04-14-2011 02:18 AM - edited 03-21-2019 03:57 AM
Need some help on multisite config, managed to setup a multisite on CCA between UK and NY. but have some issues
The engineer working on NEWYORK site sent me the following problem description when he imported my multisite config file and after doing some tests last night.
The tunnel is working partially, it shows up and is authenticating correctly, however when he try to dial inter-site he gets a fast busy AFTER it already shows him the name of the person he is dialing.
For example, he dial UK extension "83401" from NY. (401 = Andy)
It rings once, the display shows "To Andy" (person on UK extension 401) then gives a fast busy tone.
The tunnel shows active and working for him, and it's obviously connecting because it can pass the name from the extension, but voice is not working.
tunnel status from NY
---------------------------------------------------------------------
Interface: GigabitEthernet0/0
Uptime: 00:22:50
Session status: UP-ACTIVE
Peer: 83.244.148.43 port 500 fvrf: (none) ivrf: (none)
Phase1_id: UC_560BNSUK.ippbx.hipcom.co.uk
Desc: (none)
IKE SA: local 204.145.73.182/500 remote 83.244.148.43/500 Active
Capabilities:(none) connid:2078 lifetime:00:07:08
IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.30.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 84 drop 0 life (KB/Sec) 4522830/2229
Outbound: #pkts enc'ed 82 drop 0 life (KB/Sec) 4522830/2229
Is this a known issue.
Thanks for your help
Regards
Shameer Mohamed
Solved! Go to Solution.
04-14-2011 06:22 PM
Hi Shameer,
We need to establish that the SA-520 is doing its job properly, since you used CCA to configure the Multi-Site setup it might not have been aware of an edge device being there that was firewall/agl/acl/ capable, so the VPN tunnel may be up but the routing of the calls may not be hitting the UC and I suspect the audio path could be going into the other side of the network.
If there is a way to get the UC connected directly to the WAN side and test it there we can start the elimination process, it can be a little tricky when it is in a live production environment, and yes you would need to be onsite to do this, but it is worth while as this could take everything out of the equation and you can make sure that all interfering appliances are removed.
Try this first and lets take it from there.
Cheers,
David.
04-17-2011 04:06 PM
Hi Shameer,
Thanks for the diagram, however can you take that down as you have a User/Pass displayed on it and can you please change this imediatly as well.
So from what I can see the SA is routing for the other side of the network and the UC-560 is doing it for the voice side of the network, this should work just fine.
I would check the other side and make sure the Firewall is not preventing the free flowing of packets back to the UK site, if you can exclude everything from the NY side we can then focus back on the UK side.
Since the Multi-Site manage was configured using CCA I have no reason to suspect that the ACL's are out of whack and causing you issues, so lets eliminate the primary suspects first and work backwards from there.
What is the firewall at the NY site? Model/Brand would help and how you have the basic configuration on that setup.
Cheers,
David.
04-19-2011 05:28 PM
Hi Shameer,
Glad it is all working now for you
h323-gateway voip bind srcaddr 192.168.30.1
This was on my list of things to check, but it was 5th on the list we made it to number 3
If everything is up and working as it should be, can you close the thread of as answered, this helps with when people search on specific topics as well.
Cheers,
David.
04-14-2011 06:22 PM
Hi Shameer,
We need to establish that the SA-520 is doing its job properly, since you used CCA to configure the Multi-Site setup it might not have been aware of an edge device being there that was firewall/agl/acl/ capable, so the VPN tunnel may be up but the routing of the calls may not be hitting the UC and I suspect the audio path could be going into the other side of the network.
If there is a way to get the UC connected directly to the WAN side and test it there we can start the elimination process, it can be a little tricky when it is in a live production environment, and yes you would need to be onsite to do this, but it is worth while as this could take everything out of the equation and you can make sure that all interfering appliances are removed.
Try this first and lets take it from there.
Cheers,
David.
04-15-2011 01:11 AM
Hi David
UC560 is directly connected to WAN through a four port switch. see attached topology.
SA520 is on the other side of the network. but i think Newyork site has a firewall infront of the UC560.
problem is can ring the remote extension and see the remote user name but just one ring.
thanks
shameer
04-17-2011 04:06 PM
Hi Shameer,
Thanks for the diagram, however can you take that down as you have a User/Pass displayed on it and can you please change this imediatly as well.
So from what I can see the SA is routing for the other side of the network and the UC-560 is doing it for the voice side of the network, this should work just fine.
I would check the other side and make sure the Firewall is not preventing the free flowing of packets back to the UK site, if you can exclude everything from the NY side we can then focus back on the UK side.
Since the Multi-Site manage was configured using CCA I have no reason to suspect that the ACL's are out of whack and causing you issues, so lets eliminate the primary suspects first and work backwards from there.
What is the firewall at the NY site? Model/Brand would help and how you have the basic configuration on that setup.
Cheers,
David.
04-19-2011 12:55 AM
Hi David
we manage to fix the issue. the Admin based in New York did some debug on UK site configuration.
multisite is now working, all that was needed was to set vlan 1 to srcaddr the internal ip, instead of sending over the wan IP like it was doing.
h323-gateway voip bind srcaddr 192.168.30.1
was the only change made.
thanks
shameer
04-19-2011 05:28 PM
Hi Shameer,
Glad it is all working now for you
h323-gateway voip bind srcaddr 192.168.30.1
This was on my list of things to check, but it was 5th on the list we made it to number 3
If everything is up and working as it should be, can you close the thread of as answered, this helps with when people search on specific topics as well.
Cheers,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide