[cisco-voip] cisco-voip Digest, Vol 75, Issue 1

Tim Reimers treimers at ashevillenc.gov
Sat Jan 2 11:29:54 EST 2010 

Are you tunneling everything across the VPN? or doing split-tunneling?

It'd be easier just to allow access to all your possible voice subnets on the inside.

Remember that your CIPC client or any phone is only doing call-setup with the UCM --
the actual calls are UDP RTP streams between CIPC client and the IP phone at the other end of the call or the gateway that your CICP client is using to get to the PSTN.

It's not just the UCM you'd have to open ports to, it's every VOIP device on the internal network that the CIPC client might talk to.


But none of that matters if you're not doing split tunneling -- if you are tunneling everything, it all should work.

However -- here's some other things that might be breaking it.
(assuming here that you've tried this and it's not working)

Routing -  ensure that any and all VOIP devices (UCM, gateways, phones) all have routing information 
that will allow them to locate the CIPC client on the VPN assigned addresss.
Usually not a problem if your core router knows how to find the IP subnet being used to assign addresses to VPN clients.

NAT -- Ensure in your VPN termination device (ASA, PIX) configuration that the IP subnets used by all the VOIP devices
are NOT subject to NAT.
When a lot of customers set up VPN initially, they configure it to not NAT for the data subnets.
Then when they add VOIP to the network, they add subnets for the voice network.
Those subnets are not always configured in the firewall/VPN device to not be NAT'ed.
You'd have to add those subnets to the 
"NAT 0 (inside) access-list" 
assuming you're using a Cisco vpn device


What are the subnets your VPN clients and voice devices are on?
What are you using to terminate the VPN connection from the client?


-----Original Message-----
From: cisco-voip-bounces at puck.nether.net on behalf of Aboohamida
Sent: Sat 1/2/2010 12:47 AM
To: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] cisco-voip Digest, Vol 75, Issue 1
 
Hi,
I would like to connect my Cisco IP Communicator using VPN to my company call manager. Which are the ports to be opened in the VPN for that? 
 
Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100102/ce6dae7d/attachment.html>

More information about the cisco-voip mailing list