Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way communication

Hi Community.

I have a strange problem with my setup and I'm pretty sure it's either some type of routing (or NAT) or just a missing rule allowing the traffic. But I'm now at a point where I'd like to request your help.

I have some remote access users who have the Cisco IP Communicator (CIPC) installed on their notebooks. So:

VPN user with CIPC <> ASA Firewall <> Voice Router <> CCM <> IP Phone

The VPN works fine for any other traffic. Also the basic connection for the IP Communicator works fine. It get's connected to the CallManager, is shown as registered and you even can call an internal phone and also external phones. BUT: while you can hear the called party (so the internal phone) it doesn't work for the other way. There is no sound coming from the remote/caller.

I already figured out that it's also not possible to ping from the VPN phone to the internal IP Phone subnet. While the VPN user can ping any other device in the internal network, he can't do it to the Cisco IP Phones. But if the VPN phone calls a none-internal phone (mobiles...) - it works!

My thought is that the call can't be build up correctly between the VPN phone and the internal phone.

I found similiar situations with google but they are all for the other way around: call to internal works, but not to VPN.

What do you think?

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way c

Hi,

Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.

This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.

- Jouni

3 REPLIES
New Member

Re: Cisco ASA 8.3(1) with VPN Client and IP Communicator - one w

extra info: i found out that the vpn client - as soon as connected - gets all the routes to the internal network, except of the internal Cisco IP Phones network. how is the information about the routes spread from the ASA to the VPN client?

Super Bronze

Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way c

Hi,

Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.

This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.

- Jouni

New Member

Re: Cisco ASA 8.3(1) with VPN Client and IP Communicator - one w

found the answer. the internal Cisco IP Phones subnet was not added to the network object group  assigned to the RemoteAccess ACL.

613
Views
0
Helpful
3
Replies
CreatePlease to create content