Cisco | Extranet BDi - SIP-Trunk

Enter module switch
Hw-module session 1/0

Config port interface in switch module
interface GigabitEthernet0/27
description SIP-TRUNK
switchport access vlan 120
switchport mode access
no shutdown

Create Vlan
Vlan120
Name SIP-TRUNK

Config port interface in BTR-08-EXTRANET-01
interface Ethernet-Internal1/0/0
service instance 120 ethernet
encapsulation dot1q 120
bridge-domain 120 split-horizon group 0
!

interface BDI120
no shut
description C-BEST-ONLINE
ip address 172.26.18.210 255.255.255.248
ip nat outside
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation dot1Q 120
ip virtual-reassembly
!

Add Static Route
##route to external -->nexthop ectranet ruter/SW
ip route 10.112.6.104 255.255.255.255 172.27.18.209 name KSEI_INVEST_DEV
ip route 10.112.6.105 255.255.255.255 172.27.18.209 name KSEI-S.INVEST-TRAINING
!
##route-to-server-DNZ-T2#
ip route 192.168.7.68 255.255.255.255 10.21.187.83 name Server-PMT_SIP-TRUNK_WCE-GRATIKA_DRC-FIREWALL_H2H

Create NAT POOL
ip nat pool NPOOL_C-BEST-TERMINAL 172.27.18.210 255 netmask 255.255.255.248

Create ACL for NAT
ip access-list extended ACL_120
permit ip host 192.168.7.68 host 172.27.18.209
permit ip host 172.27.18.209 host 192.168.7.68

Create Route-map for NAT
route-map RMAP_NAT_C-BEST-ONLINE permit 10
match ip address ACL_120
match interface BDI120

Configuring NAT
ip nat inside source route-map RMAP_NAT_C-BEST-ONLINE pool NPOOL_C-BEST-ONLINE overload

Add Nat outside in Interface BDI
interface bd120
ip nat outside

SW-EDGE
Add Static route WCE Gratika via Firewall Ekstranet
Ip route 172.27.18.209 name SIP-TRUNK_WCE-GRATIKA_DRC
Ip route 172.27.18.210 name SIP-TRUNK_WCE-GRATIKA_DRC

Add prefix IP WCE Gratika for redistribute static to ospf
ip prefix-list static-to-ospf permit 172.27.18.208/29

FIREWALL-EXTRANET
Create Policy
source 192.168.7.68/32
destination 172.27.18.208/29
port 5060 (udp), 10000-65000 (udp)

Add Static Route
Open routing ke 172.27.18.208/29, next hopnya adalah ip p2p router extranet 01

FIREWALL-T2-CP
Create Policy
source 192.168.7.68/32
destination 172.27.18.208/29
port 5060 (udp), 10000-65000 (udp)

Add Static Route
Open routing ke 172.27.18.208/29, next hopnya adalah ip p2p router edge

VERIFICATION:
Ping 172.27.18.209 à IP p2p SIP-TRUNK_WCE-GRATIKA_DR
Connection test from 192.168.7.68 to 172.27.18.20
Check Log in Firewall Fortinet H2H

------

tag
extranet #h2h

Coretan Buruh IT

Cisco | Extranet BDi - SIP-Trunk

Posting Komentar untuk "Cisco | Extranet BDi - SIP-Trunk"

Menu Halaman Statis