I'm working on a deployment to interconnect 2 offices each with its own CME/CUE.
I got each cluster working individually pretty well. I'm baffled by the problems encountered when I configured the IPSEC tunnel to carry the interoffice traffic.
Based on the attached diagram, Individual CME/CUE cluster works perfectly.
Standard IPSEC tunnel between CME router and ASA is formed. Interesting traffic is 10.4.0.0 and 10.1.0.0 respectively.
> Ping from LAN 10.1.14.0 is successful to 10.4.14.0 and 10.4.12.0 hosts.
> Ping from LAN 10.4.14.0 is successful to 10.1.14.0 and 10.1.12.0 hosts.
> Ping from CME(left side) to 10.4.14.0 or 10.4.12.0 UNSUCCESSFUL. It is successful with extended ping by specifying source address of 10.1.14.1
> extension 51xx (10.1.12.0 phones) can be dialled by extension 55xx (10.4.12.0 phones)
However no voice heard between phones when pick up, and cannot route to voicemail box.
> extension 55xx (10.4.12.0 phones) cannot even be dialled by extension 51xx (10.1.12.0 phones)
I wonder if it's because the CME (left side) is using the 66.X.X.X address as the source address and it is not considered interesting traffic... I'll have to do some debug / packet capture to check again...
Please share any insights on multi-site CME deployment over VPN, and idea on what I'm doing wrong...
Anyway doesn't matter. Well as I am here telling you the above, going to your question, I think you have to diagnose first if you are really passing everything on the VPN. The pixes are the ones that must be looked into. there are multiple access lists that you have to set, to make a really any to any VPN. remember that with pix packets cannot re-enter vpn from inside, so it must be full mesh. Check if anything against UDP in ACL
So in end the thread could belong more to "security" :)
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...