He;p : VOIP connection between two CME over Internet connection

Hello ,
We have Different Site with almost exact Configuration for Cisco VOIP using a CME 2911 Router with VIC-4FXO Card installed .
we have 4 PSTN Line for all sites .

my Question is that all sites fore the time being are can be reached by using the PSTN Network . Since we have high speed internet connection in each site , I am looking to get this phone calls between sites to be as internal extension like 1xxx to 2xxx and so on .

to sum up we multiple sites with high speed internet connection " static IP address , no VPN connection between them ) . I have already tried with the commands that usually we should put but i ma still having an issue
when ever i called the other site " any phone extension " there is nothing happening after i dial before i get a busy tone .

please Help

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

negru_tudor

Some brief advice for your problem:

1) No VPN/plain tunnel between the sites => failed calls (NAT will mess up the RTP stream maps)
2) Dialing a number with nothing happening means that your signaling isn't getting where it should how it should; make sure you're using similar signaling protocols (ex. only H323 or SIP) on your dial peers

A brief example of 2 routers with a VoIP trunk between them :

Router1(Config)#interface loopback1
Router1(Config-interface)#ip address <ip address of Router1>
Router1(Config-interface)#exit
Router1(Config)#voice service voip
Router1(Config-voi-serv)#allow-connections sip to sip
Router1(Config-voi-serv)#media flow-through
Router1(Config-voi-serv)#sip
Router1(Config-serv-sip)#bind control source-interface Loopback1
Router1(Config-serv-sip)#bind media source-interface Loopback1
Router1(Config-serv-sip)#end
Router1#config t
Router1(Config)# dial-peer voice 2 voip
Router1(Config-dial-peer)#destination-pattern 2...
Router1(Config-dial-peer)#session protocol sipv2
Router1(Config-dial-peer)#session-target ipv4:<ip address of Router2>

Router2(Config)#interface loopback2
Router2(Config-interface)#ip address <ip address of Router2>
Router2(Config-interface)#exit
Router2(Config)#voice service voip
Router2(Config-voi-serv)#allow-connections sip to sip
Router2(Config-voi-serv)#media flow-through
Router2(Config-voi-serv)#sip
Router2(Config-serv-sip)#bind control source-interface Loopback2
Router2(Config-serv-sip)#bind media source-interface Loopback2
Router2(Config-serv-sip)#end
Router2#config t
Router2(Config)# dial-peer voice 1 voip
Router2(Config-dial-peer)#destination-pattern 1...
Router2(Config-dial-peer)#session protocol sipv2
Router2(Config-dial peer)#session-target ipv4:<ip address of Router1>
Router2(Config-dial peer)#end

This should get your routers talking assuming you've a VPN or simple tunnel between them. If you don't know how to do a VPN, just try a plain site-to-site tunnel though take caution as your voice traffic can be easily intercepted and analyzed if no security is in place. More details here: Configuring Point-to-Point GRE VPN Tunnels - Unprotected GRE & Protected GRE over IPSec Tunnels

EDIT: If you have CUBE (Cisco Unified Border Element) features enabled on your IOS then you might be able to avoid using a VPN if you add the lines I've highlighted with Bold + Italic fonts in the "voice service voip" section. However, you might need to get your routers to use the interface you have the public IP assigned to as the "source-interface" for media and control traffic. Could take a bit of tinkering to get right but it could work...voice traffic would still be sent in clear though; this would only alleviate the need for a VPN.

Good luck.

mnour.tamer

Thanks for your great answer ,
so if I understand correctly , I should have a mechanism to build a private connection between two sites " VPN or any tunnel connection like GRE ) even I have a real static IP address .

negru_tudor

mnour.tamer wrote: »

Thanks for your great answer ,
so if I understand correctly , I should have a mechanism to build a private connection between two sites " VPN or any tunnel connection like GRE ) even I have a real static IP address .

Sorry but I don't understand what you mean...you MUST have a STATIC PUBLIC IP to establish a VPN or GRE tunnel between two peering sites; this is also necessary if you decide to not build a tunnel and just try with the "media flow-through" option.

mnour.tamer

Thanks , now I got exactly what you mean .
I will try it and let you know with the result

mnour.tamer

Before I test any thing , I have something to say , I got some part of the configuration here with my comments

ip dhcp pool Voice
network 10.8.2.0 255.255.255.0
option 150 ip 10.8.2.2 /// loopback interface IP address
default-router 10.8.2.2 /// loopback interface IP address - this one was default-router 10.8.2.1 & there was nothing on earth with this IP address , in that case after changing , should I reset phone to have the new gateway

voice service voip
allow-connections sip to sip
sip
bind control source-interface Loopback0
bind media source-interface Loopback0
registrar server expires max 3600 min 600
interface Loopback0
ip address 10.8.2.2 255.255.255.0
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.8.2.2

interface GigabitEthernet0/0.102
description VOICE
encapsulation dot1Q 102
ip unnumbered Loopback0

interface GigabitEthernet0/1
description Internet
ip address 216.x.y.z 255.255.255.0 /// Public Ip address
IP NAT outside

ip nat inside source list 1 interface GigabitEthernet0/1 overload

access-list 1 remark CCP_ACL Category=2 ///// no NAT has been added to the Voice subnet " should I add one ? & add Ip nat inside under the interface GigabitEthernet0/0.102
access-list 1 permit 10.8.0.0 0.0.0.255
access-list 1 permit 10.8.30.0 0.0.0.255

at the end , I should add media flow-through command
for the session target is the public IP address of the other router

am I right ?

negru_tudor

Hi there.
Ok, based on what you're asking:
- I see you don't intend to use VPN/tunnels
- You do not need NAT for voice if you use the "media flow through" command
- You can add the "media flow-through" command under the dial-peer configuration as well
- Yes, you will need to point Router1's "session target ipv4:" section to the Public IP of Router2. How would it know / be able to reach the internal ones?
- You might need to change the bind-control & bind-media to use the public IP address (Gigabit 0/0); test it first and then adjust if needed
- Yes, you will need to reset the phones if you make changes to the DHCP pools or IP subnets
- a tunnel would have made things simpler I think but you might get it working this way