voicemail over vpn problem

Unanswered Question
May 24th, 2010

help required

i have created a site to site & remote access vpn on my
home network to practice sending voice over encrypted
tunnels everything seems to work okay except for one
thing,the phones attached to the uc520 can ring the
phones behind the cme/cue router but if the call goes
unanswered it is not forwarded to voicemail all i get
is a fast busy signal.

basically the question is this is there any additional
configuration i need to do to the cme/cue router to allow
phones registered with the uc520 to leave voicemail on
cme/cue router.

i don't have this problem in the other direction
unanswerd calls from the phones behind the cme/cue
router to the uc520 are directed to voicemail.

regards

melvyn brown

i have included a network diagram as an attachment

below is the configuration for the complete network


3550

vlan 10
name data

vlan 100
name voice

interface range fastethernet0/1 - 4
cdp enable
power inline auto
switchport mode access
switchport access vlan 10
switchport voice vlan 100
spanning-tree portfast

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport mode trunk


CME/CUE ROUTER

ip dhcp excluded-address 192.168.20.1 192.168.20.5
ip dhcp excluded-address 10.1.2.1 10.1.2.5

ip route 0.0.0.0 0.0.0.0 fastethernet0/0

clock timezone GMT 0
clock summer-time GMT recurring

ntp master

ip dhcp pool VOICE
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
option 150 ip 10.1.2.1
service dhcp

ip dhcp pool DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
service dhcp

interface Loopback0
ip address 100.1.1.1 255.255.255.255

interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shut

interface FastEthernet0/1
no shut

interface FastEthernet0/1.10
encapsulation dot1q 10
ip address 192.168.20.1 255.255.255.0

interface FastEthernet0/1.100
encapsulation dot1q 100
ip address 10.1.2.1 255.255.255.0

tftp-server flash:P0030702T023.bin
tftp-server flash:P0030702T023.loads
tftp-server flash:P0030702T023.sb2
tftp-server flash:P0030702T023.sbn

telephony-service
max-ephones 50
max-dn 50
load 7960-7940 P0030702T023
ip source-address 100.1.1.1
date-format dd-mm-yy
create cnf-files

ephone-dn 1  dual-line
number 1001

ephone-dn 2  dual-line
number 1002

ephone 1
mac-address 0014.1CAA.4E48
button 1:1

ephone 2
mac-address 001B.B9B8.8F97
button 1:2

dial-peer voice 2000 voip
destination-pattern 2...
session target ipv4:192.168.4.1
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad

interface service-Engine 0/0
ip address 192.168.30.1 255.255.255.252
no shut
service-module ip address 192.168.30.2 255.255.255.252
service-module ip default-gateway 192.168.30.1

ip http server

ip http path flash:

ip http authentication local

telephony-service

web admin system name fred password flintstone
dn-webedit
time-webedit

dial-peer voice 1010 voip
description voicemail
destination-pattern 1010
session protocol sipv2
session target ipv4:192.168.30.2
dtmf-relay sip-notify
codec g711ulaw
no vad

ephone-dn 20
number #40....
mwi on

ephone-dn 21
number #41....
mwi off

ephone 1
username melvyn password brown

ephone 2
username terry password smith


EDGE ROUTER

access-list 101 permit ip 192.168.15.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 101 permit ip host 192.168.1.1 host 192.168.4.1

access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip host 192.168.30.2 192.168.15.0 0.0.0.255
access-list 102 deny ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 deny ip host 192.168.1.1 host 192.168.4.1
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip host 192.168.30.2 192.168.15.0 0.0.0.255
access-list 103 permit ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto isakmp key cisco123 address 192.168.4.1 no-xauth

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

crypto map VPN 10 ipsec-isakmp
set peer 192.168.4.1
set transform-set BOSTON
match address 101

ip local pool remote-pool 192.168.15.1 192.168.15.10

aaa new-model
aaa authentication login user1 local
aaa authorization network group1 local

username barney password rubble

crypto isakmp client configuration group London
key cisco
domain cisco.com
pool remote-pool
acl 103

crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route

crypto map VPN client authentication list user1
crypto map VPN isakmp authorization list group1

crypto map VPN client configuration address respond

crypto map VPN 15 ipsec-isakmp dynamic dynmap

interface fastethernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
crypto map VPN
no shut

interface fastethernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
no shut

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface fastethernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2
ip route 192.168.20.0 255.255.255.0 fastethernet0/1
ip route 10.1.2.0 255.255.255.0 fastethernet0/1
ip route 192.168.30.2 255.255.255.255 fastethernet0/1
ip route 100.1.1.1 255.255.255.255 fastethernet0/1


ROUTER-1

interface fastethernet0/1
ip address 192.168.2.2 255.255.255.0
no shut

interface fastethernet0/0
ip address 192.168.3.1 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 fastethernet0/0


ROUTER-2

interface fastethernet0/1
ip address 192.168.4.2 255.255.255.0
no shut

interface fastethernet0/0
ip address 192.168.3.2 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 fastethernet0/0


REMOTE ACCESS ROUTER

ip dhcp pool LOCAL
network 160.1.1.0 255.255.255.0
default-router 160.1.1.1

interface FastEthernet0/1
ip address 160.1.1.1 255.255.255.0
no shut

interface FastEthernet0/0
ip address 192.168.3.4 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


WEB SERVER ROUTER

interface FastEthernet0/1
ip address 150.1.1.1 255.255.255.0
no shut

interface FastEthernet0/0
ip address 192.168.3.3 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


UC520

after resetting back to factory default below are the
changes i made to the uc520 config

the phones and voicemail ect were configured via
the configuration assistant

no access-list 1
no access-list 104

no ip nat inside source list 1 interface FastEthernet0/0 overload

clock timezone GMT 0
clock summer-time GMT recurring

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any
access-list 104 deny   ip 192.168.10.0 0.0.0.255 any
access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
access-list 104 permit udp any host 192.168.4.1 eq 500
access-list 104 permit udp any host 192.168.4.1 eq 4500
access-list 104 permit esp any host 192.168.4.1
access-list 104 permit udp any eq bootps any eq bootpc
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip any any

access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 106 permit ip 192.168.25.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 106 permit ip host 192.168.4.1 host 192.168.1.1

access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip 10.1.1.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip host 10.1.10.1 192.168.25.0 0.0.0.255
access-list 107 permit ip 192.168.10.0 0.0.0.255 any

access-list 108 permit ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip 10.1.1.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip host 10.1.10.1 192.168.25.0 0.0.0.255

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto isakmp key cisco123 address 192.168.2.1 no-xauth

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

crypto map VPN 10 ipsec-isakmp
set peer 192.168.2.1
set transform-set BOSTON
match address 106

ip local pool remote-pool 192.168.25.1 192.168.25.10

crypto isakmp client configuration group Birmingham
key cisco
domain cisco.com
pool remote-pool
acl 108

crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route

aaa new-model
crypto map VPN client authentication list user1
crypto map VPN isakmp authorization list group1

username fred password flintstone

crypto map VPN client configuration address respond

crypto map VPN 15 ipsec-isakmp dynamic dynmap

interface fastethernet0/0
ip address 192.168.4.1 255.255.255.0
ip access-group 104 in
ip nat outside
crypto map VPN
no shut

route-map nonat permit 10
match ip address 107

ip nat inside source route-map nonat interface fastethernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.4.2

dial-peer voice 1000 voip
destination-pattern 1...
session target ipv4:192.168.1.1
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion