Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
0
Helpful
3
Replies

Personal Communicator not working correctly through VPN

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎11-24-2010 06:51 AM - edited ‎03-19-2019 01:58 AM

Hello Community,

I can use some help please :-)

This client uses Personal Communicator and works fine.

The problem is via IPsec VPN client, they can log in, can make calls, but everybody (all contacts) show offline.

I've been told that they have look at this problem for several weeks now but nobody knows what is going on.... I'm trying right now and having the same problem.

When the remote IPsec client connects it gets the intenal DNS server and everything else works fine (IP communicator and all other applications).

When inside the LAN, all contacts appear online using the Personal Communicator and works perfectly.

I'm sure it's something simple but I have not been able to figue it out.

Appreciate the assistance!

Federico.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎11-24-2010 07:27 AM

Are you using CUPC 7 or 8? What is the VPN concentrator; an ASA?

If 7, all of this is SIP traffic. Use a Wireshark to see what you get. You should see a SUBSCRIBE message for each contact followed by a 200 OK reply and NOTIFY when the person's status changes. Perhaps compare this against a capture from a LAN-attached client to see what's different.

Do you see the ASA's IP addresses anywhere in the layer-seven SIP headers? I sometimes run across SIP inspection occurring on the ASA which is mucking around with the headers by doing things such as replacing the internal CUPS address with the ASA's egress interface address.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎11-24-2010 07:27 AM

Are you using CUPC 7 or 8? What is the VPN concentrator; an ASA?

If 7, all of this is SIP traffic. Use a Wireshark to see what you get. You should see a SUBSCRIBE message for each contact followed by a 200 OK reply and NOTIFY when the person's status changes. Perhaps compare this against a capture from a LAN-attached client to see what's different.

Do you see the ASA's IP addresses anywhere in the layer-seven SIP headers? I sometimes run across SIP inspection occurring on the ASA which is mucking around with the headers by doing things such as replacing the internal CUPS address with the ASA's egress interface address.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Jonathan Schulenberg

‎11-24-2010 07:59 AM

Jonathan,

Thank you for responding!
CUCP 7 and ASA 8.2
What bothers me is that through the VPN, the entire IP protocol is permitted between the internal LAN
(where the CUCP is and the VPN pool), no ports filtered.
SIP inspection is on however (but there are no ACLs blocking any traffic).

I will definitely follow your suggestions and check the packets flow and let you know.
Thanks.

Federico.

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Federico Coto Fajardo

‎11-24-2010 08:12 AM

Jonathan,

Actually you were 100% correct :-)

I disabled SIP inspection in the ASA and now it works....

The problem is that this client requires SIP inspection enabled for other purposes...

I still have to find how to have this Personal Communicator working with SIP inspection enabled.

Federico.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents