vpn client to vpn client

Unanswered Question
Jan 7th, 2010

I'm having a problem with traffic between remote VPN clients when connected to an ASA running 8.2. In particular when using IPC, its possible to establish the call okay but no audio passes between the hosts. IPC works fine when making a call to a soft or hard phone on the internal network. I've tested with the Cisco VPN client and Anyconnect with the same results. I've enabled hairpinning with the same-security-traffic permit intra-interface command.

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Alexandro Carra... Thu, 01/07/2010 - 13:16

both clients can pingh each other right? you can check sh service-policy inspect skinny | sip and check if the asa is dropping any traffic by inspecting any of those protocols, if so, try removing inspect (skinny | sip) both

Yudong Wu Thu, 01/07/2010 - 13:21

Are you using phone proxy on ASA?

If not, you need check the IP connectivity between two vpn clients.

You might need add extra "nat 0"  for traffic between vpn clients so that they will not be checked for NAT. This is my initial thought.

Brian Cartledge Thu, 01/07/2010 - 13:54

Thanks for the assistance.

Yes, the ASA has a phone proxy license and its enabled. Is this causing the problem? If so is there a workaround?

Yudong Wu Thu, 01/07/2010 - 14:10

There are some limitation regarding to VPN tunnel and phone proxy. The phone proxy will make sure a secure voice conversation and therefore, no vpn is needed. I am not good at this. You can open a TAC case for help.


The phone proxy does not support inspection of packets from phones connecting to the phone proxy over a VPN tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is not supported. Configuring the phone proxy feature on the security appliance allows IP phones to connect to the corporate network without requiring that the traffic go through VPN tunnels.


This Discussion