06-12-2012 06:50 AM - last edited on 03-25-2019 11:02 PM by ciscomoderator
Hello,
I've gone through the setup instructions for configuring a jabber iOS client with my UC520. I've successfully configured 2 phones with the jabber client that work great when connected to the local WiFi.
I've also been able to get the 2 phones to register over 3G with the Cisco AnyConnect VPN app as well. However, when I go to place a call, I immediately get a busy signal.
How can I troubleshoot this?
Thanks.
-Brian
06-20-2012 10:20 AM
Did you have to perform any custom settings to get it to work with the IPSec VPN? What's interesting for me is the phone connects and registers (displays the extension) -- I can even ping from the iPhone to the UC and vice versa. However when placing a call, I just receive a fast busy signal in both directions.
When over 3G with VPN, there is connectivity (can ping and access https://10.1.1.1) but Jabber won't register.
If I could get it to work over IPSec I would be satisfied, the iPhone disconnects the VPN anyway when it goes into idle mode so I don't really have a need for anyconnect.
Wondering if you have any suggestions? Thanks
06-21-2012 03:39 AM
This is the usual sort of config I use for IPSec VPN, you have to allow through the firewall access-list as well,
Voice VLAN IP= 172.16.10.0/24, Data VLAN IP = 10.10.10.0/24
It assumes that you have IAS/NPS set-up to allow Active Directory username/pass, but if not it will allow local username of "iphone" pass "iphone"
Note that I would normally check what if any config CCA has generated in case this breaks something, but it should work fine.
Use group name "vpnclient" in iphone, key "YOURKEY".
Hope this helps!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login NO_AUTHENT line
aaa authentication login AD_RADIUS group radius local
aaa authorization exec default group radius if-authenticated
aaa authorization exec AD_RADIUS group radius if-authenticated
aaa authorization network vpnclient local
!
username iphone password iphone
!
!
aaa session-id common
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
!
!
crypto isakmp client configuration group vpnclient
key YOURKEY
dns x.x.x.x
domain xxxx.local
pool ippool
acl splittunnel
!
!
crypto ipsec transform-set vpnclient esp-3des esp-md5-hmac
!
crypto dynamic-map dynamap 10
!
!
crypto map vpnclient local-address FastEthernet0/0
crypto map vpnclient client authentication list AD_RADIUS
crypto map vpnclient isakmp authorization list vpnclient
crypto map vpnclient client configuration address respond
crypto map vpnclient 10 ipsec-isakmp dynamic dynamap
!
interface FastEthernet0/0
description INTERNET
crypto map vpnclient
!
ip local pool ippool 172.16.222.1 172.16.222.20
!
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key *****
!
ip access-list extended splittunnel
permit ip 10.10.10.0 0.0.0.255 172.16.222.0 0.0.0.255
permit ip 172.16.10.0 0.0.0.255 172.16.222.0 0.0.0.255
permit ip 10.1.10.0 0.0.0.255 172.16.222.0 0.0.0.255
permit ip 10.10.10.0 0.0.0.255 172.16.200.0 0.0.0.255
permit ip 172.16.10.0 0.0.0.255 172.16.200.0 0.0.0.255
!
06-24-2012 06:57 PM
We use ASA's in front or the UC5x0.
I just got Jabber workign so I will have to try externally, but we use the Secure Mobility licenses for the ASA's for the ipads and iphones. I will test this external to the company once I find a wifi connection.
I will post results.
I still don't have a few things working like MOH, but that I'm sure is a multicast issue, maybe to do with our WiFi setup.
Bob James
06-27-2012 11:27 AM
OK tested it and here's what I find. It does not work over 3G, it does over WiFi.
I never get transfered to voicemail when I call someone.
I get kicked off for no reason a lot; even on the local WiFi network talking to the UC5x0
Still seems like it needs a lttle more baking....
Bob James
06-27-2012 11:34 AM
Thanks for the detailed post and example. Like others, here's some issues I'm seeing:
1) Wifi with IPSec VPN connects and can make internal calls
2) Over 3G, Jabber registers and displays the extension but internal/external calls result in fast busy. Not too sure what might be blocking the session
3) When connected to Wifi voice or data networks, internal calls are fine however we cannot make calls externally using our SIP provider -- This results in a fast busy. Calls into voicemail are fine. Haven't tried with FXO port yet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide