From: Kurt Bergsbaken (kbergsbaken@yahoo.com)
Date: Thu Dec 11 2003 - 13:03:52 GMT-3
If it makes you feel any better, this is a very common
condition, we have been fighting the same problem with
a Checkpoint solution for years. There are a number
of things to look at, first would be whether the PIX
is equipped to, and configured to handle, and have
open, the dynamic UDP port allocation from 16384-32xxx
that the RTP streams will run over. I'm not sure I can
remember exactly what it takes to do that on
Checkpoint, let alone PIX, as it is inherently tied to
stateful inspection. Will likely have to chase the
RTP stream from the IP Phone (or gateway, depending on
the nature of the call) through each piece of the
network with a sniffer. Chances are good that the PIX
is blocking the appropriate udp port.
--- Marko Berend <marko.berend@storm.hr> wrote:
> Thanks John, but this is not helping
> My source address is ok, it is from the VPN range,
> and the SP is using
> it as the source address.
>
> VPN client 4.x creates a virtual interface in win XP
> so you can see it
> with "ipconfig", and the SP is properly configured
> to use this address.
> For example I get 10.11.0.240 (my LAN is
> 10.11.0.0/24) and this is the
> address in SP net configuration.
> IP phones are on 10.11.3.0/24, but routing is OK,
> because I can ping
> them and everything. No access-lists in between . I
> am sure it is not a
> routing problem
>
> But anyway, no voice towards me.
>
> This is why I am posting here, it is not trivial.
>
> -----Original Message-----
> From: John Messina [mailto:john@area100.com]
> Sent: 11. prosinac 2003 11:48
> To: Marko Berend; ccielab@groupstudy.com
> Subject: RE: SoftPhone - one way voice over VPN
> (good src addr)
>
>
>
http://www.cisco.com/en/US/products/sw/voicesw/ps1860/products_tech_note
> 09186a0080094ed1.shtml
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Marko Berend
> Sent: Thursday, December 11, 2003 5:18 AM
> To: ccielab@groupstudy.com
> Subject: SoftPhone - one way voice over VPN (good
> src addr)
>
> Hi to all,
>
> I am having trouble with Cisco SoftPhone over VPN.
> The voice is one way
> only. I am not getting any traffic from the IP phone
> on the other end.
> The scenario is this:
>
SPhone-------VPN----------->PIX-------->CM-------->IP
> Phone 7940
>
> The IP address on the SoftPhone is correct in the SP
> network settings
> (cisco.com says this is the solution but it isn't
> working still).
> Everything works fine on the LAN. From VPN I can
> ping everything, CM,
> VG, even the IP phone I am calling, but I'm not
> getting voice traffic
> from it. When I sniff the traffic I see that nothing
> is coming. From
> CallManager I can verify that the SoftPhone is
> registered with the
> correct IP address. I have also tried modifying the
> MTU on the VPN
> client but to no avail.
>
> CM is 3.1
> SF is 1.3(3)
> PIX 6.3(3)
> VPN client 4.x (I've tried with 3.x also)
>
> I suspect that the PIX is making my life miserable,
> but it is not
> logical. It must be a bug. Any comments or good ways
> to troubleshoot it?
>
> Thanks
>
> Marko
>
>
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:39 GMT-3