Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Configuring VOIP through a VPN

Reply
Thread Tools

Configuring VOIP through a VPN

 
 
Phil Rothwell
Guest
Posts: n/a
 
      11-16-2004
Hi,

We have recently implemented a VPN that links our UK and Chennai
(India) operations, using a PIX515 and PIX505.

The VPN appears to work fine and we can connect using FTP/HTTP and
even map a windows drive.

However, when we install an IP phone in India, it won't establish a
connection with the Avaya IP office system in the UK. The same phone
works okay when connected to the UK network.

From the logs it looks as though the H.225 traffic is passing through
the VPN, but no H.323 packets are arriving. We have included the
"usual" voip fixup commands at each end...

fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol sip 5060
fixup protocol sip udp 5060

and enabled all traffic to pass through the link.

sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp

Does anyone have any idea what we may be doing wrong?
 
Reply With Quote
 
 
 
 
PES
Guest
Posts: n/a
 
      11-16-2004
Phil Rothwell wrote:
> Hi,
>
> We have recently implemented a VPN that links our UK and Chennai
> (India) operations, using a PIX515 and PIX505.
>
> The VPN appears to work fine and we can connect using FTP/HTTP and
> even map a windows drive.
>
> However, when we install an IP phone in India, it won't establish a
> connection with the Avaya IP office system in the UK. The same phone
> works okay when connected to the UK network.
>
> From the logs it looks as though the H.225 traffic is passing through
> the VPN, but no H.323 packets are arriving. We have included the
> "usual" voip fixup commands at each end...
>
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol sip 5060
> fixup protocol sip udp 5060
>
> and enabled all traffic to pass through the link.
>
> sysopt connection permit-ipsec
> sysopt connection permit-pptp
> sysopt connection permit-l2tp
>
> Does anyone have any idea what we may be doing wrong?


I'm assuming that the pix is a 506 and that 505 is a typo. The fixup's
should not be required unless you are allowing the vpn traffic to be
nat'd. I would try disabling them if you don't need them for something
else. I don't think the phones work with nat unless the nat device is
Avaya q931 friendly. Can a workstation at the India office ping the Avaya?

--
-------------------------
Paul Stewart
Lexnet Inc.
Email address is in ROT13
 
Reply With Quote
 
 
 
 
Phil Rothwell
Guest
Posts: n/a
 
      11-16-2004
>
> I'm assuming that the pix is a 506 and that 505 is a typo. The fixup's
> should not be required unless you are allowing the vpn traffic to be
> nat'd. I would try disabling them if you don't need them for something
> else. I don't think the phones work with nat unless the nat device is
> Avaya q931 friendly. Can a workstation at the India office ping the Avaya?
>


Good assumption, the pix is a 506.

We finally got the the system going by upgrading the firmware on the
Avaya 46XX phones - it seems that some versions don't like connecting
to pixs.

Thanks for the information about the fixup protocols. We will remove
them in due course.

Phil
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring VPN through Cisco PIX and ISA Server in Back-to-back scenario Dejan Gambin Cisco 0 10-16-2003 01:53 PM



Advertisments