Haven't seen this problem posted on here, but perhaps someone knows a quick fix. We all have 871 routers at home with 7940 phones. UC520 is back at the office. While at home, we can call the office or answer calls from the office, but if we dial each other from home, the call won't go through. My phone will ring, show the extension of my co-worker, but when I answer the connection is dropped. All the remote phones are doing this with each other, so I assume its a configuration error of some sort. Not sure where to even start looking! thanks! |
|||
 |
UC500.comCisco Communication Manager Express, UC520, SMB VOIP reference and community |
Hi did you solve the problem
Hi did you solve the problem ?
Can you try mtp command
put it under ephone that belong to the remote phones (871 side)
ephone xx
mtp
hope this can help
Check your ACLs that specify
Check your ACLs that specify the traffic you want to encrypt. Check that there are entries in there that cover remote-to-remote traffic.
Also if using NAT be sure that you have exceptions built into the NAT acl excluding remote-to-remote traffic from being NAT'ed.
The problem you are having is as mentioned earlier, you do not have direct communications between the remote sites so your RTP streams aren't able to route between the phones.
Edit:
All of the above was assuming you were using IPSEC VPN's. If you are using GRE tunnels as well, then it may be as simple as a missing static route.
Cisco IP Communications Express Specialist
www.ketchumits.com
I have the same problem... I
I have the same problem... I have the UC500 at my home plus 3 remote locations. All the remote locations are running 871W's with either 7912's or 7940's behind them... all the remote locations have Cable modems with dynamic IP's. They are set up as VPN remotes, however according to the TAC engineer I talked to to get the VPN tunnels working, they told me in order for them to be able to route traffic to each other, each location would have to have static IP addresses... so here's my question: is anyone out there reading this very fluent in the ways of Cisco IOS VPN that can explain a method to make each of the remote locations be able to route traffic between each other? I may not pay well but a case of beer is not out of the question...thanks everyone this site is the best.
George
Hi,Have a look at the DMVPN
Hi,
Have a look at the DMVPN solution I posted into the firewall & vpn of this forum not so long ago.
http://uc500.com/vpn-between-uc520-87x
Your remote sites only need to know the IP address of the UC520, as long as that has a static IP address your remote sites wont need static's.
I just looked at this and it
I just looked at this and it looks great... when I get home I will try this and report back. Thanks for the quick response.
George
Ran into a hiccup dhooper -
Ran into a hiccup dhooper - but not on the configuration end... My two 871W routers as well as my other 1721 I also have set up do not have DMVPN on their IOS image, and from what it looks like I think I need to upgrade my flash or use an older IOS... but the older IOS build in 12.3 I am finding is no longer available from the Cisco site it seems. I get real confused when it comes to messing with the IOS... has anyone else run into this?
George
Are they running an image
Are they running an image that supports any kind of IPSEC VPN at all? You should still be able to do this without anything fancy if they are all terminating their VPN connections at the UC520.
Maybe post a show ver.
Cisco IP Communications Express Specialist
www.ketchumits.com
Whenever I try to put in the
Whenever I try to put in the 'ip nhrp' commands on this one it won't take them... I checked this image on CCO and it does not have DMVPN in it, I would have to go to Advanced IP Services which requires a larger flash.
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
871W uptime is 12 hours, 38 minutes
System returned to ROM by reload
System image file is "flash:c870-advsecurityk9-mz.124-4.T8.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 871W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK120528JH
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
George
12.4-20.T IOS Needed
Hi George,
I just checked one of the 877's I have running with this config, unfortunately most of my testing and work has been been done with 1800 / 1700 / 2600 platforms so I didnt pick up on the IOS limitation.
If you have smartnet on the device you can download the 12.4-20T image and get the DMVPN support, it should also fit on your flash.
Directory of flash:/
2 -rwx 18275844 --- -- ---- --:--:-- ----- c870-advsecurityk9-mz.124-20.T.bin
System image file is "flash:c870-advsecurityk9-mz.124-20.T.bin"
Cisco 877 (MPC8272) processor (revision 0x300) with 118784K/12288K bytes of memory.
Processor board ID FHK
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)
You can buy all that Cisco
You can buy all that Cisco gear but can barely afford a case of beer for support????
Not my cisco gear, it's my
Not my cisco gear, it's my boss's... I wish it was mine.
George
Static routes
Hi,
Yes it was static routes that were required so that the RTP stream could get through between the 2 phone's.
Is it possible to do it with out the static routes?
I dont have a valid reason for not doing it, it's just that I know my asterisk server's dont require the same configuration, they seem to able to mix the audio stream on the box and the remote sites dont need to pass packets between each other.
-Dan
Has anyone come up with a
Has anyone come up with a solution to this?
Shouldnt the UC520 some how proxy / hairpin the call so the remote sites dont need to route to each other?
it's the nature of IP
it's the nature of IP tel..... the UC500 just provides the call set up functionality, but the extenstions communicate directly with each other.
It is exaclty the same with internal extensions....
Probably an IP routing issue
I suspect this is an IP routing issue, i.e., the two remote phones can't reach each other via IP.
Once a call is established between two IP phones on a CME/UC500 system, the voice traffic is direct between those two phones - it's not "routed" through the UC500. My guess is that while the 871 routers are able to route IP traffic from each individual home back to the main office (which is how the office-to-home calls work), they don't know how to route to the IP subnets at the other users' homes (which is why the home-to-home calls don't work).
You'll need to configure each of the 871's to know how to route to the IP subnets that the phones use at the other homes.
Another possibility is that an access list on the 871's are blocking traffic from the other remote sites, in which case just changing the ACLs should fix it.
Hope that helps.