Question : one way audio when using cisco ip communicator over vpn

Hi

I have setup a small home network to practice send voip
over a remote access vpn but have run into a problem i am
unable to solve to help out with the question i have
included a network diagram as an attachment.

the problem i have is that when the cisco ip communicator
registers with the cme/cue router via a remote access vpn
i only have one way audio from the cisco 7940 phone to the
CIPC but not the other way around, however if i plug the pc
into the 3550 switch and register the CIPC with the cme/cue
router from there i have two way audio.

any ideas on what can be causing this will be greatly appreciated


Regards

Melvyn Brown


i have included the relevant configs below.


3550 POE SWITCH

vlan 10
name data

vlan 100
name voice

interface range fastethernet0/1 - 4
cdp enable
power inline auto
switchport mode access
switchport access vlan 10
switchport voice vlan 100
spanning-tree portfast

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport mode trunk


CME/CUE ROUTER

ip dhcp excluded-address 192.168.20.1 192.168.20.5
ip dhcp excluded-address 10.1.2.1 10.1.2.5

ip route 0.0.0.0 0.0.0.0 fastethernet0/0

clock timezone GMT 0
clock summer-time GMT recurring

ntp master

ip dhcp pool VOICE
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
option 150 ip 10.1.2.1
service dhcp

ip dhcp pool DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
service dhcp

interface Loopback0
ip address 100.1.1.1 255.255.255.255

interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shut

interface FastEthernet0/1
no shut

interface FastEthernet0/1.10
encapsulation dot1q 10
ip address 192.168.20.1 255.255.255.0

interface FastEthernet0/1.100
encapsulation dot1q 100
ip address 10.1.2.1 255.255.255.0

tftp-server flash:P0030702T023.bin
tftp-server flash:P0030702T023.loads
tftp-server flash:P0030702T023.sb2
tftp-server flash:P0030702T023.sbn

telephony-service
max-ephones 50
max-dn 50
load 7960-7940 P0030702T023
ip source-address 100.1.1.1
date-format dd-mm-yy

create cnf-files

ephone-dn 1  dual-line
number 1001

ephone-dn 2  dual-line
number 1002

ephone 1
mac-address 0014.1CAA.4E48
button 1:1

ephone 2
mac-address 001B.B9B8.8F97
button 1:2

interface service-Engine 0/0
ip address 192.168.30.1 255.255.255.252
no shut
service-module ip address 192.168.30.2 255.255.255.252
service-module ip default-gateway 192.168.30.1

ip http server

ip http path flash:

ip http authentication local

telephony-service

web admin system name fred password flintstone
dn-webedit
time-webedit

dial-peer voice 1010 voip
description voicemail
destination-pattern 1010
session protocol sipv2
session target ipv4: 192.168.30.2
dtmf-relay sip-notify
codec g711ulaw
no vad

ephone-dn 20
number #40....
mwi on

ephone-dn 21
number #41....
mwi off

ephone 1
username melvyn password brown

ephone 2
username terry password smith


EDGE ROUTER

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

ip local pool remote-pool 192.168.15.1 192.168.15.10

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

username barney password rubble

crypto isakmp client configuration group London
key cisco
domain cisco.com
pool remote-pool
acl 101

aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route

crypto map client1 client authentication list userauthen
crypto map client1 isakmp authorization list groupauthor

crypto map client1 client configuration address respond
crypto map client1 20 ipsec-isakmp dynamic dynmap

interface fastethernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
crypto map client1
no shut

interface fastethernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
no shut

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface fastethernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2
ip route 192.168.20.0 255.255.255.0 192.168.1.1
ip route 10.1.2.0 255.255.255.0 192.168.1.1
ip route 192.168.30.0 255.255.255.252 192.168.1.1
ip route 100.1.1.1 255.255.255.255 192.168.1.1

ROUTER-1

interface fastethernet0/1
ip address 192.168.2.2 255.255.255.0
no shut

interface fastethernet0/0
ip address 192.168.3.1 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 fastethernet0/0


REMOTE ACCESS ROUTER

ip dhcp pool LOCAL
network 160.1.1.0 255.255.255.0
default-router 160.1.1.1

interface FastEthernet0/1
ip address 160.1.1.1 255.255.255.0
no shut
 
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
no shut
 
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

















Attachments:
 
 

Answer : one way audio when using cisco ip communicator over vpn

sorted

i had neglected to add the voice and voicemail subnets to the access-list's for
encrypting traffic and exemption from nat,once i had done that i had two way
audio and the ability to leave voicemail over the remote access tunnel.

old access-list's

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

new access-list's that include voice and voicemail traffic

access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 101 permit ip 192.168.30.0 0.0.0.3 192.168.15.0 0.0.0.255
access-list 101 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.30.0 0.0.0.3 192.168.15.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
Random Solutions  
 
programming4us programming4us