I have a network that has 2 vlans and an additional lan connected by vpn
this is my default lan in the main office.
Vlan 100 (SIP Vlan)
this is the Phone network, Allworx phones and allworx 6x
I also have a remote office connecting via VPN with it's own DHCP server
I can see and ping across the 192.168.1.0 and 192.168.0.0 networks but need to be able to see and ping from the 192.168.0.0
to 172.16.1.0 in order to use the SIP phone system with all of the features working..
I have looked at this and tried several things all without success , I will give a few more details below as to what
is addressed how and where any suggestions at all are welcome, It's a live environment so testing has to be done
early in the morning before anyone gets in so if my responses seem slow I apologize in advance..
on the 192.168.0.0 vlan 1 the gateway is the ISA550W at 192.168.0.253
the Allworx 6X is at 172.16.1.254 it is pingable, but nothing else in the 172.16.1.0 range is. I am also using this as the address of VLan100 (wondered if this is the problem) I also wondered if my issues are because the phone vlan is getting Natted.
We can worry about the remote office later on, because it is reachable going both directions to and from the remote office
thank you in advance and if you need more info please let me know..
If you are using the 172.16.1.254 address for the ISA as well as your PBX then that is causing the problem. When you ping that address it is probably the ISA answering the ping since it is closer, however when the phones try to use it as their default gateway the phone system is closer to them, and they are not able to get out of their subnet since the PBX is not a router.
You also mention the phone VLAN getting NATed, but it should only be getting NATed out to the internet, which is usually what you want.
If you also want to access the phone VLAN from the remote office or vice versa you will need to create another VPN policy identify those networks as the local and remote groups. You can use the same IKE policy as the current tunnel which allows 192.168.1.0 an 192.168.0.0 to communicate.
thanks so much for taking the time to respond, just to be sure, I am using 172.16.1.254 as the vlan address on the ISA, the SIP system came programed with 172.16.1.254, so I apologize in advance for what may seem like a silly question but here goes, should I then possibly make the ISA 172.16.1.253 for the voice vlan and leave the SIP where it is..
again thank you so so very much for the response and sorry simple questions, first time working with multiple vlans..
You are correct, you should change your ISA's IP to .253. Whenever you have two devices with the same IP on the same network you are going to run into issues.
Since your VOIP system is pre-programmed it would be easier just to change the ISA's IP. You will then also need to update the client's default gateway, or at least release/renew their DHCP to get the new default gateway.
That would be your simplest option, since I don't know how complicated it is to change the VOIP system's IP.
Thanks again so very much for the assistance I knew better than to give them the same IP I have no idea how I overlooked it for so long, I reassigned the IP to .253 from .254 and all started working immediately, I work alone at my place of business so the extra set of eyes was a real help on this one.
this solved several issues I was having so again thanks very much for your time and expertise.
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...