cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6238
Views
0
Helpful
19
Replies

Jabber and Cisco AnyConnect VPN

jaydien1358
Level 3
Level 3

Hello,

I've gone through the setup instructions for configuring a jabber iOS client with my UC520. I've successfully configured 2 phones with the jabber client that work great when connected to the local WiFi.

I've also been able to get the 2 phones to register over 3G with the Cisco AnyConnect VPN app as well. However, when I go to place a call, I immediately get a busy signal.

How can I troubleshoot this?

Thanks.

-Brian

19 Replies 19

Did you have to perform any custom settings to get it to work with the IPSec VPN?   What's interesting for me is the phone connects and registers (displays the extension) -- I can even ping from the iPhone to the UC and vice versa. However when placing a call, I just receive a fast busy signal in both directions. 

When over 3G with VPN, there is connectivity (can ping and access https://10.1.1.1) but Jabber won't register.   

If I could get it to work over IPSec I would be satisfied, the iPhone disconnects the VPN anyway when it goes into idle mode so I don't really have a need for anyconnect. 

Wondering if you have any suggestions?  Thanks

This is the usual sort of config I use for IPSec VPN, you have to allow through the firewall access-list as well,  

Voice VLAN IP= 172.16.10.0/24, Data VLAN IP = 10.10.10.0/24

It assumes that you have IAS/NPS set-up to allow Active Directory username/pass, but if not it will allow local username of "iphone" pass "iphone"

Note that I would normally check what if any config CCA has generated in case this breaks something, but it should work fine.

Use group name "vpnclient" in iphone, key "YOURKEY".

Hope this helps!

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login NO_AUTHENT line

aaa authentication login AD_RADIUS group radius local

aaa authorization exec default group radius if-authenticated

aaa authorization exec AD_RADIUS group radius if-authenticated

aaa authorization network vpnclient local

!

username iphone password iphone

!

!

aaa session-id common

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

!

!

crypto isakmp client configuration group vpnclient

key YOURKEY

dns x.x.x.x

domain xxxx.local

pool ippool

acl splittunnel

!

!

crypto ipsec transform-set vpnclient esp-3des esp-md5-hmac

!

crypto dynamic-map dynamap 10

!

!

crypto map vpnclient local-address FastEthernet0/0

crypto map vpnclient client authentication list AD_RADIUS

crypto map vpnclient isakmp authorization list vpnclient

crypto map vpnclient client configuration address respond

crypto map vpnclient 10 ipsec-isakmp dynamic dynamap

!

interface FastEthernet0/0

description INTERNET

crypto map vpnclient

!

ip local pool ippool 172.16.222.1 172.16.222.20

!

radius-server host x.x.x.x auth-port 1645 acct-port 1646 key *****

!

ip access-list extended splittunnel

permit ip 10.10.10.0 0.0.0.255 172.16.222.0 0.0.0.255

permit ip 172.16.10.0 0.0.0.255 172.16.222.0 0.0.0.255

permit ip 10.1.10.0 0.0.0.255 172.16.222.0 0.0.0.255

permit ip 10.10.10.0 0.0.0.255 172.16.200.0 0.0.0.255

permit ip 172.16.10.0 0.0.0.255 172.16.200.0 0.0.0.255

!

We use ASA's in front or the UC5x0.

I just got Jabber workign so I will have to try externally, but we use the Secure Mobility licenses for the ASA's for the ipads and iphones. I will test this external to the company once I find a wifi connection.

I will post results.

I still don't have a few things working like MOH, but that I'm sure is a multicast issue, maybe to do with our WiFi setup.

Bob James

OK tested it and here's what I find. It does not work over 3G, it does over WiFi.

I never get transfered to voicemail when I call someone.

I get kicked off for no reason a lot; even on the local WiFi network talking to the UC5x0

Still seems like it needs a lttle more baking....

Bob James

Thanks for the detailed post and example.  Like others, here's some issues I'm seeing:

1) Wifi with IPSec VPN connects and can make internal calls

2) Over 3G, Jabber registers and displays the extension but internal/external calls result in fast busy.  Not too sure what might be blocking the session

3) When connected to Wifi voice or data networks, internal calls are fine however we cannot make calls externally using our SIP provider -- This results in a fast busy.  Calls into voicemail are fine.  Haven't tried with FXO port yet. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: