Hello! We're running CUCM 10.5.2. Internal environment is all SIP, with one pub and two subs. For PSTN access we have a single Cisco Router with PRI cards to a PSTN. CUCM access that router via SIP.
Most of our remote sites are a mesh VPN, so internal calling is fine -- CUCM sets up a direct IP Phone to IP Phone call.
But one site (due to security restrictions) can not access the other remote sites. It can only access headquarters, where CUCM and the gateway lives. So from this restricted site, PSTN calls work fine, but On-Net calls fail.
How do I configure CUCM, so that it gets in the middle of calls between this site and other internal sites? Right now everything is defined as one location/regional/device pool. But I assume that needs to change, just wasn't sure which aprt.
Have you checked your partitions and CSS's.
also do you actually have layer3 connectivity from your restricted site to the other sites?
what is it that is actually failing? is it one way voice? do the phones actually ring?
There is no layey3 connectivity from the restricted site to other sites -- that's the problem.
For example, our HQ is 10.1.1.0, which is where our CUCMs and PSTN gateway live.
Normal remote sites are 10.2.x.0. Those sites have full layer3 connectivity to HQ, and to each other.
The restricted remote site is 10.3.1.0. It can reach HQ (10.1.1.0), so inbound/outbound PSTN calling works fine, phone registration works fine, etc. But it can NOT reach 10.2.x.0 sites. So therefore when they dial an internal extension, CUCM sets up a direct call from 10.3.1.0 to 10.2.x.0, which fails (no audio).
So what I think I need to do is have all calls from site 10.3.1.0 terminate at HQ gateway (10.1.1.x). But I'm not sure how to configure that. Is that just an MTP? What design changes would I need to make to insert the MTP just for that site?
You can make use of trusted relay point (TRP) or RSVP.
You should be able to address your issue with routing not voice configs. Why don't you configure your network to advertise the 10.3.1.0 network throughout the entire network and since the HQ has routing to it routing protocol would allow other sites to get there via the HQ site. How is your network routing configured? Are you using routing protocol between all the sites, or static routes?
Certainly could technically, but this site is managed by a different group that does not want site to site connectivity, even for phones. It's a higher security area, with it's own firewall. I've tried to suggest the voice network be separately routable, but shot down.
So now I'm searching for solutions to terminate/proxy calls through the HQ network.