Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

unable to to make VOIP calls over VPN IP sec tunnel


I have created Site-to-Site VPN tunnel (IP SEC) between our 2 sites in 2 different location over internet. We want to enable IPT calls to and from both locations. both locations have VOIP setup at their respective Data Centers. The problem we are facing is that Call managers and subscribers are able to communicate with each other and we can IPSec sessions too but voice from either side could not be heard. it gives status of connected once call is through but no voice can be heard. We can make a call from one location but no call can be initiated from the other location.

PLease advise what is missing in this.


Re: unable to to make VOIP calls over VPN IP sec tunnel

Are you making sure the RTP ports have been allowed to in the VPN. It uses ano of the ports from this range 16384 32767

Also since VoIP uses UDP, there may be one way speech problems if you do not have proper reverse routes.

HTH, rate if it does



Re: unable to to make VOIP calls over VPN IP sec tunnel

This has to do with routing...

I will explain what happened to me, but since I don't know your equipment or architecture you will have to decipher my solution into your problem...

When you setup a voip call over a tunnel, it establishes between the CM and the phone. But as you know know, once the call has been setup the phone sends the traffic to the IP of the other phone and the CM is no longer involved. So basically the actual phone call cannot talk to the IP of the other phone.

I use PIX firewalls connecting into a VPN3030. I have a split tunnel on the PIX that allows the phone to talk over the tunnel to the VOIP network that the VM and CM sit. But that doesn't help when I want to talk to another user at home on another IPSEC tunnel. So I have to put a statement in the PIX to take the tunnel if traffic is destined to the IP addresses of other home users.

Make sense?

But that should be an easy problem for you to resolve if you know what IP addresses are at both locations and how to configure the IPSEC tunnels/equipment.

Let me know....

CreatePlease to create content