01-07-2010 11:31 AM
I'm having a problem with traffic between remote VPN clients when connected to an ASA running 8.2. In particular when using IPC, its possible to establish the call okay but no audio passes between the hosts. IPC works fine when making a call to a soft or hard phone on the internal network. I've tested with the Cisco VPN client and Anyconnect with the same results. I've enabled hairpinning with the same-security-traffic permit intra-interface command.
Thanks in advance!
01-07-2010 01:16 PM
both clients can pingh each other right? you can check sh service-policy inspect skinny | sip and check if the asa is dropping any traffic by inspecting any of those protocols, if so, try removing inspect (skinny | sip) both
01-07-2010 01:21 PM
Are you using phone proxy on ASA?
If not, you need check the IP connectivity between two vpn clients.
You might need add extra "nat 0" for traffic between vpn clients so that they will not be checked for NAT. This is my initial thought.
01-07-2010 01:54 PM
Thanks for the assistance.
Yes, the ASA has a phone proxy license and its enabled. Is this causing the problem? If so is there a workaround?
01-07-2010 02:10 PM
There are some limitation regarding to VPN tunnel and phone proxy. The phone proxy will make sure a secure voice conversation and therefore, no vpn is needed. I am not good at this. You can open a TAC case for help.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/unified_comm.html#wp1233205
The phone proxy does not support inspection of packets from phones connecting to the phone proxy over a VPN tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is not supported. Configuring the phone proxy feature on the security appliance allows IP phones to connect to the corporate network without requiring that the traffic go through VPN tunnels.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: