voicemail over vpn problem

Unanswered Question
May 24th, 2010
User Badges:

help required

i have created a site to site & remote access vpn on my
home network to practice sending voice over encrypted
tunnels everything seems to work okay except for one
thing,the phones attached to the uc520 can ring the
phones behind the cme/cue router but if the call goes
unanswered it is not forwarded to voicemail all i get
is a fast busy signal.

basically the question is this is there any additional
configuration i need to do to the cme/cue router to allow
phones registered with the uc520 to leave voicemail on
cme/cue router.

i don't have this problem in the other direction
unanswerd calls from the phones behind the cme/cue
router to the uc520 are directed to voicemail.

regards

melvyn brown


i have included a network diagram as an attachment

below is the configuration for the complete network


3550


vlan 10
name data

vlan 100
name voice

interface range fastethernet0/1 - 4
cdp enable
power inline auto
switchport mode access
switchport access vlan 10
switchport voice vlan 100
spanning-tree portfast

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport mode trunk


CME/CUE ROUTER


ip dhcp excluded-address 192.168.20.1 192.168.20.5
ip dhcp excluded-address 10.1.2.1 10.1.2.5


ip route 0.0.0.0 0.0.0.0 fastethernet0/0


clock timezone GMT 0
clock summer-time GMT recurring


ntp master


ip dhcp pool VOICE
network 10.1.2.0 255.255.255.0
default-router 10.1.2.1
option 150 ip 10.1.2.1
service dhcp


ip dhcp pool DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
service dhcp


interface Loopback0
ip address 100.1.1.1 255.255.255.255


interface fastethernet0/0
ip address 192.168.1.1 255.255.255.0
no shut


interface FastEthernet0/1
no shut

interface FastEthernet0/1.10
encapsulation dot1q 10
ip address 192.168.20.1 255.255.255.0

interface FastEthernet0/1.100
encapsulation dot1q 100
ip address 10.1.2.1 255.255.255.0


tftp-server flash:P0030702T023.bin
tftp-server flash:P0030702T023.loads
tftp-server flash:P0030702T023.sb2
tftp-server flash:P0030702T023.sbn


telephony-service
max-ephones 50
max-dn 50
load 7960-7940 P0030702T023
ip source-address 100.1.1.1
date-format dd-mm-yy
create cnf-files


ephone-dn 1  dual-line
number 1001

ephone-dn 2  dual-line
number 1002


ephone 1
mac-address 0014.1CAA.4E48
button 1:1


ephone 2
mac-address 001B.B9B8.8F97
button 1:2


dial-peer voice 2000 voip
destination-pattern 2...
session target ipv4:192.168.4.1
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad


interface service-Engine 0/0
ip address 192.168.30.1 255.255.255.252
no shut
service-module ip address 192.168.30.2 255.255.255.252
service-module ip default-gateway 192.168.30.1


ip http server

ip http path flash:

ip http authentication local


telephony-service

web admin system name fred password flintstone
dn-webedit
time-webedit


dial-peer voice 1010 voip
description voicemail
destination-pattern 1010
session protocol sipv2
session target ipv4:192.168.30.2
dtmf-relay sip-notify
codec g711ulaw
no vad


ephone-dn 20
number #40....
mwi on


ephone-dn 21
number #41....
mwi off


ephone 1
username melvyn password brown


ephone 2
username terry password smith


EDGE ROUTER

access-list 101 permit ip 192.168.15.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 101 permit ip host 192.168.1.1 host 192.168.4.1

access-list 102 deny ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 102 deny ip host 192.168.30.2 192.168.15.0 0.0.0.255
access-list 102 deny ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 102 deny ip host 100.1.1.1 192.168.15.0 0.0.0.255
access-list 102 deny ip host 192.168.1.1 host 192.168.4.1
access-list 102 permit ip 192.168.20.0 0.0.0.255 any

access-list 103 permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip 192.168.20.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip host 192.168.30.2 192.168.15.0 0.0.0.255
access-list 103 permit ip 10.1.2.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 103 permit ip host 100.1.1.1 192.168.15.0 0.0.0.255


crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto isakmp key cisco123 address 192.168.4.1 no-xauth

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400


crypto map VPN 10 ipsec-isakmp
set peer 192.168.4.1
set transform-set BOSTON
match address 101


ip local pool remote-pool 192.168.15.1 192.168.15.10


aaa new-model
aaa authentication login user1 local
aaa authorization network group1 local


username barney password rubble


crypto isakmp client configuration group London
key cisco
domain cisco.com
pool remote-pool
acl 103


crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route


crypto map VPN client authentication list user1
crypto map VPN isakmp authorization list group1



crypto map VPN client configuration address respond

crypto map VPN 15 ipsec-isakmp dynamic dynmap


interface fastethernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
crypto map VPN
no shut


interface fastethernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
no shut


route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface fastethernet0/0 overload


ip route 0.0.0.0 0.0.0.0 192.168.2.2
ip route 192.168.20.0 255.255.255.0 fastethernet0/1
ip route 10.1.2.0 255.255.255.0 fastethernet0/1
ip route 192.168.30.2 255.255.255.255 fastethernet0/1
ip route 100.1.1.1 255.255.255.255 fastethernet0/1


ROUTER-1

interface fastethernet0/1
ip address 192.168.2.2 255.255.255.0
no shut


interface fastethernet0/0
ip address 192.168.3.1 255.255.255.0
no shut


ip route 0.0.0.0 0.0.0.0 fastethernet0/0


ROUTER-2

interface fastethernet0/1
ip address 192.168.4.2 255.255.255.0
no shut


interface fastethernet0/0
ip address 192.168.3.2 255.255.255.0
no shut


ip route 0.0.0.0 0.0.0.0 fastethernet0/0


REMOTE ACCESS ROUTER

ip dhcp pool LOCAL
network 160.1.1.0 255.255.255.0
default-router 160.1.1.1

interface FastEthernet0/1
ip address 160.1.1.1 255.255.255.0
no shut


interface FastEthernet0/0
ip address 192.168.3.4 255.255.255.0
no shut


ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


WEB SERVER ROUTER

interface FastEthernet0/1
ip address 150.1.1.1 255.255.255.0
no shut


interface FastEthernet0/0
ip address 192.168.3.3 255.255.255.0
no shut

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0


UC520

after resetting back to factory default below are the
changes i made to the uc520 config

the phones and voicemail ect were configured via
the configuration assistant

no access-list 1
no access-list 104

no ip nat inside source list 1 interface FastEthernet0/0 overload

clock timezone GMT 0
clock summer-time GMT recurring

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any
access-list 104 deny   ip 192.168.10.0 0.0.0.255 any
access-list 104 deny   ip 10.1.1.0 0.0.0.255 any
access-list 104 permit udp any host 192.168.4.1 eq 500
access-list 104 permit udp any host 192.168.4.1 eq 4500
access-list 104 permit esp any host 192.168.4.1
access-list 104 permit udp any eq bootps any eq bootpc
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip any any

access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 106 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 106 permit ip 192.168.25.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 106 permit ip host 192.168.4.1 host 192.168.1.1

access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.15.0 0.0.0.255
access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 107 deny ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip 10.1.1.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 107 deny ip host 10.1.10.1 192.168.25.0 0.0.0.255
access-list 107 permit ip 192.168.10.0 0.0.0.255 any

access-list 108 permit ip 192.168.10.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip 192.168.20.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip 10.1.1.0 0.0.0.255 192.168.25.0 0.0.0.255
access-list 108 permit ip host 10.1.10.1 192.168.25.0 0.0.0.255


crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto isakmp key cisco123 address 192.168.2.1 no-xauth

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400


crypto map VPN 10 ipsec-isakmp
set peer 192.168.2.1
set transform-set BOSTON
match address 106


ip local pool remote-pool 192.168.25.1 192.168.25.10


crypto isakmp client configuration group Birmingham
key cisco
domain cisco.com
pool remote-pool
acl 108


crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route


aaa new-model
crypto map VPN client authentication list user1
crypto map VPN isakmp authorization list group1


username fred password flintstone


crypto map VPN client configuration address respond

crypto map VPN 15 ipsec-isakmp dynamic dynmap


interface fastethernet0/0
ip address 192.168.4.1 255.255.255.0
ip access-group 104 in
ip nat outside
crypto map VPN
no shut


route-map nonat permit 10
match ip address 107


ip nat inside source route-map nonat interface fastethernet0/0 overload


ip route 0.0.0.0 0.0.0.0 192.168.4.2


dial-peer voice 1000 voip
destination-pattern 1...
session target ipv4:192.168.1.1
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion