I have a customer who is implementing CME with conferencing. They have remote sites across a QoS-guaranteed WAN and are running IPSec VPN between the sites. When they create conference calls, the source IP address of the audio stream going to the remote site is the public interface of the CME router. This creates one-way audio where the remote phone cannot hear the bridge because the audio traffic is not being put into the VPN tunnel. We need to be able to specify that the audio traffic always originate from the private interface IP address.
We have the "ip source-address" command specified under "telephony-service" and also tried the "h323-gateway voip bind srcaddr" and "h323-gateway voip interface" commands under the private interface but those did not work either.
Any ideas how we can force the CME conference bridge to always use the private interface IP address as conference source? Thanks!
I thought this only applies to ACLs, i.e. the router does not apply outbound ACLs to traffic generated internally. I can do extended pings and run SAA traffic through a VPN tunnel that originates from within the same router. Does this not apply to voice traffic for some reason?
Packets originated by the router processes will not be encrypted when you use crypto maps. That is why the crypto map functionality has been replaced by the virtual tunnel. In most cases with Symphony, packets will not be encrypted using a crypto map because the router only processes crypto maps as packets cross the router. This can be fixed by using a GRE tunnel within the the IPSec tunnel (because the packets are now processed a second time as GRE packets), by routing via a policy-routed loopback (as the packet is routed a second time), or by using a virtual tunnel which provides the same functionality of a GRE tunnel within an IPSec tunnel, without the GRE part. This works because the design of a virtual tunnel interface is to route packets into the tunnel and then route the encrypted packets. The virtual tunnel interface was created in part to resolve the issue you describe. (Symphony is the voip functionality within an IOS router, CME leverages most of this functionality that has been available for 10 years).
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...