Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2131
Views
0
Helpful
4
Replies

CCME and SIP soft phone via VPN

Lubo1
Level 1
Level 1

‎12-03-2012 06:00 AM - edited ‎03-16-2019 02:31 PM

Hi,

we have a All-in-One solution for small customers, C881 router with Firewall, NAT, VPN and CCME (SIP phones) enabled. The box is registered to SIP provider (source-interface for control and media is the outside interface, otherwise, we can not register and place a call). Everything works fine for SIP softphones in the LAN. But when the user connects to the network via IPSec VPN, his softphone does not work. The phone rings, but that's all, it is dropped after 7 seconds. It is logical, because during call setup he is instructed to use router's outside IP address for call. And at this moment, the client starts to send packets outside of the IPSec tunnel directly to the internet address of the router.

Is there any way to make this work?

Something like using router outside address for registration to SIP provider and inside address for communication with SIP phones?

Or using sip profiles to modify the messages?

Thank you,

Lubomir

2 people had this problem
Labels:
0 Helpful
4 Replies 4

paolo bevilacqua
Hall of Fame
Hall of Fame

‎12-03-2012 06:46 AM

Use Cisco softphone (CIPC) and everything will work fine.

0 Helpful

Lubo1
Level 1
Level 1
In response to paolo bevilacqua

‎12-11-2012 05:34 AM

It is not possible to use CIPC, the customer uses Smartphones with various SIP clients...

Any other advice?

Thank you,

L.

0 Helpful

Konstantinos Pappas
Level 1
Level 1

‎11-08-2013 11:12 AM

Hi!
I assume you're using Jabber Client.
In this case you have to add the command :

Voice service voip
sip
bind all source-interface GigabitEthernet 0/0

Or use any other interface which your Voice Vlan is connected.

It is a problem related to CME using a different IP address from SIP traffic than what was used for the endpoint to register.


Sent from Cisco Technical Support Android App

0 Helpful

Lubo1
Level 1
Level 1
In response to Konstantinos Pappas

‎11-09-2013 12:39 PM

Hi Konstantinos,

thanks for the reply, but this is not the case. To make the question clear: we have 2 interfaces on the router, Gi0/0 is LAN interface, Gi0/1 is WAN interface. We must use Gi0/1 for communication between router and SIP voice provider, because Gi0/1 has publicly routable IP address. Thats why we already have bind command in the config, specifying the Gi0/1 interface.

On the other side, we must use Gi0/0 for communication between router and internal SIP users, which access the network via IPSec VPN. If the router instruct the users to use the outside interface (inherited from "bind all source-interface Gi0/1"), they start to send the packets outside of the split VPN tunnel, which does not work (security policy).

Thanks,

L.

0 Helpful
Customers Also Viewed These Support Documents