Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
937
Views
0
Helpful
5
Replies

multisite connect with one ring only

Go to solution
Mohamed Shameer Fareed
Level 3
Level 3

‎04-14-2011 02:18 AM - edited ‎03-21-2019 03:57 AM

Need some help on multisite config, managed to setup a multisite on CCA between UK and NY. but have some issues

The engineer working on NEWYORK site sent me the following problem description when he imported my multisite config file and after doing some tests last night.

The tunnel is working partially, it shows up and is authenticating correctly, however when he try to dial inter-site he gets a fast busy AFTER it already shows him the name of the person he is dialing.

For example, he dial UK extension "83401" from NY. (401 = Andy)

It rings once, the display shows "To Andy" (person on UK extension 401) then gives a fast busy tone.

The tunnel shows active and working for him, and it's obviously connecting because it can pass the name from the extension, but voice is not working.

tunnel status from NY
---------------------------------------------------------------------
Interface: GigabitEthernet0/0
Uptime: 00:22:50
Session status: UP-ACTIVE    
Peer: 83.244.148.43 port 500 fvrf: (none) ivrf: (none)
      Phase1_id: UC_560BNSUK.ippbx.hipcom.co.uk
      Desc: (none)
  IKE SA: local 204.145.73.182/500 remote 83.244.148.43/500 Active
          Capabilities:(none) connid:2078 lifetime:00:07:08
  IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.30.0/255.255.255.0
        Active SAs: 2, origin: crypto map
        Inbound:  #pkts dec'ed 84 drop 0 life (KB/Sec) 4522830/2229
        Outbound: #pkts enc'ed 82 drop 0 life (KB/Sec) 4522830/2229

Is this a known issue.

Thanks for your help

Regards

Shameer Mohamed

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
David Trad
VIP Alumni
VIP Alumni

‎04-14-2011 06:22 PM

Hi Shameer,

We need to establish that the SA-520 is doing its job properly, since you used CCA to configure the Multi-Site setup it might not have been aware of an edge device being there that was firewall/agl/acl/ capable, so the VPN tunnel may be up but the routing of the calls may not be hitting the UC and I suspect the audio path could be going into the other side of the network.

If there is a way to get the UC connected directly to the WAN side and test it there we can start the elimination process, it can be a little tricky when it is in a live production environment, and yes you would need to be onsite to do this, but it is worth while as this could take everything out of the equation and you can make sure that all interfering appliances are removed.

Try this first and lets take it from there.

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

View solution in original post

0 Helpful

Go to solution
David Trad
VIP Alumni
VIP Alumni

‎04-17-2011 04:06 PM

Hi Shameer,

Thanks for the diagram, however can you take that down as you have a User/Pass displayed on it and can you please change this imediatly as well.

So from what I can see the SA is routing for the other side of the network and the UC-560 is doing it for the voice side of the network, this should work just fine.

I would check the other side and make sure the Firewall is not preventing the free flowing of packets back to the UK site, if you can exclude everything from the NY side we can then focus back on the UK side.

Since the Multi-Site manage was configured using CCA I have no reason to suspect that the ACL's are out of whack and causing you issues, so lets eliminate the primary suspects first and work backwards from there.

What is the firewall at the NY site? Model/Brand would help and how you have the basic configuration on that setup.

Cheers,


David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

View solution in original post

0 Helpful

Go to solution
David Trad
VIP Alumni
VIP Alumni
In response to Mohamed Shameer Fareed

‎04-19-2011 05:28 PM

Hi Shameer,

Glad it is all working now for you 

h323-gateway voip bind srcaddr 192.168.30.1

This was on my list of things to check, but it was 5th on the list we made it to number 3

If everything is up and working as it should be, can you close the thread of as answered, this helps with when people search on specific topics as well.

Cheers,


David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

View solution in original post

0 Helpful
5 Replies 5

Go to solution
David Trad
VIP Alumni
VIP Alumni

‎04-14-2011 06:22 PM

Hi Shameer,

We need to establish that the SA-520 is doing its job properly, since you used CCA to configure the Multi-Site setup it might not have been aware of an edge device being there that was firewall/agl/acl/ capable, so the VPN tunnel may be up but the routing of the calls may not be hitting the UC and I suspect the audio path could be going into the other side of the network.

If there is a way to get the UC connected directly to the WAN side and test it there we can start the elimination process, it can be a little tricky when it is in a live production environment, and yes you would need to be onsite to do this, but it is worth while as this could take everything out of the equation and you can make sure that all interfering appliances are removed.

Try this first and lets take it from there.

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
0 Helpful

Go to solution
Mohamed Shameer Fareed
Level 3
Level 3
In response to David Trad

‎04-15-2011 01:11 AM

Hi David

UC560 is directly connected to WAN through a four port switch. see attached topology.

SA520 is on the other side of the network. but i think Newyork site has a firewall infront of the UC560.

problem is can ring the remote extension and see the remote user name but just one ring.

thanks

shameer

0 Helpful

Go to solution
David Trad
VIP Alumni
VIP Alumni

‎04-17-2011 04:06 PM

Hi Shameer,

Thanks for the diagram, however can you take that down as you have a User/Pass displayed on it and can you please change this imediatly as well.

So from what I can see the SA is routing for the other side of the network and the UC-560 is doing it for the voice side of the network, this should work just fine.

I would check the other side and make sure the Firewall is not preventing the free flowing of packets back to the UK site, if you can exclude everything from the NY side we can then focus back on the UK side.

Since the Multi-Site manage was configured using CCA I have no reason to suspect that the ACL's are out of whack and causing you issues, so lets eliminate the primary suspects first and work backwards from there.

What is the firewall at the NY site? Model/Brand would help and how you have the basic configuration on that setup.

Cheers,


David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
0 Helpful

Go to solution
Mohamed Shameer Fareed
Level 3
Level 3
In response to David Trad

‎04-19-2011 12:55 AM

Hi David

we manage to fix the issue. the Admin based in New York did some debug on UK site configuration.

multisite is now working, all that was needed was to set vlan 1 to srcaddr the internal ip, instead of sending over the wan IP like it was doing.

h323-gateway voip bind srcaddr 192.168.30.1

was the only change made.

thanks

shameer

0 Helpful

Go to solution
David Trad
VIP Alumni
VIP Alumni
In response to Mohamed Shameer Fareed

‎04-19-2011 05:28 PM

Hi Shameer,

Glad it is all working now for you 

h323-gateway voip bind srcaddr 192.168.30.1

This was on my list of things to check, but it was 5th on the list we made it to number 3

If everything is up and working as it should be, can you close the thread of as answered, this helps with when people search on specific topics as well.

Cheers,


David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *
0 Helpful
Customers Also Viewed These Support Documents