01-17-2012 05:49 AM - edited 03-16-2019 09:02 AM
Good morning all! I have been searching and have not found the answer. We are having issues with our soft-phones that are on either VPN or Wireless VLAN sendinf DTMF tones. The soft-phones will register and makes calls but no DTMF is reconized. If the soft-phone is placed on the "DATA" VLAN (where the PBX is) all is good. I have tried a "permit ip any any" on the wireless VLAN to see if anything is being blocked and did not see any difference. I am not sure if there is some specific protocal that I am missing. I will paste the configuration and infranstructure setup below.
Thank You in advance!!
Current Setup
Cisco 881 Router with k9 Sec
Cisco SLM2048
Trixbox CE = 192.168.70.15
VLAN100 = Data
VLAN200 = Wireless
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$UzW8$YIlSVw2t5OVcoyyGv6n.Y1
!
aaa new-model
!
!
aaa authentication login userauthen group radius local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
username admin password 7 023C2603290D16
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXXXXXX
key XXXXXXXXXXXXX
dns 192.168.70.56
domain helios.com
pool pptp-pool
acl 150
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!!
!
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
ip address XXX.XXX.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
!
interface Vlan1
no ip address
!
interface Vlan2
no ip address
!
interface Vlan100
ip address 192.168.70.2 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Vlan200
ip address 192.168.80.1 255.255.255.0
ip access-group 120 in
ip access-group 121 out
ip helper-address 192.168.70.56
ip flow ingress
ip dns view-group 1
ip nat inside
ip virtual-reassembly in
!
ip local pool pptp-pool 192.168.90.100 192.168.90.150
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns view-list cf
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.70.104 3389 XXX.XXX.XXX.XXX 3388 extendable
ip nat inside source static tcp 192.168.70.56 3389 XXX.XXX.XXX.XXX 3399 extendable
ip nat inside source static tcp 192.168.70.15 80 XXX.XXX.XXX.XXX 8080 extendable
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
!
logging esm config
access-list 100 deny ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 permit ip 192.168.70.0 0.0.0.255 any
access-list 100 permit ip 192.168.80.0 0.0.0.255 any
access-list 120 permit udp any host 255.255.255.255 eq bootps
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.2
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.56
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.57
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.104
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.201
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.4
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.5
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.15
access-list 120 deny ip 192.168.80.0 0.0.0.255 192.168.70.0 0.0.0.255
access-list 120 permit ip 192.168.80.0 0.0.0.255 any
access-list 121 permit ip any any
access-list 150 permit ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 150 permit ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
!
!
!
!
radius-server host 192.168.70.56 auth-port 1812 acct-port 1813 key 7 10465A154447564D1E543F3B757A60
!
!
control-plane
!
!
line con 0
password 7 081B6E162B121C
no modem enable
line aux 0
line vty 0 4
password 7 033E7953240438
transport input ssh
!
end !
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$UzW8$YIlSVw2t5OVcoyyGv6n.Y1
!
aaa new-model
!
!
aaa authentication login userauthen group radius local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
username admin password 7 023C2603290D16
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group XXXXXXXX
key XXXXXXXXXXXXX
dns 192.168.70.56
domain helios.com
pool pptp-pool
acl 150
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!!
!
interface FastEthernet0
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
ip address XXX.XXX.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
!
interface Vlan1
no ip address
!
interface Vlan2
no ip address
!
interface Vlan100
ip address 192.168.70.2 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Vlan200
ip address 192.168.80.1 255.255.255.0
ip access-group 120 in
ip access-group 121 out
ip helper-address 192.168.70.56
ip flow ingress
ip dns view-group 1
ip nat inside
ip virtual-reassembly in
!
ip local pool pptp-pool 192.168.90.100 192.168.90.150
no ip classless
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns view-list cf
ip nat inside source list 100 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.70.104 3389 XXX.XXX.XXX.XXX 3388 extendable
ip nat inside source static tcp 192.168.70.56 3389 XXX.XXX.XXX.XXX 3399 extendable
ip nat inside source static tcp 192.168.70.15 80 XXX.XXX.XXX.XXX 8080 extendable
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
!
logging esm config
access-list 100 deny ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 deny ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 100 permit ip 192.168.70.0 0.0.0.255 any
access-list 100 permit ip 192.168.80.0 0.0.0.255 any
access-list 120 permit udp any host 255.255.255.255 eq bootps
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.2
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.56
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.57
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.104
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.201
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.4
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.5
access-list 120 permit ip 192.168.80.0 0.0.0.255 host 192.168.70.15
access-list 120 deny ip 192.168.80.0 0.0.0.255 192.168.70.0 0.0.0.255
access-list 120 permit ip 192.168.80.0 0.0.0.255 any
access-list 121 permit ip any any
access-list 150 permit ip 192.168.70.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 150 permit ip 192.168.80.0 0.0.0.255 192.168.90.0 0.0.0.255
!
!
!
!
radius-server host 192.168.70.56 auth-port 1812 acct-port 1813 key 7 10465A154447564D1E543F3B757A60
!
!
control-plane
!
!
line con 0
password 7 081B6E162B121C
no modem enable
line aux 0
line vty 0 4
password 7 033E7953240438
transport input ssh
!
end
01-21-2012 01:08 AM
DTMF and VLAN are not directly concerned.
What is the DTMF relay method used from your softphone?
RFC2833, SIP INFO ?
I think in an ACL problem. Try to remove access-groups from interface (in and out) just for a test and let me know what happens?
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide