Jabber client over anyconnect no audio between cisco deskphones

Hey guys,

I have a teleworker who I just set Jabber client/windows pc/android for which connects through anyconnect through ASA. If jabber is used within the network calls to cisco deskphones and other jabber clients work fine. Only over the vpn calls to the deskphones have no audio on both sides. Odd thing is if the teleworker calls to another jabber client through the vpn to HQ it works fine. I did a little research and all I came across was to remove the inspect sip traffic in the default service policy in the asa for sip calls to work through the tunnel. We have sip trunks here all it did was kill our sip calls inbound from the sip trunk.

Anyone experienced this issue?


  • Options
    shodownshodown Member Posts: 2,271
    Yes all the time. Upgrade to collaboration edge and problem solved. That's the easy answer.

    The real answer is ypu have a routing problem. Some of the audio can't find a route from the vpn to the other side.
    Sip should be fine as its just setup for signaling and the phones are ringing. You have to work on the RTP path.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • Options
    Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    Hmmm..RTP issue. Well the only thing thats throwing me for a loop is that the Jabber client(remote) works perfectly fine when it calls another jabber client (internal) regardless of client (windows,android, iphone) through the VPN to HQ.
  • Options
    Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    Ok figured it out was a NAT issue for the actual voice subnet on the ASA. I added a nat exempt rule, split tunnel, static nat pointing to the vpn network on the ASA.

    I had to really think about how the vpn traffic was set to flow and what was different from the internal jabber clients. I realized the subnets were different. The internal jabber clients were pulling and ip address for the dhcp scope designated for the data network which was allowed on vpn but I know I never allowed the entire voice scope on it only the CM PUB/SUB/CUC/IMP servers. I felt I didn't need to add the entire scope since originally Jabber was terminated with CME and just required the cme address to tunnel through but now I see different rules apply when you go full CUCM.

    Lesson learned!
Sign In or Register to comment.