial Rules, Application Dial Rules – Notice “Number Begins With” is blank

Next, you’ll need to grab the file “cmterm-cupc-dialrule-wizard-0.1.cop.sgn” from the Jabber for Windows admin pack, upload to your CUCM cluster and restart tftp services.

simple qos policy-map

by Leave a Comment

class-map match-all Voice
match ip dscp ef
match protocol rtp
class-map match-any Signaling
match protocol h323
match protocol rtcp
match protocol rtsp
match protocol sip
match protocol skinny
!
policy-map QoS-Policy-1
class Voice
set dscp ef
priority percent 30
class Signaling
set dscp cs3
bandwidth percent 5
class class-default
fair-queue

interface Outside
bandwidth xxxxxx <– be sure to define bandwidth kilobits
service-policy output QoS-Policy-1

sip profiles

by Leave a Comment

TRIAD Telecom Specific Settings

voice class sip-profiles 1
request INVITE sip-header Allow-Header modify “.UPDATE,.” “..”
request REINVITE sip-header Allow-Header modify “.UPDATE,.” “..”
response 200 sip-header Allow-Header modify “.UPDATE,.” “..”
response 180 sip-header Allow-Header modify “.UPDATE,.” “..”

WINDSTREAM Specific Settings – (where 22.33.44.55 is local sip handoff)

sip
pass-thru content sdp

voice class sip-profiles 1
request INVITE sip-header Allow-Header modify “.UPDATE,.” “..”
request REINVITE sip-header Allow-Header modify “.UPDATE,.” “..”
response 200 sip-header Allow-Header modify “.UPDATE,.” “..”
response 180 sip-header Allow-Header modify “.UPDATE,.” “..”
request ANY sdp-header Connection-Info modify “0.0.0.0” “22.33.44.55”
request ANY sdp-header Audio-Connection-Info modify “0.0.0.0” “22.33.44.55”
request ANY sdp-header Audio-Attribute modify “inactive” “active”

dial-peer voice 5000 voip
description SIP INBOUND
preference 1
destination-pattern 91022209..$
session protocol sipv2
session target ipv4:10.20.1.1
incoming called-number 91039209..$
voice-class sip profiles 1
dtmf-relay rtp-nte
codec g711ulaw
clid strip name
no vad

dial-peer voice 6000 voip
description SIP 10DIG OUTBOUND
destination-pattern [2-9]………
no modem passthrough
session protocol sipv2
session target sip-server
voice-class sip early-offer forced
voice-class sip profiles 1
dtmf-relay rtp-nte
codec g711ulaw
fax rate disable
fax protocol t38 version 0 ls-redundancy 2 hs-redundancy 0 fallback cisco
ip qos dscp cs5 media
ip qos dscp cs4 signaling
no vad

PBR with verify-availability

by Leave a Comment

interface GigabitEthernet0/0
description Internet
ip address 24.175.29.2 255.255.255.252
crypto map VPN

interface GigabitEthernet0/1.10
description Data
ip address 10.2.0.1 255.255.0.0
ip policy route-map RM-PBR

interface GigabitEthernet0/1.20
description Voice
ip address 10.200.0.1 255.255.0.0
ip policy route-map RM-PBR

interface GigabitEthernet0/2
description Metro-E
ip address 10.120.0.2 255.255.255.0

track 1 ip sla 1 reachability
delay down 5 up 5
!
track 2 ip sla 2 reachability
delay down 5 up 5

route-map RM-PBR permit 10
description Prefer Data out VPN
match ip address ACL-Data
set ip next-hop verify-availability 24.175.29.1 10 track 1
set ip next-hop verify-availability 10.120.0.1 20 track 2

route-map RM-PBR permit 20
description Prefer Voice out Metro
match ip address ACL-Voice
set ip next-hop verify-availability 10.120.0.1 10 track 2
set ip next-hop verify-availability 24.175.29.1 20 track 1

ip sla 1
icmp-echo 8.8.8.8
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.120.0.1
frequency 10
ip sla schedule 2 life forever start-time now
ip sla auto discovery

ip access-list extended ACL-Data
permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.2.0.0 0.0.255.255 10.3.0.0 0.0.255.255

ip access-list extended ACL-Voice
permit ip 10.200.0.0 0.0.255.255 10.100.0.0 0.0.255.255
permit ip 10.200.0.0 0.0.255.255 10.300.0.0 0.0.255.255

internet-only access

by Leave a Comment

interface Vlan99
description guest
ip address 10.99.99.1 255.255.255.0
ip access-group Public-Out in

ip access-list extended Public-Out
permit udp any any eq bootps
deny   ip 10.99.99.0 0.0.0.255 192.168.0.0 0.0.255.255
deny   ip 10.99.99.0 0.0.0.255 172.16.0.0 0.0.15.255
deny    ip 10.99.99.0 0.0.0.255 10.0.0.0 0.0.0.255
permit ip 10.99.99.0 0.0.0.255 any

packet capture (wireshark) on ios device

by Leave a Comment

monitor capture buffer CAPTURE_IN size 8096 max-size 9000 circular
monitor capture buffer CAPTURE_OUT size 8096 max-size 9000 circular
monitor capture point ip cef CAP_in GigabitEthernet0/0 both
monitor capture point ip cef CAP_out GigabitEthernet0/1.98 both

monitor capture point associate CAP_in CAPTURE_IN
monitor capture point associate CAP_out CAPTURE_OUT

***************************************************

monitor capture point start CAP_in
monitor capture point start CAP_out

monitor capture point stop CAP_in
monitor capture point stop CAP_out

 

to download pcap:
monitor capture buffer CAPTURE_IN export tftp://1.1.1.2//Capturein.pcap
monitor capture buffer CAPTURE_OUT export tftp://1.1.1.2//Captureout.pcap

https://supportforums.cisco.com/docs/DOC-32870

Verification Commands:

1) show monitor capture PCAP buffer dump

2) show monitor capture PCAP parameter

 

Troubleshooting Commands:

1) debug epc capture-point

2) debug epc provision