cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
880
Views
0
Helpful
4
Replies
Highlighted
Beginner

CCME and SIP soft phone via VPN

Hi,

we have a All-in-One solution for small customers, C881 router with Firewall, NAT, VPN and CCME (SIP phones) enabled. The box is registered to SIP provider (source-interface for control and media is the outside interface, otherwise, we can not register and place a call). Everything works fine for SIP softphones in the LAN. But when the user connects to the network via IPSec VPN, his softphone does not work. The phone rings, but that's all, it is dropped after 7 seconds. It is logical, because during call setup he is instructed to use router's outside IP address for call. And at this moment, the client starts to send packets outside of the IPSec tunnel directly to the internet address of the router.

Is there any way to make this work?

Something like using router outside address for registration to SIP provider and inside address for communication with SIP phones?

Or using sip profiles to modify the messages?

Thank you,

Lubomir

Everyone's tags (6)
4 REPLIES 4
Hall of Fame Master

CCME and SIP soft phone via VPN

Use Cisco softphone (CIPC) and everything will work fine.

Beginner

CCME and SIP soft phone via VPN

It is not possible to use CIPC, the customer uses Smartphones with various SIP clients...

Any other advice?

Thank you,

L.

Re:CCME and SIP soft phone via VPN

Hi!
I assume you're using Jabber Client.
In this case you have to add the command :

Voice service voip
sip
bind all source-interface GigabitEthernet 0/0

Or use any other interface which your Voice Vlan is connected.

It is a problem related to CME using a different IP address from SIP traffic than what was used for the endpoint to register.


Sent from Cisco Technical Support Android App

Beginner

Re:CCME and SIP soft phone via VPN

Hi Konstantinos,

thanks for the reply, but this is not the case. To make the question clear: we have 2 interfaces on the router, Gi0/0 is LAN interface, Gi0/1 is WAN interface. We must use Gi0/1 for communication between router and SIP voice provider, because Gi0/1 has publicly routable IP address. Thats why we already have bind command in the config, specifying the Gi0/1 interface.

On the other side, we must use Gi0/0 for communication between router and internal SIP users, which access the network via IPSec VPN. If the router instruct the users to use the outside interface (inherited from "bind all source-interface Gi0/1"), they start to send the packets outside of the split VPN tunnel, which does not work (security policy).

Thanks,

L.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards