Site 2 Site VPN

syed.shameem1 · ‎08-25-2012

Dear All,

I have got a requirement to configure Site-to-Site VPN with HQ from my branch office. The motive to accomplish this is to get the IP Phones up and running. The phones would connect to the CUCM which is located at HQ. I have my DSL link terminated on ATM interface of Cisco 877 router and I’ve got two public IP’s from the ISP one for my side and the other from the HQ. I’ve configured my side successfully and the link is up with internet accessible.

I’ve configured Site 2 site VPN and it works fine, but still the phones are not getting registered.

I am able to ping the local network I.e. 172.16.0.0 but not able to reach CUCM IP 172.16.100.X

Below are the details.

Br Local LAN network: 192.168.3.0

HQ Local LAN Network: 172.16.0.0

CUCM IP: 172.16.100.X

Voice Gateway IP: 172.16.100.X

Below are the devices which I’ve at Branch office

Cisco 877 Adsl Router

3 COM POE switch

Cisco 7911 IP phones.

Please find attached the running config of the router and network diagram for reference.

Kindly look into this and advice.

Thanks in Advance..

Shameem

Carlo Poggiarelli · ‎08-25-2012

Hi Shameem.

In wich kind of device is the vpn configured at HQ?

Are you able to ping the VG from Branch Office?

What is the dafault gateway of the CUCM?

Let me know

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

syed.shameem1 · ‎08-27-2012

Hi Carlo,

Thanks for the reply!!

There is 1900 series cisco router at HQ.

No, I am not able to ping the voice gateway..

and the default gateway of CUCM is VG.

Thanks,

Shameem

Carlo Poggiarelli · ‎08-27-2012

Hi Shameem.

Can you please post the config of 1900 router.

Check also the VG routing table which should be able to reach you branch through the 1900 HQ router.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

chrysostomos1980 · ‎08-27-2012

Hi

Do you have a route for network 172.16.0.0 255.255.0.0 pointing to the ip of the other site (vpn site to site ?

Please rate all useful posts Regards Chrysostomos ""The Most Successful People Are Those Who Are Good At Plan B""

syed.shameem1 · ‎08-27-2012

Hi Chrys,

There is ip route to network 172.16.0.0 255.255.0.0 configured on Branch office router pointing towards the public IP of HQ.

chrysostomos1980 · ‎08-27-2012

Hi

Try the below access lists

On the top must me the deny

access-list 120 deny ip 192.168.3.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 120 permit ip 192.168.3.0 0.0.0.255 any

access-list 130 permit ip 192.168.3.0 0.0.0.255 172.16.0.0 0.0.255.255

Please rate all useful posts Regards Chrysostomos ""The Most Successful People Are Those Who Are Good At Plan B""

chrysostomos1980 · ‎08-28-2012

Hi

What are results finally

Regards

cc

Please rate all useful posts Regards Chrysostomos ""The Most Successful People Are Those Who Are Good At Plan B""

syed.shameem1 · ‎08-28-2012

Hi Chrys,

I tried the above access-list but no good still not able to ping the 172.16.100.0 network.

Thanks,

Shameem

Carlo Poggiarelli · ‎08-28-2012

Hi Shameem.

Are you able to send you HQ router config and a show ip route of HQ VG.

Regards.

Carlo

Please rate all helpful posts "The more you help the more you learn"