Configuring a Cisco Router

Introduction

This document describes the configuration of a Cisco Router for the use with ECLOUD Phone System. A Cisco router has a firewall (ACL’s) and also NAT. If you have the firewall enabled you need to configure both NAT and access for NAT to work on the firewall. If you do not have the firewall enabled follow step 1 in the procedure below. To configure both NAT and firewall follow steps 1 and 2 in the procedure below. Please note that we cannot assist you in the configuration of your firewall.  

Cisco Router

Step 1: Configure Port Forwarding (NAT)

  1. Login to the SDM (Web interface) of the Cisco router. E.g. if the router IP is 192.168.1.3, using a web browser open the URL: http://192.168.1.1 (use HTTPS if Cisco Web Interface is running on a secure port).
  2. Click on the “Configure” button to start configuring the router.
  3. Click on the “NAT” button on the left side menu then and on the “Edit NAT Configuration” tab to start publishing ports on the router for the ECLOUD Phone System.
  4. Add the following NAT entries to a new or already existing NAT table. For an always up to date list of the ports that need to be open check here, as the ports may depend on the version you are using:
  • Inbound TCP port 5001 mapped to the PBX internal IP.
  • Inbound TCP port 5000 mapped to the PBX internal IP.
  • Inbound TCP port 5060 to 5061 mapped to the PBX internal IP.
  • Inbound UDP port 5060 to 5061 mapped to the PBX internal IP.
  • Inbound UDP ports 9000 to 10999 mapped to the PBX internal IP.
  • Inbound TCP port 5090 mapped to the PBX internal IP.
  • Inbound UDP port 5090 mapped to the PBX internal IP.
  1. Click on “Add” to add a new NAT rule.
  2. To map ports follow the steps below:
  • Select “Static”.
  • Set “Direction” to “From Inside to Outside”.
  • Set “IP address of Translate from interface” to the ECLOUD Phone System’s internal IP.
  • Set the “Network Mask” to the ECLOUD Phone System subnet mask.
  • Set “Translate to interface Type” to IP address or interface

Note: If you have more than 1 IP bound to the same interface, and want the ECLOUD Phone System to listen on a particular IP, choose “IP address”.

  • If in step 5 you chose:
  • “IP address”: specify the external IP you want the ECLOUD Phone System to listen on.
  • “Interface”:  from the interface drop down menu choose the interface where ECLOUD Phone System should be published.
  • Check “Redirect Port”.
  • Check if it is “TCP” or “UDP” depending on the Port being configured.
  • Specify the original port and translated port (these should be the same port number).
  • Click on “OK” to apply the NAT entry.   

Add Address Translation Rule on a Cisco Router.

  1. Repeat Step 5 to map every port required by ECLOUD.

Address Translation Rule summary page on a Cisco Router.

  1. When all default ports are configured, the final NAT table should look like the own shown above.

Step 2. Configuring Firewall and ACLs

For an always up-to-date list of the ports that need to be open check here.

  1. Add the following ACLs to the existing or new ACL (if the firewall is enabled):
  • Inbound TCP port 5001 mapped to the PBX internal IP.
  • Inbound TCP port 5000 mapped to the PBX internal IP.
  • Inbound TCP port 5060 mapped to the PBX internal IP.
  • Inbound UDP port 5060 mapped to the PBX internal IP.
  • Inbound UDP ports 9000 to 10999 mapped to the PBX internal IP.
  • Inbound TCP port 5090 mapped to the PBX internal IP.
  • Inbound UDP port 5090 mapped to the PBX internal IP.
  1. To add rules to the Firewall, click on the Firewall and ACL button on the left side menu.
  2. Click on the “Edit Firewall Policy / ACL” tab.
  3. Check “Originating traffic” and from the “Access Rule Window” click on “Add” to add new rule.
  • Set “Select Action” to Permit.
  • Description is not mandatory.
  • Set “Source Host/Network Type” to Any IP Address.
  • Set “Destination Host/Network Type” to A Host Name or IP Address.
  • Configure the internal IP of the ECLOUD Phone System in “Set Host Name/IP”.
  • Check UDP or TCP (depending on which port is being configured) from Protocol and Services.
  • Set “Source Port” to “Any”.
  • Set “Destination Port” to the port number the rule is being applied for.
  • Click on “OK”.
  1. Repeat Steps 3 and 4 to allow access to every port required by ECLOUD.

Firewall table rules on a Cisco Router.

  1. When all default ports are configured, the final firewall table should look similar to the above screenshot.
  2. When ready, click on “File” menu and select “Write to Startup Config” so that this configuration is used the next time the Cisco device is rebooted.
  3. Exit the configuration

Step 3:Validating Your Setup

Log into your ECLOUD Management Console, go to “Dashboard” > “Firewall” and run the  Firewall Checker to validate if your firewall is correctly configured for use with ECLOUD.