|
Home > Archive > Voice over IP Cisco > May 2005 > CME, VPN, PIX IOS
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Jim McBurnett 2005-05-10, 7:45 am |
| Hello!
I have been testing a little something and I was wondering if anyone
else has seen this..
CME ver 3.2
PIX 6.3.3(132) on a 501
IP phone
|
PIX 501
|
Internet
|
2811 with CME/VPN
|
POTS lines
I have one way audio on the IP phone at the PIX location.
It does not matter how I try to call- To POTS or to other IP phones at
the 2811 site, the other end can hear me, but not the other may around.
I have good ping times (sub 50ms)
Packet size has been adjusted up and down from 1400 to 1492
The VPN works fine for other DATA.. The Circuit was monitored on both
ends, neither was even approaching 30% capacity
I have check the VPN access-list and it all seems fine Traffic is
flowing for all the correct IP addresses.
Thanks,
Jim
| |
| Candace Holman 2005-05-10, 5:45 pm |
| It might not hurt to check the PIX configuration. I believe there are a
few voip fixups (skinny, sip, etc) that you can apply to make sure that
audio flows in both directions dynamically. Also check to make sure tftp,
the other udp firewall nasty with a fixup, is working properly.
Candace
At 08:57 PM 5/9/2005, Jim McBurnett wrote:
>Hello!
>I have been testing a little something and I was wondering if anyone
>else has seen this..
>
>CME ver 3.2
>PIX 6.3.3(132) on a 501
>
>IP phone
> |
>PIX 501
> |
>Internet
> |
>2811 with CME/VPN
> |
>POTS lines
>
>I have one way audio on the IP phone at the PIX location.
>It does not matter how I try to call- To POTS or to other IP phones at
>the 2811 site, the other end can hear me, but not the other may around.
>
>I have good ping times (sub 50ms)
>Packet size has been adjusted up and down from 1400 to 1492
>
>The VPN works fine for other DATA.. The Circuit was monitored on both
>ends, neither was even approaching 30% capacity
>
>I have check the VPN access-list and it all seems fine Traffic is
>flowing for all the correct IP addresses.
>
>Thanks,
>Jim
>
>
>
> ________________________________________
_______
>cisco-voip mailing list
>cisco-voip@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-voip
| |
| Voll, Scott 2005-05-10, 5:45 pm |
| Jim--
This sounds like either an ACL problem, routing problem, or a Fixup
problem.
Check all your fixup protocols.
Then check all your routing tables (make sure all subnets that need to
go across the VPN are there).
And make sure that the VPN ACL includes everything. Sounds like the
setup is going to the CME but when the RTP stream starts you are not
getting the phone to phone or phone to VGW RTP back (check IP addresses
for being blocked).
Hope it helps
Scott
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Jim McBurnett
Sent: Monday, May 09, 2005 5:57 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] CME, VPN, PIX IOS
Hello!
I have been testing a little something and I was wondering if anyone
else has seen this..
CME ver 3.2
PIX 6.3.3(132) on a 501
IP phone
|
PIX 501
|
Internet
|
2811 with CME/VPN
|
POTS lines
I have one way audio on the IP phone at the PIX location.
It does not matter how I try to call- To POTS or to other IP phones at
the 2811 site, the other end can hear me, but not the other may around.
I have good ping times (sub 50ms)
Packet size has been adjusted up and down from 1400 to 1492
The VPN works fine for other DATA.. The Circuit was monitored on both
ends, neither was even approaching 30% capacity
I have check the VPN access-list and it all seems fine Traffic is
flowing for all the correct IP addresses.
Thanks,
Jim
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
| |
| Wes Sisk 2005-05-10, 5:45 pm |
| if you are only using the router and pix for VPN, then do not use the fixup.
Fixup is primarily needed when you need to dynamically open/close tcp/udp
sessions or when you are NAT'ing the connection.
/Wes
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of Voll, Scott
Sent: Tuesday, May 10, 2005 11:09 AM
To: Jim McBurnett; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
Jim--
This sounds like either an ACL problem, routing problem, or a Fixup
problem.
Check all your fixup protocols.
Then check all your routing tables (make sure all subnets that need to
go across the VPN are there).
And make sure that the VPN ACL includes everything. Sounds like the
setup is going to the CME but when the RTP stream starts you are not
getting the phone to phone or phone to VGW RTP back (check IP addresses
for being blocked).
Hope it helps
Scott
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Jim McBurnett
Sent: Monday, May 09, 2005 5:57 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] CME, VPN, PIX IOS
Hello!
I have been testing a little something and I was wondering if anyone
else has seen this..
CME ver 3.2
PIX 6.3.3(132) on a 501
IP phone
|
PIX 501
|
Internet
|
2811 with CME/VPN
|
POTS lines
I have one way audio on the IP phone at the PIX location.
It does not matter how I try to call- To POTS or to other IP phones at
the 2811 site, the other end can hear me, but not the other may around.
I have good ping times (sub 50ms)
Packet size has been adjusted up and down from 1400 to 1492
The VPN works fine for other DATA.. The Circuit was monitored on both
ends, neither was even approaching 30% capacity
I have check the VPN access-list and it all seems fine Traffic is
flowing for all the correct IP addresses.
Thanks,
Jim
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
| |
| Jim McBurnett 2005-05-10, 5:45 pm |
| Exactly..
The CME router is running as a VPN router also..
The PIX runs the VPN side from the remote site..
TFTP and everything else works fine..
Thanks,
Jim
-----Original Message-----
From: Wes Sisk [mailto:wsisk@cisco.com]
Sent: Tuesday, May 10, 2005 11:57 AM
To: Voll, Scott; Jim McBurnett; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
if you are only using the router and pix for VPN, then do not use the
fixup.
Fixup is primarily needed when you need to dynamically open/close
tcp/udp sessions or when you are NAT'ing the connection.
/Wes
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of Voll, Scott
Sent: Tuesday, May 10, 2005 11:09 AM
To: Jim McBurnett; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
Jim--
This sounds like either an ACL problem, routing problem, or a Fixup
problem.
Check all your fixup protocols.
Then check all your routing tables (make sure all subnets that need to
go across the VPN are there).
And make sure that the VPN ACL includes everything. Sounds like the
setup is going to the CME but when the RTP stream starts you are not
getting the phone to phone or phone to VGW RTP back (check IP addresses
for being blocked).
Hope it helps
Scott
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Jim McBurnett
Sent: Monday, May 09, 2005 5:57 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] CME, VPN, PIX IOS
Hello!
I have been testing a little something and I was wondering if anyone
else has seen this..
CME ver 3.2
PIX 6.3.3(132) on a 501
IP phone
|
PIX 501
|
Internet
|
2811 with CME/VPN
|
POTS lines
I have one way audio on the IP phone at the PIX location.
It does not matter how I try to call- To POTS or to other IP phones at
the 2811 site, the other end can hear me, but not the other may around.
I have good ping times (sub 50ms)
Packet size has been adjusted up and down from 1400 to 1492
The VPN works fine for other DATA.. The Circuit was monitored on both
ends, neither was even approaching 30% capacity
I have check the VPN access-list and it all seems fine Traffic is
flowing for all the correct IP addresses.
Thanks,
Jim
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
| |
| Wes Sisk 2005-05-10, 5:45 pm |
| remove the fixups.
/Wes
-----Original Message-----
From: Jim McBurnett [mailto:jim@tgasolutions.com]
Sent: Tuesday, May 10, 2005 1:09 PM
To: Wes Sisk; Voll, Scott; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
Exactly..
The CME router is running as a VPN router also..
The PIX runs the VPN side from the remote site..
TFTP and everything else works fine..
Thanks,
Jim
-----Original Message-----
From: Wes Sisk [mailto:wsisk@cisco.com]
Sent: Tuesday, May 10, 2005 11:57 AM
To: Voll, Scott; Jim McBurnett; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
if you are only using the router and pix for VPN, then do not use the
fixup.
Fixup is primarily needed when you need to dynamically open/close
tcp/udp sessions or when you are NAT'ing the connection.
/Wes
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of Voll, Scott
Sent: Tuesday, May 10, 2005 11:09 AM
To: Jim McBurnett; cisco-voip@puck.nether.net
Subject: RE: [cisco-voip] CME, VPN, PIX IOS
Jim--
This sounds like either an ACL problem, routing problem, or a Fixup
problem.
Check all your fixup protocols.
Then check all your routing tables (make sure all subnets that need to
go across the VPN are there).
And make sure that the VPN ACL includes everything. Sounds like the
setup is going to the CME but when the RTP stream starts you are not
getting the phone to phone or phone to VGW RTP back (check IP addresses
for being blocked).
Hope it helps
Scott
-----Original Message-----
From: cisco-voip-bounces@puck.nether.net
[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Jim McBurnett
Sent: Monday, May 09, 2005 5:57 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] CME, VPN, PIX IOS
Hello!
I have been testing a little something and I was wondering if anyone
else has seen this..
CME ver 3.2
PIX 6.3.3(132) on a 501
IP phone
|
PIX 501
|
Internet
|
2811 with CME/VPN
|
POTS lines
I have one way audio on the IP phone at the PIX location.
It does not matter how I try to call- To POTS or to other IP phones at
the 2811 site, the other end can hear me, but not the other may around.
I have good ping times (sub 50ms)
Packet size has been adjusted up and down from 1400 to 1492
The VPN works fine for other DATA.. The Circuit was monitored on both
ends, neither was even approaching 30% capacity
I have check the VPN access-list and it all seems fine Traffic is
flowing for all the correct IP addresses.
Thanks,
Jim
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
|
|
|
|
|