Seeing if anyone can help with an issue. we have a Cisco 5510 with 8.2.1 and running both a phone proxy and ipsec site to site vpns. the asa sslphone proxy works fine for any lan and wan sites ( mpls) behind the asa. that is not an issue. and lan / wan phones can reach all pnoes at sites connected via the ipsec vpn's. no issue. the issue is that when an ssl phone proxy attached external phone attempts to call another ip phone at a remote site the call fails no VOICE. It appears as if the ASA does not hairpin or route traffic out from the ssl phone proxy back out the interface to the vpn tunnel. Note I am ponly using a single global media termination address which is external. ( not one where I can put one on each interface) If anyone has done an ssl phone proxy coming in and then hairpinning back out an ipsec site to site vpn tunnel connection please let me know and if you can share a sanitized sample config it would be appreciated. this one is frustrating me. Thank you.
That's exactly the same issue I had before. The workaround was to make sure that the audio path was correct both ways. Although version 8.2.1 must have fix this issue (but be sure you have a internal and external for your MTA), I have to make a few static routes into my network devices.
We are trying to create a similar configuration on as ASA5510 running 8.2(1)11. We have the Phone Proxy configured and working we are trying to use the same ASA as the termination point for EZVPN connections from remote 871 routers. We need to support a combination of remote phones connecting to the Call Manager / TFTP from private address blocks across IPSec VPN and remote phones connecting to the Phone Proxy interface. Our issue is with the VPN connected phones; the are not able to receive the CTL and xml config files via TFTP from the Call Manager. It appears the Phone Proxy function on the ASA intercepts all TFTP traffic and does not allow it to return across the tunnel. We can ping, browse, and RDP to the Call Manager across the VPN, so the issue appears to be TFTP specific. We see the TFTP request in the ASA log for the VPN attached phone, but configuration does not reach the phone.
Is there something specific (ACL, etc) required to enable the ASA to differentiate Phone Proxy traffic and VPN traffic for TFTP connections, and route appropriately?
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...