Question : one way audio when using cisco ip communicator over vpn

Hi

I have setup a small home network to practice send voip
over a remote access vpn but have run into a problem i am
unable to solve to help out with the question i have
included a network diagram as an attachment.

the problem i have is that when the cisco ip communicator
registers with the cme/cue router via a remote access vpn
i only have one way audio from the cisco 7940 phone to the
CIPC but not the other way around, however if i plug the pc
into the 3550 switch and register the CIPC with the cme/cue
router from there i have two way audio.

any ideas on what can be causing this will be greatly appreciated

Regards

Melvyn Brown

i have included the relevant configs below.

3550 POE SWITCH

vlan 10
name data

vlan 100
name voice

interface range fastethernet0/1 - 4
cdp enable
power inline auto
switchport mode access
switchport access vlan 10
switchport voice vlan 100
spanning-tree portfast

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport mode trunk

CME/CUE ROUTER

ip dhcp excluded-address 192.168.20.1 192.168.20.5
ip dhcp excluded-address 10.1.2.1 10.1.2.5

ip route 0.0.0.0 0.0.0.0 fastethernet0/0

clock timezone GMT 0
clock summer-time GMT recurring

ntp master

ip dhcp pool VOICE
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
option 150 ip 10.1.2.1
service dhcp

ip dhcp pool DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
service dhcp

interface Loopback0
ip address 100.1.1.1 255.255.255.255

interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shut

interface FastEthernet0/1
no shut

interface FastEthernet0/1.10
encapsulation dot1q 10
ip address 192.168.20.1 255.255.255.0

interface FastEthernet0/1.100
encapsulation dot1q 100
ip address 10.1.2.1 255.255.255.0

tftp-server flash:P0030702T023.bin
tftp-server flash:P0030702T023.loads
tftp-server flash:P0030702T023.sb2
tftp-server flash:P0030702T023.sbn

telephony-service
max-ephones 50
max-dn 50
load 7960-7940 P0030702T023
ip source-address 100.1.1.1
date-format dd-mm-yy

create cnf-files

ephone-dn 1 dual-line
number 1001

ephone-dn 2 dual-line
number 1002

ephone 1
mac-address 0014.1CAA.4E48
button 1:1

ephone 2
mac-address 001B.B9B8.8F97
button 1:2

interface service-Engine 0/0
ip address 192.168.30.1 255.255.255.252
no shut
service-module ip address 192.168.30.2 255.255.255.252
service-module ip default-gateway 192.168.30.1

ip http server

ip http path flash:

ip http authentication local

telephony-service

web admin system name fred password flintstone
dn-webedit
time-webedit

dial-peer voice 1010 voip
description voicemail
destination-pattern 1010
session protocol sipv2
session target ipv4: 192.168.30.2
dtmf-relay sip-notify
codec g711ulaw
no vad

ephone-dn 20
number #40....
mwi on

ephone-dn 21
number #41....
mwi off

ephone 1
username melvyn password brown

ephone 2
username terry password smith

EDGE ROUTER

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

ip local pool remote-pool 192.168.15.1 192.168.15.10

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

username barney password rubble

crypto isakmp client configuration group London
key cisco
domain cisco.com
pool remote-pool
acl 101

aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route

crypto map client1 client authentication list userauthen
crypto map client1 isakmp authorization list groupauthor

crypto map client1 client configuration address respond
crypto map client1 20 ipsec-isakmp dynamic dynmap

interface fastethernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
crypto map client1
no shut

interface fastethernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
no shut

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface fastethernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2
ip route 192.168.20.0 255.255.255.0 192.168.1.1
ip route 10.1.2.0 255.255.255.0 192.168.1.1
ip route 192.168.30.0 255.255.255.252 192.168.1.1
ip route 100.1.1.1 255.255.255.255 192.168.1.1

ROUTER-1

interface fastethernet0/1
ip address 192.168.2.2 255.255.255.0
no shut

interface fastethernet0/0
ip address 192.168.3.1 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 fastethernet0/0

REMOTE ACCESS ROUTER

ip dhcp pool LOCAL
network 160.1.1.0 255.255.255.0
default-router 160.1.1.1

interface FastEthernet0/1
ip address 160.1.1.1 255.255.255.0
no shut

interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

Attachments:

remote-access-network-diagram.xls (16 KB) (File Type Details)

network diagram

Answer : one way audio when using cisco ip communicator over vpn

sorted

i had neglected to add the voice and voicemail subnets to the access-list's for
encrypting traffic and exemption from nat,once i had done that i had two way
audio and the ability to leave voicemail over the remote access tunnel.

old access-list's

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

new access-list's that include voice and voicemail traffic

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip 192.168.30.0 0.0.0.3 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.30.0 0.0.0.3 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

Random Solutions

Install SQL and ERP on a single server

Why was it forbidden to people who had any problem offer to God?

Vista Home Premium will not Repai

.NET asking for restart and not continuing with install

Excel 2007 Changing Text Result From Yes/No To 1's & 0's

SUMIFS along with SumColor function

Backup Domain Controller at Remote Site

iframed page to finish without being in an iframe

List box child menu

X3500 IBM Server Keeps Powering Off After Post