From: Kurt Bergsbaken (kbergsbaken@yahoo.com)
Date: Thu Dec 11 2003 - 13:13:00 GMT-3
The fact that the call is getting set up at all, (tcp
1720-21)shows your routing is working.
--- Kurt Bergsbaken <kbergsbaken@yahoo.com> wrote:
> If it makes you feel any better, this is a very
> common
> condition, we have been fighting the same problem
> with
> a Checkpoint solution for years. There are a number
> of things to look at, first would be whether the PIX
> is equipped to, and configured to handle, and have
> open, the dynamic UDP port allocation from
> 16384-32xxx
> that the RTP streams will run over. I'm not sure I
> can
> remember exactly what it takes to do that on
> Checkpoint, let alone PIX, as it is inherently tied
> to
> stateful inspection. Will likely have to chase the
> RTP stream from the IP Phone (or gateway, depending
> on
> the nature of the call) through each piece of the
> network with a sniffer. Chances are good that the
> PIX
> is blocking the appropriate udp port.
>
>
> --- Marko Berend <marko.berend@storm.hr> wrote:
> > Thanks John, but this is not helping
> > My source address is ok, it is from the VPN range,
> > and the SP is using
> > it as the source address.
> >
> > VPN client 4.x creates a virtual interface in win
> XP
> > so you can see it
> > with "ipconfig", and the SP is properly configured
> > to use this address.
> > For example I get 10.11.0.240 (my LAN is
> > 10.11.0.0/24) and this is the
> > address in SP net configuration.
> > IP phones are on 10.11.3.0/24, but routing is OK,
> > because I can ping
> > them and everything. No access-lists in between .
> I
> > am sure it is not a
> > routing problem
> >
> > But anyway, no voice towards me.
> >
> > This is why I am posting here, it is not trivial.
> >
> > -----Original Message-----
> > From: John Messina [mailto:john@area100.com]
> > Sent: 11. prosinac 2003 11:48
> > To: Marko Berend; ccielab@groupstudy.com
> > Subject: RE: SoftPhone - one way voice over VPN
> > (good src addr)
> >
> >
> >
>
http://www.cisco.com/en/US/products/sw/voicesw/ps1860/products_tech_note
> > 09186a0080094ed1.shtml
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > Marko Berend
> > Sent: Thursday, December 11, 2003 5:18 AM
> > To: ccielab@groupstudy.com
> > Subject: SoftPhone - one way voice over VPN (good
> > src addr)
> >
> > Hi to all,
> >
> > I am having trouble with Cisco SoftPhone over VPN.
> > The voice is one way
> > only. I am not getting any traffic from the IP
> phone
> > on the other end.
> > The scenario is this:
> >
>
SPhone-------VPN----------->PIX-------->CM-------->IP
> > Phone 7940
> >
> > The IP address on the SoftPhone is correct in the
> SP
> > network settings
> > (cisco.com says this is the solution but it isn't
> > working still).
> > Everything works fine on the LAN. From VPN I can
> > ping everything, CM,
> > VG, even the IP phone I am calling, but I'm not
> > getting voice traffic
> > from it. When I sniff the traffic I see that
> nothing
> > is coming. From
> > CallManager I can verify that the SoftPhone is
> > registered with the
> > correct IP address. I have also tried modifying
> the
> > MTU on the VPN
> > client but to no avail.
> >
> > CM is 3.1
> > SF is 1.3(3)
> > PIX 6.3(3)
> > VPN client 4.x (I've tried with 3.x also)
> >
> > I suspect that the PIX is making my life
> miserable,
> > but it is not
> > logical. It must be a bug. Any comments or good
> ways
> > to troubleshoot it?
> >
> > Thanks
> >
> > Marko
> >
> >
>
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:39 GMT-3