Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VoIP between IPSec VPN Sites issue

Unanswered Question
Nov 21st, 2010
User Badges:

Hi, hoping for a little guidance on this issue

I am deploying several ASA 5505's for a home office project for remote users. It is an IPSec VPN to the corporate and each user is set up with an IP range starting in the /27 subnet and moving up. The vlan 1 interface is the first IP in that subnet, the ASA assigns a DHCP address to any other connected device also within that subnet.

Basic configuration works fine and the VPN connection is successfully up, the wierd issue I'm facing is with IP phones behind the ASA's. Phones will power up and successfully register to Call manager. They are able to successfully make calls to another phone in the corporate network or to external phones. However, when a phone behind an ASA tries to dial another phone that is also behind an ASA, the call will successfully setup, but there is no audio whatsoever. Status messages on the phone show no audio packets traversing.

Is this a VPN issue or could this possibly be a routing issue?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Sun, 11/21/2010 - 12:23
User Badges:
  • Green, 3000 points or more


When you need a remote phone to talk to another remote phone, the voice packets need to travel through the VPN tunnel to the corporate site and back to the other end.

I think the problem is that all remote sites work fine, but there's no communication between them.


PC1 on remote site 1 cannot PING PC2 on remote site 2

To make this work, the ASA should be able to hairpin the traffic (send the traffic received from a VPN tunnel into another VPN tunnel).

You need:

same-security-traffic permit intra-interface

And also... include the remote networks in the interesting traffic.



This Discussion