Cisco Support Community
Community Member

vpn client to vpn client

I'm having a problem with traffic between remote VPN clients when connected to an ASA running 8.2. In particular when using IPC, its possible to establish the call okay but no audio passes between the hosts. IPC works fine when making a call to a soft or hard phone on the internal network. I've tested with the Cisco VPN client and Anyconnect with the same results. I've enabled hairpinning with the same-security-traffic permit intra-interface command.

Thanks in advance!

Cisco Employee

Re: vpn client to vpn client

both clients can pingh each other right? you can check sh service-policy inspect skinny | sip and check if the asa is dropping any traffic by inspecting any of those protocols, if so, try removing inspect (skinny | sip) both

Re: vpn client to vpn client

Are you using phone proxy on ASA?

If not, you need check the IP connectivity between two vpn clients.

You might need add extra "nat 0"  for traffic between vpn clients so that they will not be checked for NAT. This is my initial thought.

Community Member

Re: vpn client to vpn client

Thanks for the assistance.

Yes, the ASA has a phone proxy license and its enabled. Is this causing the problem? If so is there a workaround?

Re: vpn client to vpn client

There are some limitation regarding to VPN tunnel and phone proxy. The phone proxy will make sure a secure voice conversation and therefore, no vpn is needed. I am not good at this. You can open a TAC case for help.

The phone proxy does not support inspection of packets from phones connecting to the phone proxy over a VPN tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is not supported. Configuring the phone proxy feature on the security appliance allows IP phones to connect to the corporate network without requiring that the traffic go through VPN tunnels.

CreatePlease to create content