Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SCCP gateway or intermediary device

I'm having a little issue here, and I was wondering if there is a solution:

We have a CCME 3.2 installation here running on a 2821. All but two of the phones are on-site here, and two phones are at employees' homes who are connected with hardware IPSEC VPNs.

The problem arises when home-worker 1 calls home-worker 2. Since the remote VPN subnets cannot be routed to each other, when the phones try to connect directly to one another to complete the call, it fails and the call connects with no audio. If one of the home-workers is on the phone, the other home-worker can hit their voicemail as Unity Express is on a reachable subnetwork.

What I am wondering is, since we cannot change the routing (the devices on one remote VPN subnet will not be able to talk to devices on another remote VPN subnet -- the VPN routers we are using do not have that capability with our current IP addressing scheme), is there some kind of gateway or intermediary device I can put on a reachable subnet such that when home-worker 1 calls home-worker 2 they can both connect to this device? Both remote subnets have two-way communication with the main office, just not with each other. Unfortunately, the Netgear VPN routers only have the capability to route through the tunnel to one subnet.

Hope that made enough sense,

2 REPLIES
Bronze

Re: SCCP gateway or intermediary device

If I understand you correctly this seems to be a routing issue. Simple solution is to connect the two VPN routers and the Office Network to a Cisco router or a layer3 switch, they will be able to route to each other.

New Member

Re: SCCP gateway or intermediary device

We are already using a Cisco L3 switch as our core, as well as Cisco edge switches at the main office.

The problem lies in the IP routing at the remote VPN router, and the reason I wanted to know if there was such thing as a gatekeeper or something similar is I would really like to avoid having to replace these devices. The actual problem is that all the remote VPN networks have their own 8-node subnets out of the 172.16.0.0/16 net. The rest of the office uses a subnetted 10.0.0.0/8 net. The IPSEC connection bridges 172.16.0.x/29 and 10.0.0.0/8. Unfortunately, there is no way to route the other 172.16.0.x/29 nets through the tunnel, it will only route one subnet.

I think I will go ahead and ask this in the firewalling forum also, but does anyone know if a PIX 501 can route more than one subnet through a VPN tunnel?

198
Views
0
Helpful
2
Replies
CreatePlease login to create content