Re: VOIP over VPN

ttuisawau · ‎08-16-2006

I have VPN working for users that connect to my internal network via the internet.I would also like then to be able to use their softphone to make calls to internal extension via Voip.

They are able to login to the VOIP server that is internal and make a call via VPN.When the phone rings each side cannot hear each other. Can I please have some help on what I might be missing out on please please.

Thanks in advance all.

mheusinger · ‎08-17-2006

Hi,

will the direct softphone to phone traffic be allowed in the VPN tunnel, i.e. are those source/destination IP combinations also encrypted and transfered over the tunnel?

Second thought: does your IP routing allow such traffic? Are there firewall rules and such preventing the traffic?

As a first approach: can the users with the softphone ping a VoIP phone IP, i.e. is there really connectivity?

Regards, Martin

rlove · ‎08-17-2006

When they're authenticating they are using TCP but the voice traffic itself is using UDP. Make sure that it's not getting dropped.

thapilot1996 · ‎08-18-2006

Depending on where your vpn traffic's dumped, you'd probably have to make sure that the ports for audio aren't blocked at your firewall as well.

Shawn

telecastle · ‎08-20-2006

Hi,

Your problem is most likely due to the fact that once the call gets established, CallManger and CallManagerExpress instruct the phones to talk directly to each other. Therefore, you will have to either create a tunnel from each user to each user or direct the phones to forward voice traffic to the central site where you CallManger is instead of trying to send voice traffic directly. If you were running a routing protocol, using GRE/IPSEC, your routers would take care of forwarding the traffic addressed from one phone to another phone through your central site. However, if you are not running any routing protocol on your VPN routers, there's no way that the phone-to-phone traffic can get routed properly. If you are not using site-to-site VPN at all, but instead you are using VPN clients, then you can provision your Easy VPN setup on the head-end to forward traffic from appropriate subnets into the central site by configuring the crypto acl. The bottom line is that you need to make sure that your soft phones know how to forward voice traffic to other soft phones.

rhugo · ‎08-30-2006

I would consider all the advice given so far on the firewall and TCP / UDP ports. However, you may also want ot look at some more simplified points:

1) Is the IP Comm registering with CallManager (I'm assuming thes are IP Comm with CCM?)

2) If they ARE registering, (I'm assuming from your previous conversation?) take a close look at the MAC address being used and make sure it is the Physical MAC of the PC client network card and NOT the VPN! You can easily check this by cross-referencing what the MAC is that is listed in IP Comm with the MAC listed for your registered device. I had a customer that hit on this issue for several days, until i got out to the site and noticed that they had registered with their "hard-wired" LAN card and they were trying to use their wireless card on the SAME PC for IP Comm from home and experienced the one-way / no-way audio of death, as you mentioned. I would give this item a look...