cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1002
Views
0
Helpful
3
Replies

Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way communication

DiWachhr2011
Level 1
Level 1

Hi Community.

I have a strange problem with my setup and I'm pretty sure it's either some type of routing (or NAT) or just a missing rule allowing the traffic. But I'm now at a point where I'd like to request your help.

I have some remote access users who have the Cisco IP Communicator (CIPC) installed on their notebooks. So:

VPN user with CIPC <> ASA Firewall <> Voice Router <> CCM <> IP Phone

The VPN works fine for any other traffic. Also the basic connection for the IP Communicator works fine. It get's connected to the CallManager, is shown as registered and you even can call an internal phone and also external phones. BUT: while you can hear the called party (so the internal phone) it doesn't work for the other way. There is no sound coming from the remote/caller.

I already figured out that it's also not possible to ping from the VPN phone to the internal IP Phone subnet. While the VPN user can ping any other device in the internal network, he can't do it to the Cisco IP Phones. But if the VPN phone calls a none-internal phone (mobiles...) - it works!

My thought is that the call can't be build up correctly between the VPN phone and the internal phone.

I found similiar situations with google but they are all for the other way around: call to internal works, but not to VPN.

What do you think?

1 Accepted Solution

Accepted Solutions

Hi,

Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.

This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.

- Jouni

View solution in original post

3 Replies 3

DiWachhr2011
Level 1
Level 1

extra info: i found out that the vpn client - as soon as connected - gets all the routes to the internal network, except of the internal Cisco IP Phones network. how is the information about the routes spread from the ASA to the VPN client?

Hi,

Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.

This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.

- Jouni

found the answer. the internal Cisco IP Phones subnet was not added to the network object group  assigned to the RemoteAccess ACL.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: