cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
1
Replies

IP Communicator via VPN - No voice

raynorris
Level 1
Level 1

I have a vpn set up for home workers to vpn to the office to connect the IP Communicator to the Call Manager. They are able to have conversations over their IP Communicator with other IP Phones based in the office and external phones, eg. a mobile phone on a public network.

However 2 people both using IP Communicator over vpn cannot speak. The call connects, however, no voice is heard at either end.

I have a feeling it may be something to do with the NAT configuration on it.

Below is some relevent gateway configuration.

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group vpnaccess

key *********

dns 192.168.100.240

wins 192.168.100.240

domain jamip.co.uk

pool vpnpool

acl 102

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set myset

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

interface Loopback0

ip address 192.168.10.254 255.255.255.0

shutdown

h323-gateway voip interface

h323-gateway voip bind srcaddr 192.168.10.254

!

interface FastEthernet0/0

description CVP Interface

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.100

description Inside Office Data Interface

encapsulation dot1Q 100

ip address 192.168.100.254 255.255.255.0

ip helper-address 192.168.100.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/0.200

description Inside Office Voice Interface

encapsulation dot1Q 200

ip address 192.168.200.254 255.255.255.0

ip helper-address 192.168.100.240

ip nat inside

no snmp trap link-status

!

interface FastEthernet0/1

description External ISP Interface - vlan 1000 IP

ip address xxx.xxx.xxx.221 255.255.255.248

ip nat outside

speed 100

full-duplex

crypto map clientmap

!

ip local pool vpnpool 192.168.2.101 192.168.2.120

ip nat inside source list 101 interface FastEthernet0/1 overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 xxx.xxx.xxx.222

ip route 192.168.22.0 255.255.255.0 FastEthernet0/0.20 permanent

!

!

access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

access-list 102 remark ******* VPN SPLIT TUNNELLING ACL *******

access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.20.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 10.1.0.0 0.0.255.255 192.168.2.0 0.0.0.255

access-list 102 remark ******* VPN SPLIT TUNNELLING ACL *******

1 Accepted Solution

Accepted Solutions

JOSH GANT
Level 1
Level 1

Try adding the following line:

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

View solution in original post

1 Reply 1

JOSH GANT
Level 1
Level 1

Try adding the following line:

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255