Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Personal Communicator not working correctly through VPN

Hello Community,

I can use some help please :-)

This client uses Personal Communicator and works fine.

The problem is via IPsec VPN client, they can log in, can make calls, but everybody (all contacts) show offline.

I've been told that they have look at this problem for several weeks now but nobody knows what is going on.... I'm trying right now and having the same problem.

When the remote IPsec client connects it gets the intenal DNS server and everything else works fine (IP communicator and all other applications).

When inside the LAN, all contacts appear online using the Personal Communicator and works perfectly.

I'm sure it's something simple but I have not been able to figue it out.

Appreciate the assistance!

Federico.

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

Re: Personal Communicator not working correctly through VPN

Are you using CUPC 7 or 8? What is the VPN concentrator; an ASA?

If 7, all of this is SIP traffic. Use a Wireshark to see what you get. You should see a SUBSCRIBE message for each contact followed by a 200 OK reply and NOTIFY when the person's status changes. Perhaps compare this against a capture from a LAN-attached client to see what's different.

Do you see the ASA's IP addresses anywhere in the layer-seven SIP headers? I sometimes run across SIP inspection occurring on the ASA which is mucking around with the headers by doing things such as replacing the internal CUPS address with the ASA's egress interface address.

Please remember to rate helpful responses and identify helpful or
3 REPLIES
VIP Super Bronze

Re: Personal Communicator not working correctly through VPN

Are you using CUPC 7 or 8? What is the VPN concentrator; an ASA?

If 7, all of this is SIP traffic. Use a Wireshark to see what you get. You should see a SUBSCRIBE message for each contact followed by a 200 OK reply and NOTIFY when the person's status changes. Perhaps compare this against a capture from a LAN-attached client to see what's different.

Do you see the ASA's IP addresses anywhere in the layer-seven SIP headers? I sometimes run across SIP inspection occurring on the ASA which is mucking around with the headers by doing things such as replacing the internal CUPS address with the ASA's egress interface address.

Please remember to rate helpful responses and identify helpful or

Re: Personal Communicator not working correctly through VPN

Jonathan,

Thank you for responding!
CUCP 7 and ASA 8.2
What bothers me is that through the VPN, the entire IP protocol is permitted between the internal LAN
(where the CUCP is and the VPN pool), no ports filtered.
SIP inspection is on however (but there are no ACLs blocking any traffic).

I will definitely follow your suggestions and check the packets flow and let you know.
Thanks.

Federico.

Re: Personal Communicator not working correctly through VPN

Jonathan,

Actually you were 100% correct :-)

I disabled SIP inspection in the ASA and now it works....

The problem is that this client requires SIP inspection enabled for other purposes...

I still have to find how to have this Personal Communicator working with SIP inspection enabled.

Federico.

699
Views
0
Helpful
3
Replies