01-05-2001 06:41 AM - edited 03-12-2019 10:58 AM
Is there any way to make a remote IP PHONE 7960 or softphone to work accross VPN?
Also, is there any way to get this done accroos a router that is doing NAT or PAT?
Thx,
Anson
01-08-2001 01:10 PM
We use Raptor client to VPN in our internal network. Once the VPN is established, I'm viewed as another device on our network and the rest is done through DHCP. It works fine with both the softphone and an IP phone. I haven't tried configuring NAT or PAT but I don't see why it would not work.
01-10-2001 12:58 PM
It is definately possbile to have a 7960 Phone working accross an existing VPN Connection. I have already tested the 7960 and IP SoftPhone v1.1 over a VPN connection.
I believe the most important setting for accomplishing this is the ability to have the remote DHCP Server push down the appropriate TFTP server information for the 7960 Phone.
If you have problems with one-way communication you might want to reference the command
h323-gateway voip bind srcaddr
We ran into this issue with the VPN'd phone and resolved it via that command. Simple enough...
I have not actually tested the 7960 through a NAT/PAT router but have heard from Cisco it didn't work. But personally I think it might with some tweaking.
01-11-2001 08:06 AM
It should work if the phone is on one side of the NAT/PAT router and the CallManager is on the other. I am speaking about hardware phones (and possibly gateways) that use the Skinny protocol. H.323 based phones should work as well. I am not sure about the SoftPhone application.
Note that a minimum of IOS version 12.1(5)T is required, due to a NAT enhancement. Docs can be found at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtnipcm.htm
01-13-2001 08:20 AM
Thx,
This is the info I was looking for.
09-29-2001 11:23 AM
We are using Cisco806 with IP+... and it is working fine
10-02-2001 10:05 AM
We haven't got the NAT for the call manager to work yet, but.. it looks like you can NAT the call manager if you do a static address NAT using the command already referenced in this conversation.
The problem I'm having with NAT is that I'm doing overloading for the LAN and I'm trying to NAT the Call Manager and other internal phones, including the skinny station and gateway, h323, h225, h245, the rtp stream and the tftp server. All using one ip address. No VPN. Has anyone done this? Does anyone think it will work? What about referencing ip phones by ip address and tcp port so we can overload the rtp stream on the router?
In an interesting and somewhat related twist, here are example access list rules for allowing basic ip telephony through a firewall. Found these at this url:
http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/solution/6_operat.htm
access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq tftp
! Allow TFTP from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2000
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2001
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2002
! Allow Skinny from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1719
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 1720
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 range 11000
11999
! H.323 access from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit udp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2427
access-list avvid_in permit tcp 10.0.0.0 255.0.0.0 10.21.100.0 255.255.255.0 eq 2428
! MGCP from the Voice Network to the CallManager Cluster Subnet
access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 2748
! CTI (TAPI and JTAPI) for SoftPhone to the CallManager Cluster Subnet
access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq 8404
! SoftPhone Directory to the CallManager Cluster Subnet
access-list avvid_in permit tcp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 eq
www
access-list avvid_in permit tcp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 eq
telnet
access-list avvid_in permit tcp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 eq 22
access-list avvid_in permit icmp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 0
access-list avvid_in permit icmp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 8
access-list avvid_in permit udp 172.21.167.0 255.255.255.0 10.21.100.0 255.255.255.0 eq
snmp
! Allow Network Admin subnet access to CallManager Cluster subnet
access-list avvid_in permit tcp 172.21.0.0 255.255.0.0 10.21.100.0 255.255.255.0 eq www
! SoftPhone Telecaster HTTP access to the CallManager Cluster Subnet
ip address outside 10.21.199.2 255.255.255.0
! Interface attached to the Voice Network
ip address inside 10.21.100.1 255.255.255.0
! Interface attached to the CallManager Cluster
static (inside,outside) 10.21.100.0 10.21.100.0 netmask 255.255.255.0
! Do not NAT the CallManager Cluster address across the firewall
access-group avvid_in in interface outside
! Apply the access-list to the outside interface of the firewall
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: