IP via VPN - no voice Communicator
I have a set vpn in place for homeworkers to vpn to the office to connect the transmitter/receiver IP for the call manager. They are able to have conversations about their IP Communicator with other IP based in the office and external phones, phones for example. a mobile phone on a public network.
But 2 people both use IP Communicator over vpn cannot speak. The call connects, however, no voice is heard at each end.
I have the impression that it may be something to do with the NAT configuration on it.
Here are a few relevent in the gateway configuration.
crypto ISAKMP policy 3
BA 3des
preshared authentication
Group 2
!
ISAKMP crypto client configuration group vpnaccess
key *.
DNS 192.168.100.240
win 192.168.100.240
jamip.co.uk field
pool vpnpool
ACL 102
!
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
!
Crypto-map dynamic dynmap 10
Set transform-set RIGHT
!
map clientmap client to authenticate crypto list userauthen
card crypto clientmap isakmp authorization list groupauthor
client configuration address map clientmap crypto answer
10 ipsec-isakmp crypto map clientmap Dynamics dynmap
!
interface Loopback0
IP address 192.168.10.254 255.255.255.0
Shutdown
H323-gateway voip interface
H323-gateway voip bind port 192.168.10.254
!
interface FastEthernet0/0
CVP Interface Description
no ip address
Speed 100
full-duplex
!
interface FastEthernet0/0.100
Description inside the Office Data Interface
encapsulation dot1Q 100
IP 192.168.100.254 255.255.255.0
IP helper 192.168.100.240
IP nat inside
no link-status of snmp trap
!
interface FastEthernet0/0,200
Description inside the Interface voice Office
encapsulation dot1Q 200
192.168.200.254 IP address 255.255.255.0
IP helper 192.168.100.240
IP nat inside
no link-status of snmp trap
!
interface FastEthernet0/1
External Interface ISP description - vlan 1000 IP
IP address xxx.xxx.xxx.221 255.255.255.248
NAT outside IP
Speed 100
full-duplex
clientmap card crypto
!
IP local pool vpnpool 192.168.2.101 192.168.2.120
overload of IP nat inside source list 101 interface FastEthernet0/1
IP http server
no ip http secure server
IP classless
IP route 0.0.0.0 0.0.0.0 FastEthernet0/1 xxx.xxx.xxx.222
IP route 192.168.22.0 255.255.255.0 FastEthernet0/0.20 permanent
!
!
access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
Note access-list 102 * VPN SPLIT TUNNELING ACL *.
access-list 102 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.21.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.100.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.200.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 10.1.0.0 0.0.255.255 192.168.2.0 0.0.0.255
Note access-list 102 * VPN SPLIT TUNNELING ACL *.
Try adding the following line:
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
Tags: Cisco Security
Similar Questions
-
Is VLAN via VPN possible with any of the Small Business routers?
A tagged VLAN (for voice) will be routed through a VPN gateway to gateway on any of the Small Business routers, such as the SA520? This router is equipped
Parameters of VLAN Trunking.
No, it is not possible to send traffic to vlan via VPN on a series of SA500, but you can create a tunnel for each subnet, you need to pass traffic.
hope this helps,
Jasbryan
-
Why not voice communication does not work in windows live messenger
Hello
before that my version was battery Bluetooth for windows by toshiba v5.10.04, in windows vista, it does not work in voice communication in windows live messenger, but it works in Skype.
now, I'm updating to the new version v5.10.12 (T), the problem always even with the 5.10.04 version
Please help, how can I sign in to windows live messenger and can have voice communicate in windows live messengerThank you
What headphones do you use for this?
-
Cannot connect remotely via VPN since installing the new modem/router
Can anyone help please. Since the acquisition of a new router / modem I can no longer connect via VPN to my work PC remotely. It comes in I receive the error message. Can someone tell me if I need to change the settings for the new modem / router to access?
Hello Joanna,
Here are the steps you need to do first:
- Off static IP for my server and let the router assign IP address and changed the IP address of the port forward.
- Check the IP address because obviously, that changed when you plugged into the router again.
- Updated to the latest firmware for the router and NIC.
For more detailed troubleshooting you can refer to this link: troubleshooting common VPN related errors.
Let us know how it goes.
-
Programmatic access to remote files via VPN on Playbook
Hello
It is technically possible to download remote files via VPN programmatically?
I can't find any documentation on this topic.
Thank you
Oh, not... I don't think it's possible.
-
Check sensor SFR with FireSight via VPN - does not work
Hello security experts.
I have an ASA5515-X with SFR installed 5.4.0 and manage with 5.4 FireSight installed on the virtual machine on LAN and I record the sensor without any problem but when I try to register the sensor to FireSight via VPN I can't do. The interface on the ASA management has no intellectual property nor nameif configured and the interface is connected to the switch, SFR has the IP even configured as LAN addressing. I can see traffic being exchanged between the sensor and the FireSight but I can't save the sensor.
Has anyone managed to register the sensor via VPN? Is there something else to be configured in order to save the sensor with the MC via the VPN?
The delay between the Firesight and the sensor (on WAN and VPN) I get between 80 and 100 ms, what could be the problem?
Thank you very much!
Remi
Hello
If you are unable to telnet from DC to the sensor on the port 8305 delivers connectivity then.
Can try you to ping from sensor to DC:
ping -M do -c 20 -s 1572
By default, the MTU is 1500 on eth0, if the ping does not work I will suggest to lower the MTU on the interface and see if it works. See also: / var/log/messages | grep sftunnel and see the error messages on DC and sensor and send it to me everywhere. Best regards, Aastha Bhardwaj rate if this is useful! -
ASA5505 management via VPN/Anyconnect without group
I have 2 questions about the configuration of the SAA.
The first is related to the SSL VPN configuration. Just one group of users to which you connect to our main office via remote access. Is there a way to configure SSL VPN to not display a group selection?
I have the omission of the list of the groups-tunnel-enable command and configuration group on user accounts locking, but neither work.
Secondly, I am at a loss on how to configure ssh to allow users connected via VPN connections. I guess:
SSH 172.16.1.0 255.255.255.0 inside
with 172.16.1.0 24 is the ip pool assigned to remote access vpn users would do so, however, it's a no go. How can users of remote access (which are for the most part, all technicians) granted the possibility to connect to the device?
Thanks for your help.
To be able to manage the ASA via SSH via a VPN tunnel, you will need to enter the configuration command "in man".
-
Situation: we have a few portable computers test Ubuntu running DHCP servers. We need get the updates and other changes in corporate network sometimes. Today, we turn off the DHCP server, set up to get an IP via DHCP (besides) and make our updates.
Problem: we do not want someone accidentally connect the laptop to the corporate network, while its DHCP server is running.
Question: so, if we go via wifi using a Cisco VPN client, the DHCP server IP addresses above the tunnel?
Thanks for reading.
N ° DHCP uses layer 2 broadcasts to disseminate IP addresses. Because your clients are connected via VPN, there is no contiguity of layer 2. The only way he would accidentally do it is if you have configured an address to support IP dhcp as one of your VPN clients on the network, which I imagine you wouldn't.
-
I noticed that the sound signal come on when the BB is trying to access the data service. While on the phone, the beep is very clear and when it rings, it cuts the voice communication, it is impossible to hear the other party. Sometimes, there is a continuous beep that a last minute or more and making the "BOLD" BB a useless phone device. How can I turn off the beep? Or is it possible that turn off the data service when voice communication is established? There are only three choices in the menu, on, off and off data roaming service.
BTW, what is the symbol of the notification at the top with the yellow globe sign and number 1 means? The handset is waiting for a response from the Web service? How do you know what it does and how to make it go away?
I am disappointed to find this forum is the chanel ONLY to ask advice and solution. It's very strange, that there is no common support email.
Hey jadi, the yellow globe and a '1' beside her looks like a notification from the browser that it has lost its connection. If you look in your messages folder there message with the link to your web page.
insofar as the sound signal, try looking at your profile on the BB settings. There is an option at the bottom of each article to warn that says "warn me then appeals". check and change to 'no' if it is 'yes '. to this success the menu (button left of the Pearl) and go to your profile icon that looks like a speaker with waves coming out of it to the right. There, he'll tell which profile is active. It will probably be the "normal" profile if you hearing other tones and ringtone. Go to the bottom of the screen, then select "Advanced". Once there in there click on the items in there and check to see if this option to 'Notify me during calls' is set to 'yes '. If so change to 'no '. see if that will set the tone. It will be useful.
There are other forums looking for answers as well, but is supported directly by RIM/Blackberry and most often used. I used blackberryforums.com, but I always come back to this (supportforums.blackberry.com), which for me is the best option. CrackBerry.com is another.
-
Customer remote cannot access the server LAN via VPN
Hi friends,
I'm a new palyer in ASA.
My business is small. We need to the LAN via VPN remote client access server.
I have an ASA5510 with version 7.0. I have configured remote access VPN and it can establish the tunnel with success. But I can not access the server.
Client VPN is 5.0.07.0290 version. Encrypted packages have increased but the decrypted packet is 0 in the VPN client statistics, after I connected successfully.
Next to the ASA, I show crypto ipsec sa, just deciphering the packets increase.
Who can help me?
Thank you very much.
The following configuration:
ASA Version 7.0(7)
!
hostname VPNhost
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 10
ip address 221.122.96.51 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.42.199 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
!
ftp mode passive
dns domain-lookup inside
access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any
access-list allow_PING extended permit icmp any any inactive
access-list Internet extended permit ip host 221.122.96.51 any inactive
access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0
access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0
access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251
access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool testpool 192.168.43.10-192.168.43.20arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list VPN
nat (inside) 1 access-list PAT_acl
route outside 0.0.0.0 0.0.0.0 221.122.96.49 10
username testuser password 123
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 3no sysopt connection permit-ipsec
crypto ipsec transform-set FirstSet esp-des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp nat-traversal 3600
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
address-pool testpool
tunnel-group testgroup ipsec-attributes
pre-shared-key *
telnet timeout 5ssh timeout 10
console timeout 0: end
Topology as follows:
Hello
Configure the split for the VPN tunneling.
Create the access list that defines the network behind the ASA.
ciscoasa(config)#access-list Split_Tunnel_List remark The corporate network behind the ASA. ciscoasa(config)#access-list Split_Tunnel_List standard permit 10.0.1.0 255.255.255.0
Mode of configuration of group policy for the policy you want to change.
ciscoasa(config)#group-policy hillvalleyvpn attributes ciscoasa(config-group-policy)#
Specify the policy to split tunnel. In this case, the policy is tunnelspecified.
ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified
Specify the access tunnel split list. In this case, the list is Split_Tunnel_List.
ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List
Type this command:
ciscoasa(config)#tunnel-group hillvalleyvpn general-attributes
Associate the group with the tunnel group policy
ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn
Leave the two configuration modes.
ciscoasa(config-group-policy)#exit ciscoasa(config)#exit ciscoasa#
Save configuration to non-volatile RAM (NVRAM) and press enter when you are prompted to specify the name of the source file.
Kind regards
Abhishek Purohit
CCIE-S-35269 -
Help blocking smart devices of via VPN
Hello
I am looking for a solution block smart devices to connect to our network via VPN. Our VPN solution today is ASA5520, and we use Cisco ACS to authenticate the user. We use Cisco VPN client only, no anyconnect or SSL VPN.
Managment is looking for a way that we can stop the smart devices of using VPN clients to connect and allow only desktop computers laptops to connect.
Someone at - there a way we can do this through association or another method?
Worring - I block iPhones & iPad around my overall networkwith 100% accuracy with a few simple lines of config: -.
Group Policy <> attributes
client-access-rule 1 deny version of type 'iPhone OS. "
2-client-access rule allow type * version *.
As it actually works on the OS - not the version of the Cisco VPN Client device.
-
How to implement a local SOA/BPM project using remote resources via VPN
Hello world
Sorry for the dummy question, but I am a beginner and I'm in trouble with this problem.
This is the scenario: I have to carry a BPM project using JDev 11.1.1.7 on my local environment and then deploy them on remote servers via VPN where a development environment is configured.
All services are on remote servers.
My question is: what I put up in my local environment?
1 DB connection (distance connettion)
2 configuration of MDS to share components?
3 WebLogic server?
3. what else?
Any link o idea to share?
Thank you.
Fairlie
Hello
If you need to deploy and test in your front room to deploy remotely, then you will need to set up all the people in your premises + SOA Suite... If you need to do is put on your local, but can check remotely, you only JDev and connections...
See you soon,.
Vlad
-
Financial reports - 11.1.2.1 client - connects via VPN only?
Hello
When I'm directly connected to the network or connected via their intranet wireless, I can connect to fin reports customer of Studio. However, if I train via VPN (Juniper), he returns with a message: you are not authorized to access. Please contact your system administrator. It is a mistake to end too many reports? Any ideas why/how this could happen?It is possible that your VPN is not open ports that you can use EN Studio.
See you soon
John
http://John-Goodwin.blogspot.com/ -
How to get tickets Kebores initializtion via VPN
How to get the ticket of Kebores initializtion via the VPN for Single Sign on
Hello
The question you have posted is related to a virtual private network and would be better suited to the TechNet community.
Please visit the link below to find a community that will provide the support you want.
http://social.technet.Microsoft.com/forums/en-us/itproxpsp/threadsI hope this helps. -
Use the remote website via VPN site-to-site
Hi all
We have two sites, the site has and B. At site A, we have a Web site we want to share with all of site B. Currently, site B can access the site via the VPN site-to site on X 0, which is their LAN. Nothing outside X 0 cannot access or ping to the address.
We added access rules to allow access from the DMZ to this interface, but again, no ping and no communication at all. The other strange thing is that we see that no trip package for these access rules either.
Any help is appreciated. Thank you.
It seems that the demilitarized zone is not part of the VPN tunnel.
Can you confirm that the DMZ subnet is part of local destinations on the site B and a part of the local destinations on site?
Kevin
Maybe you are looking for
-
HP Elitebook 8440p - Mute button works but blocked on orange.
Recently bought a refurb HP Elitebook 8440p and noticed that although the mute button works the key just above the keyboard is always orange. Is it possible for me to correct it so that it shows orange only when on mute and green when not cut?
-
HP Pavilion 15-n250sv: HP Pavilion 15 Notebook PC - Ram upgrade TS
Hello! I just bought a HP Pavilion 15-n250sv with 8 GB of RAM (4 GB x 2) - (4 G 1Rx8 PC3L - 12800S - 11 - 11 - B2 DDR3). What is the maximum capacity (RAM) from my system? I want to move to 16 GB (8 GB x 2) is it possible? Thank you!
-
After a clean install of Windows XP my system crashes.
Maybe a bad SATA hard drive? I formatted my hard drive to install xp pro sp1It formatted properly (I did a full install, not a quick)I set up the network, time and others.just after that, he says stay 29 mins. I look back about 5 minutes later and it
-
Problem with Windows Update after the removal of Virus
My operating system is Win Vista 32 bit, had some virus closed my windows updates, have a view of the white page. Checked that my services and win update is in automatic mode has started, so I don't know why my updater gives me a red x saying windows
-
How can I send a print job on printer outside during the phone app?
How can I send a print job on printer outside during the phone app?