Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Weird Problem in IPSEC VPN

We are trying to run cisco ip phone via site to site ipsec vpn tunnel.The problem is the phones work fine for the first 40-50 secs and then suddenly the speech path is one-way,one party can hear but the other cannot. the code train for the ASA is 8.0(4).Isthere any bug or something or am I missing something here.I amattaching the show tech of ourend of the ASA.the other wedodnt manage. Please help SIRS.................

Everyone's tags (1)
7 REPLIES

Re: Weird Problem in IPSEC VPN

Hi,

Both ends of the tunnel are ASAs?

Normally one-way audio problems could be related to routing issues.

Are the IP Phones behind the ASA and the Call Manager (or call agent) on the other side of the tunnel?

Federico.

New Member

Re: Weird Problem in IPSEC VPN

The soft phones are Cisco soft phones and the call manager is on the client side. that is the soft phone first communicates via a ipsec tunnel to the call manager on the client end and downloads info from there. the same issue happens if we call from soft phone to soft phone.the soft phones are on our side and the call manager is on the other side of the tunnel ,all the voice communication happens through a ipsec tunnel. Another thing is that there is a redundant connection via dial up through fortigate firewall. the soft phones are then working fine. the voice call establishes for 40-50 secs and we can talk clearly and hear also so no probs but after 40-50 secs the recieving party is not able to hear anything. Yes you are right the ip phosed are behind the ASA and the call manager is on the other side.

Re: Weird Problem in IPSEC VPN

The ASA should allow the RTP streams between the phones through the tunnel.

The tunnel does not get interrupted or data traffic suffers problems? It's only this issue with the voice traffic when this happens?

The one-way audio is always on the same direction?

Federico.

New Member

Re: Weird Problem in IPSEC VPN

I have posted the show tech in that do u see any

ports that is not opened which should be opened up.

Yes we are not able to hear but the remote side is able to always, and this happens after 40-50 secs sometimes 4-5 mins.

I did some debugging today posting it in a short while...i have posted the network diagram.....fortigate firewall uses RA VPN to connect and the ASA uses site to site vpn to connect. I am also uploading the connection state in the firewall before and after the voice gets one way.Uploading real time logs from the firewall at the time we tested.

Please suggest.

Re: Weird Problem in IPSEC VPN

The problem could be related to the fact that you're using PAT.

Is the call agent behind the ASA (which you attached the sh tech?)

In the diagram that you attached, I see the IP communicators on both sides of the ASA, but where is the call agent?

Federico.

New Member

Re: Weird Problem in IPSEC VPN

The call manager is on the remote side. We are not using PAT we are using nonat  for  our IPSEC communication. the communicators use the VPN tunnel to communicate with the call manager on the other side.

New Member

Re: Weird Problem in IPSEC VPN

Hi,

Please try the following steps:

http://www.ciscosystems.com/en/US/products/sw/voicesw/ps1860/products_tech_note09186a0080094ed1.shtml

I know this is for a cisco IP softphone, but your problem is addressed in this solution and I hope you can work your way with the physical phone once you read this.

Best of Luck!

AJ

1154
Views
0
Helpful
7
Replies