Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Troubleshooting IP Communicator via SSL VPN

I have setup an IP Communicator phone on a remote PC that uses an SSL VPN client, and configured CM 4.02sr2b. The IP Communicator client registers with the CM, and can even make calls over the SSL tunnel, but conversation only works one direction. Corporate phones can hear the IP communicator client, but the client cannot hear corporate conversations. Looking for assistance in determining if the problem is port filter issues or how CM registers the IP Communicator IP addy or ???

9 REPLIES
Green

Re: Troubleshooting IP Communicator via SSL VPN

Which VPN client you use?

For SCCP registration and call control we use TCP port 2000, which is ok per your description.

For RTP UDP stream we use UDP ports 16384-32767

For non-Cisco VPN clients or clients that doesnt generate a virtual NIC you should use GETIP.asp reflector.

http://www.cisco.com/en/US/customer/products/sw/voicesw/ps5475/products_

administration_guide_chapter09186a00805f085a.html

You can obtain an sniffer trace to see which interface we are using.

HTH

//G

New Member

Re: Troubleshooting IP Communicator via SSL VPN

Thanks for the info. I downloaded the IP Communicator Admin Tool and installed it on our Publisher and ran the directory wizard. How do I run the IPC Admin Tool to enable HTTP Access? The only application in the IPC Admin Tool directoy on the CM is the Directory Wizard. Also, where do i specify the url for the getIP.asp?

Thx

New Member

Re: Troubleshooting IP Communicator via SSL VPN

BTW the SSL VPN Client is 3rd party (Citrix Access Gateway). TCP 2000, udp 69, udp 16384-32767 are open, as well as udp 2427 and tcp 2428. I'll setup Etheral on the client and sniff but still need to know how to publish getIP.asp

New Member

Re: Troubleshooting IP Communicator via SSL VPN

I figured out how to add the entry for the IP Address Autodetection URL. I then tested the URL from the PC where the IP Communicator is installed while the SSL session was active. The Autodetection URL correctly responds showing the address of the SSL VPN. The problem is that even with the Autodesction URl setup, the phone registers to CM with the physical ip address of the interface on the PC, not the IP address of the SSL VPN Session.

Because of this, one way communication continues to occur. Any suggestions?

Green

Re: Troubleshooting IP Communicator via SSL VPN

Ok,

As a workaround right click under Audio|Network|Select use this IP address enter Citrix IP.

We had a SR in which a customer was using Citrix VPN client and experience the same problem.

It was a Citrix problem not IPC.

Let me check the final solution and will let u know.

New Member

Re: Troubleshooting IP Communicator via SSL VPN

I tried your suggested changes with no success, but good thinking ;) I definitely agree the problem is most likely with the Citrix Access Gateway. In it's current configuration, the CAG does not assign a VPN IP address to it's clients. Rather, it assigns the inside ethernet inteface address of the CAG to al clients. I confirmed this when I ran the "IP Address Autodetection URL" from a web browser on the client PC and got a response addy of the CAG's ethernet address.

It's as if the Citrix Gateway is doing inbound PAT (Port address translation) for it's clients, so any connection attempts from the CM or other VoIP devices or Gateways cannot initiate communications to the IPC client. I have an email into our Citrix sister company to see if they have a solution for this issue (DHCP addy assignement for every client, etc). Let me know what you find in the SR final solution and thanks again!

New Member

Re: Troubleshooting IP Communicator via SSL VPN

Also FYI I assigned the IPC with the address that the "IP Address Autodetection URL" detects of the PC, which is the Internal address of the Citrix Access Gateway, and the phone registers with the CM with this address (not the LAN addy of the remote PC as was previously occurring) but still the calls only work one way. Does the IPC use Skinny ports? Lastly, the IPC does pull down our corporate directory so I'm almost there!!!

New Member

Re: Troubleshooting IP Communicator via SSL VPN

Issue resolved~!! The final soluation included changing the Citrix Access Gateway SSL VPN to assign IP's from a dhcp pool for the IPC clients. The devices now register correctly in the CM and bi-directional conversation works!

Green

Re: Troubleshooting IP Communicator via SSL VPN

Glad to hear is working the SR was closed for No Contact

925
Views
11
Helpful
9
Replies