connection from ip phone at work to ip phone on client

Discussion in 'VOIP' started by beheer@netbasics.nl, May 1, 2007.

  1. Guest

    Hi,

    At work there's a Cisco callmanager server. I connect from home to
    work using VPN.
    I have a Cisco ip phone at home. When my VPN is up, I can call anybody
    at work. They can hear me, but I cannot hear them.
    If I'm correct, ip phones talk to each other directly after a call is
    set up.
    I suspect my client side is blocking incoming ip traffic which tries
    to initiate a connection to my ip phone.

    LAN at work: 192.168.1.x
    LAN at home: 192.168.20.x (wireless)
    Ip phone is directly connected to my computer on a separate subnet at.
    192.168.21.4
    VPN client ip: 192.168.1.32

    ICS is turned on, on my VPN interface. IP routing in Windows XP is
    enabled. Windows Firewall is off.
    Gateway 192.168.1.1 at work has a static route (send 192.168.21.4 to
    192.168.1.32).
    I somehow need to allow connections coming from my VPN interface to
    the 192.168.21.x subnet.
    Can this be done?

    thanks.
    Arne
     
    , May 1, 2007
    #1
    1. Advertising

  2. writes:
    > If I'm correct, ip phones talk to each other directly after a call is
    > set up.


    They do if they are set up that way. They can also keep any number of
    intermediate proxies "in the loop". That obviously adds delay and
    isn't as desirable.

    > I suspect my client side is blocking incoming ip traffic which tries
    > to initiate a connection to my ip phone.
    >
    > LAN at work: 192.168.1.x
    > LAN at home: 192.168.20.x (wireless)
    > Ip phone is directly connected to my computer on a separate subnet at.
    > 192.168.21.4
    > VPN client ip: 192.168.1.32


    Well my first guess would be that work doesn't know how to route to
    192.168.21.4. Can you ping that address from the phone (or a computer
    that is put on the same network as the phone)?

    In general, you really want real routeable IP addresses all the way
    around. If not, you have to make sure everybody's routing table has
    routes for all the involved private networks, and none of them
    conflict with other private nets that other folks are using.

    -wolfgang
    --
    Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
     
    Wolfgang S. Rupprecht, May 1, 2007
    #2
    1. Advertising

  3. Martin² Guest

    >They can hear me, but I cannot hear them.

    That's usually question of opening the right ports on your computer.
    You may need to open 5060, 5004, 5082, 3478, 3479, 8000, and 10000 if Stun
    is needed.
    Regards,
    Martin
     
    Martin², May 2, 2007
    #3
  4. Guest

    > Well my first guess would be that work doesn't know how to route to
    > 192.168.21.4. Can you ping that address from the phone (or a computer
    > that is put on the same network as the phone)?


    All computers and ip phones at work have 192.168.1.1 as default
    gateway. On the default gateway I've made a static route
    (192.168.21.4/255.255.255.255 to 192.168.1.32 on the LAN interface)
    I can't ping my phone from work. I tried to ping directly from the
    gateway to my phone. Also doesn't work.
    I tried a packet sniffer on my computer. I don't see any packets when
    pinging. I suspect Windows is blocking because I think it's like
    trying to reach a local computer directly from the internet.

    > In general, you really want real routeable IP addresses all the way
    > around. If not, you have to make sure everybody's routing table has
    > routes for all the involved private networks, and none of them
    > conflict with other private nets that other folks are using.


    Other options:
    - when my phone is used, the call manager server should act as a proxy
    (I can't find any settings to do that)
    - my phone is known to the call manager server as 192.168.21.4. If I
    could somehow translate the return packets to 192.168.1.32, then I
    think it would work. I would forward the packets coming in on
    192.168.1.32 to 192.168.21.4
    - do some kind of NAT on my computer so that my phone identifies
    itself as 192.168.1.32

    All looks complicated, if feasible at all.
     
    , May 2, 2007
    #4
  5. writes:
    >> Well my first guess would be that work doesn't know how to route to
    >> 192.168.21.4. Can you ping that address from the phone (or a computer
    >> that is put on the same network as the phone)?

    >
    > All computers and ip phones at work have 192.168.1.1 as default
    > gateway. On the default gateway I've made a static route
    > (192.168.21.4/255.255.255.255 to 192.168.1.32 on the LAN interface)


    Sounds ok, so far.

    > I can't ping my phone from work. I tried to ping directly from the
    > gateway to my phone. Also doesn't work.
    > I tried a packet sniffer on my computer. I don't see any packets when
    > pinging. I suspect Windows is blocking because I think it's like
    > trying to reach a local computer directly from the internet.


    Ah, I didn't realize you are NAT-ing the phone? I don't know anything
    about MS software, but isn't there some way to turn off the NAT? You
    really don't need it or want it. Straight routing would remove quite
    a lot of issues.

    > - when my phone is used, the call manager server should act as a proxy
    > (I can't find any settings to do that)
    > - my phone is known to the call manager server as 192.168.21.4. If I
    > could somehow translate the return packets to 192.168.1.32, then I
    > think it would work. I would forward the packets coming in on
    > 192.168.1.32 to 192.168.21.4
    > - do some kind of NAT on my computer so that my phone identifies
    > itself as 192.168.1.32


    NAT-ing voip's SIP (control) and RTP (voice data) packets requires
    more work in the NAT than just slapping a new IP address in the IP
    header. There are copies of the IP address in the data part of the
    SIP packet that needs to be translated too. NAT can be made to work,
    but only if you have the right kind of NAT and some external help from
    a STUN server. If you can turn off the NAT you save yourself a world
    of hurt.

    > All looks complicated, if feasible at all.


    When you hit a brick wall, walk around it. ;-) Change the rules of
    the game.

    -wolfgang
    --
    Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
     
    Wolfgang S. Rupprecht, May 2, 2007
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A. Fischer
    Replies:
    1
    Views:
    524
    Walter Roberson
    Nov 13, 2003
  2. MP
    Replies:
    2
    Views:
    12,390
  3. jarcar
    Replies:
    0
    Views:
    655
    jarcar
    Feb 12, 2004
  4. Jack \(MVP-Networking\).

    Re: Wireless connection doesn't work with wired connection

    Jack \(MVP-Networking\)., Dec 20, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,641
    Jack \(MVP-Networking\).
    Dec 20, 2006
  5. vaenster
    Replies:
    1
    Views:
    800
    sidneysonnino
    Nov 11, 2013
Loading...

Share This Page