cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6824
Views
0
Helpful
9
Replies

VOIP Issues through IPSEC VPN

Joseph E Spoon
Level 1
Level 1

Hello All,

I have an IPSEC VPN setup between a C1861-SRST-F/K9 router and a Sonicwall.  I am able to communicate across the tunnel just fine and my 6941 phones are registered back to the call manager and I can make site to site calls with extension numbers.  The issue I'm having is with inbound and outbound calls through the C1861 gateway.  On outbound calls the remote phone rings but there is no ring back heard in the 6941, and eventually I will get a fast busy.  On inbound calls, the 6941 rings but when you pick it up you can hear nothing, and the calling phone keeps getting ring back.  I have tested inbound and outbound from the block and they work successfully.  I have also tested from an FXS port with an analog phone and it works successfully.  It is only with the 6941 phones that communicate with the Call Manager through the VPN tunnel that I am having the issues.  Below is posted the Version of the router and the configuration.  Any help will be much appreciated....I also checked, all lines are loop start.

ROUTER#sho ver

Cisco IOS Software, C1861 Software (C1861-ADVIPSERVICESK9-M), Version 12.4(11)X

6, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Wed 13-Feb-08 16:03 by prod_rel_team

ROM: System Bootstrap, Version 12.4(11r)XW3, RELEASE SOFTWARE (fc1)

ROUTER uptime is 8 hours, 42 minutes

System returned to ROM by power-on

System image file is "flash:c1861-advipservicesk9-mz.124-11.XW6.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco C1861-SRST-F/K9 (MPC8358) processor (revision 0x202) with 249856K/12288K

ytes of memory.

Processor board ID FTX1221Y03Y

MPC8358 CPU Rev: Part Number 0x804A, Revision ID 0x20

12 User Licenses

10 FastEthernet interfaces

4 Voice FXO interfaces

4 Voice FXS interfaces

1 Voice MoH interface

128K bytes of non-volatile configuration memory.

125440K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

==============================================

ROUTER#sho run

Building configuration...

Current configuration : 5067 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ROUTER

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key aviation address 207.157.18.254

!

!

crypto ipsec transform-set ESCC esp-3des esp-sha-hmac

!

crypto map ESCC 10 ipsec-isakmp

set peer 207.157.18.254

set transform-set ESCC

match address 150

!

ip cef

!

!

no ip dhcp use vrf connected

!

ip dhcp pool NET1

   network 192.168.0.0 255.255.255.0

   default-router 192.168.0.1

   dns-server 8.8.8.8

   option 150 ip 10.101.0.4

!

!

ip domain name DOMAIN.COM

!

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

voice-card 0

dspfarm

dsp services dspfarm

!

!

!

username admin privilege 15 secret 5 $1$PLtK$NUnM/I7Vn6uUnz7U9cs911

username administrator privilege 15 secret 5 $1$8OST$5eCh0TqRpmfDnY7TBY/9F1

archive

log config

  hidekeys

!

!

ip ssh version 1

!

!

!

!

interface FastEthernet0/0

ip address 97.66.163.106 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map ESCC

!

interface FastEthernet0/1/0

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/1

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/2

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/3

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/4

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/5

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/6

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/7

switchport voice vlan 1

spanning-tree portfast

!

interface FastEthernet0/1/8

switchport voice vlan 1

spanning-tree portfast

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

h323-gateway voip interface

h323-gateway voip bind srcaddr 192.168.0.1

!

ip route 0.0.0.0 0.0.0.0 97.66.163.105

!

!

ip http server

no ip http secure-server

ip nat inside source list 101 interface FastEthernet0/0 overload

!

access-list 101 deny   ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255<----------NAT access list denying traffic that is destined for VPN

access-list 101 deny   ip 192.168.0.0 0.0.0.255 10.101.0.0 0.0.255.255

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 150 permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255<----------VPN allowed traffic

access-list 150 permit ip 192.168.0.0 0.0.0.255 10.101.0.0 0.0.255.255

!

!

!

!

!

!

control-plane

!

!

!

voice-port 0/0/0

!

voice-port 0/0/1

!

voice-port 0/0/2

!

voice-port 0/0/3

!

voice-port 0/1/0

connection plar 6000<-----secretary's extension...using dial-peer 6000 to route back to call manager

caller-id enable

!

voice-port 0/1/1

connection plar 6000

!

voice-port 0/1/2

connection plar 6000

!

voice-port 0/1/3

connection plar 6000

!

voice-port 0/4/0

auto-cut-through

signal immediate

input gain auto-control

description Music On Hold Port

!

!

!

sccp local Vlan1

sccp ccm 10.101.0.4 identifier 1 priority 1 version 6.0

sccp ccm 10.101.0.5 identifier 2 priority 2 version 6.0

sccp

!

sccp ccm group 1

bind interface Vlan1

associate ccm 1 priority 1

associate ccm 2 priority 2

associate profile 3 register ALB-MTP

associate profile 1 register ALB-TRANS

associate profile 2 register ALB_CONF

!

dspfarm profile 1 transcode<----testing with this to see if I could resolve the issues

codec g711ulaw

codec g711alaw

codec ilbc

codec g723r63

codec g723r53

codec gsmamr-nb

codec g729ar8

codec g729abr8

codec g729r8

codec g729br8

associate application SCCP

shutdown

!

dspfarm profile 2 conference

codec g711ulaw

codec g711alaw

codec g729ar8

codec g729abr8

codec g729r8

codec g729br8

associate application SCCP

shutdown

!

dspfarm profile 3 mtp<-----just testing with this to see if I could resolve the issues

codec g711ulaw

maximum sessions hardware 22

associate application SCCP

!

!

dial-peer voice 1 pots

incoming called-number .

direct-inward-dial

!

dial-peer voice 9 pots<------First POTS line

preference 1

destination-pattern 9T

port 0/1/0

!

dial-peer voice 91 pots<------Second POTS line

preference 2

shutdown

destination-pattern 9T

port 0/1/1

!

dial-peer voice 92 pots<-------Third POTS line

preference 3

shutdown

destination-pattern 9T

port 0/1/2

!

dial-peer voice 93 pots<-------Fourth POTS line

preference 4

destination-pattern 9T

port 0/1/3

!

dial-peer voice 6000 voip<------dial peer that points to the Call Manager and points to the secretary's extension at this site

destination-pattern 6000

session target ipv4:10.101.0.4

incoming called-number .

dtmf-relay h245-alphanumeric

!

!

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login local

line vty 5 15

login local

!

!

webvpn cef

end

1 Accepted Solution

Accepted Solutions

Hi Joseph.

Can you please send the output of a show vocie call status and a show voip rtp connection during a failing call?

Thanks

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"

View solution in original post

9 Replies 9

brmeade
Level 4
Level 4

Can you ping those IP phones from that gateway?

Yes, I can ping the phones from both the remote gateway and local gateway.

Any other suggestions?

techguy
Level 4
Level 4

Your dsp profiles are in shutdown mode.

Check your media resources are registered in cucm or not?



Sent from Cisco Technical Support Android App

I "no shut" the transcoding DSP and am still having the same issues.  The line just continues to ring on inbound calls and there is no connection on outbound calls either.  Could it be something with the H323 messaging that is being blocked?

Below shows the Transcoder connected to the CUCM

SCCP Admin State: UP

Gateway IP Address: 192.168.0.1, Port Number: 2000

IP Precedence: 5

User Masked Codec list: None

Call Manager: 10.101.0.5, Port Number: 2000

                Priority: 2, Version: 6.0, Identifier: 2

Call Manager: 10.101.0.4, Port Number: 2000

                Priority: 1, Version: 6.0, Identifier: 1

Transcoding Oper State: ACTIVE - Cause Code: NONE

Active Call Manager: 10.101.0.4, Port Number: 2000

TCP Link Status: CONNECTED, Profile Identifier: 1

Reported Max Streams: 16, Reported Max OOS Streams: 0

Supported Codec: g711ulaw, Maximum Packetization Period: 30

Supported Codec: g711alaw, Maximum Packetization Period: 30

Supported Codec: ilbc, Maximum Packetization Period: 60

Supported Codec: g723_6.3, Maximum Packetization Period: 60

Supported Codec: g723_6.3, Maximum Packetization Period: 60

Supported Codec: gsmamr-nb, Maximum Packetization Period: 60

Supported Codec: g729ar8, Maximum Packetization Period: 60

Supported Codec: g729abr8, Maximum Packetization Period: 60

Supported Codec: g729r8, Maximum Packetization Period: 60

Supported Codec: g729br8, Maximum Packetization Period: 60

Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30

Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30

Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period

: 30

Hi Joseph.

Can you please send the output of a show vocie call status and a show voip rtp connection during a failing call?

Thanks

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"

ROUTER#sho voice call status

CallID     CID  ccVdb      Port             DSP/Ch  Called #   Codec    Dial-pee

rs

0x20F      19C4 0x86F2ECE0 0/1/3            0/1:1   6001       None      0/6000

1 active call found

ROUTER#sho voip rtp connection

No active connections found

Never did see an RTP connection.  I changed some of the dial peer options if the voice call status looks different from what the original config says it should look like. 

I disabled an option in the Sonicwall and it seems to have fixed the issues, at least for inbound calls.  I won't be able to check outbound calls until tomorrow.  I've attached an image of the option I changed.  It's under VOIP in the Sonicwall.

Inbound and outbound calling is working after doing this.

Thanks for all of your help.