I have an L2L tunnel of IPSEC between an ASA and a PIX.
The ASA as an 8,0 OS version and the PIX a 7.2 OS version.
In that tunnel I what to pass data and voip.
The packets of data have no problem, but with voip I have some problems.
The thing is like this.
I can make a phone call between the phones in the PIX site and I can do a phone call to the public network, but when I tried to do a phone call between the PIX site and the ASA site I can't do it.
In the ASA site I have a Call Manager.
In the ASA site the phones numbers are like this: 20xx.
In the PIX site the phones numbers are like this: 90xx.
When I make a phone call between the tow sites the phone rings, but when I pickup the phone I can't hear nothing and in the other site they can't hear me too.
Can some one help me?
Thanks in advance,
Routing I think is not an issue.
Because I can ping the phones in Lisboa when I am in Porto.
I can ping the L3 switch in Lisbon.
My colleague can do the same when he makes a ping from Lisboa to Porto.
first check the inspection of skinny is enabled
and try to add this command under the
also check ur vpn ACLs for intersting traffic and for allowed traffic dose the skinny
sccp port and address allowed
check ur phones address not data adress
by the way the remote site phones regestered with asa site callmanager or deferent call control server they have
good luck and let me know if worked
Rate if helpful
Please, see the file with some configuration that I sanded earlier.
I can't see what you mean with
ââ¦check up phones addresses not data addressâ¦â
and, I can't see what you mean with
ââ¦by the way the remote site phones registered with asa site callmanager or deferent call control server they haveâ¦â
Can you explainâ¦ please?
i meant that
when permiting sccp port and making ur vpn interesting traffic u, put the ip addressing range of ur phone (voice) in addition to data
i asked u about ur phone behind the pix do they belong to ur callmanger behind the ASA or they belong to deffrent call control system?
also check this link
rate if helpful
The phones behind the PIX belong (are registered) to the callmanager that are behind the ASA.
They must have the same extension plan (20xx) or they can be in different plans, i.e., they have to be in the 20xx plan or one can be in the 20xx plan and the other can be in the 90xx plan?
In the configuration that I sanded the vlan 27 is the voice vlan. It's only used for voice traffic. The others vlans are for data.
I don't know if this is what you mean with
ââ¦put the ip addressing range of ur phone (voice) in addition to dataâ¦â
Make and ACLs that allow http, https, TFTP and SCCP from the PIX voice lan to the ASA LAN and and especially to your callmanager ip address ( this will let the ip phones on the remote site to rigester with your callmanger)
This shoud be applied on the ouside interfaces of the ASA
Because this traffic for registration should be established from the PIX lan
U have to include the traffic(mentioned above) with ur VPN interesting traffic and also NOTNAT traffic at the PIX side
Now on the ASA include all traffic from ur voice network to the remote voice network in the vpn interesting traffic and NOTNAT
Also check the dhcp configuration for the remote site whither the client taking the right IPs and they do have the option 150 pointing to ur TFTP server which mostly the Callmanger server, also the they have the right gateway !!
And about ur other question about the phone numbers
Yes, u can assign what ever numbers u want not necessarily to be the in the same range
Check your config carefully
And let me know
I tried to had the ârtp-conformanceâ has a parameter in the âinspect skinnyâ command but I could not do it.
The âinspect skinnyâ did not had that parameterâ¦
That's a problem?
if u look to achieve that then do the following
make ACL based on ur requirement source and sit to be refrenced in the sccp policy inspection such as:
access-list global_mpc_1 extended permit ip 10.1.3.0 255.255.255.0 host 10.1.4.2
than match this ACL through a class-map that will be called in the inspection
match access-list global_mpc_1
creat the inspection policy:
policy-map type inspect skinny sccp_policy
finally bring all together:
inspect skinny sccp_policy
now will work:)
please, if helpful Rate