He;p : VOIP connection between two CME over Internet connection

mnour.tamermnour.tamer Member Posts: 5 ■□□□□□□□□□
Hello ,
We have Different Site with almost exact Configuration for Cisco VOIP using a CME 2911 Router with VIC-4FXO Card installed .
we have 4 PSTN Line for all sites .

my Question is that all sites fore the time being are can be reached by using the PSTN Network . Since we have high speed internet connection in each site , I am looking to get this phone calls between sites to be as internal extension like 1xxx to 2xxx and so on .

to sum up we multiple sites with high speed internet connection " static IP address , no VPN connection between them ) . I have already tried with the commands that usually we should put but i ma still having an issue
when ever i called the other site " any phone extension " there is nothing happening after i dial before i get a busy tone .


please Help

Comments

  • negru_tudornegru_tudor Member Posts: 473 ■■■□□□□□□□
    Some brief advice for your problem:

    1) No VPN/plain tunnel between the sites => failed calls (NAT will mess up the RTP stream maps)
    2) Dialing a number with nothing happening means that your signaling isn't getting where it should how it should; make sure you're using similar signaling protocols (ex. only H323 or SIP) on your dial peers

    A brief example of 2 routers with a VoIP trunk between them :

    Router1(Config)#interface loopback1
    Router1(Config-interface)#ip address <ip address of Router1>
    Router1(Config-interface)#exit
    Router1(Config)#voice service voip
    Router1(Config-voi-serv)#allow-connections sip to sip
    Router1(Config-voi-serv)#media flow-through
    Router1(Config-voi-serv)#sip
    Router1(Config-serv-sip)#bind control source-interface Loopback1
    Router1(Config-serv-sip)#bind media source-interface Loopback1
    Router1(Config-serv-sip)#end
    Router1#config t
    Router1(Config)# dial-peer voice 2 voip
    Router1(Config-dial-peer)#destination-pattern 2...
    Router1(Config-dial-peer)#session protocol sipv2
    Router1(Config-dial-peer)#session-target ipv4:<ip address of Router2>

    Router2(Config)#interface loopback2
    Router2(Config-interface)#ip address <ip address of Router2>
    Router2(Config-interface)#exit
    Router2(Config)#voice service voip
    Router2(Config-voi-serv)#allow-connections sip to sip
    Router2(Config-voi-serv)#media flow-through
    Router2(Config-voi-serv)#sip
    Router2(Config-serv-sip)#bind control source-interface Loopback2
    Router2(Config-serv-sip)#bind media source-interface Loopback2
    Router2(Config-serv-sip)#end
    Router2#config t
    Router2(Config)# dial-peer voice 1 voip
    Router2(Config-dial-peer)#destination-pattern 1...
    Router2(Config-dial-peer)#session protocol sipv2
    Router2(Config-dial peer)#session-target ipv4:<ip address of Router1>
    Router2(Config-dial peer)#end

    This should get your routers talking assuming you've a VPN or simple tunnel between them. If you don't know how to do a VPN, just try a plain site-to-site tunnel though take caution as your voice traffic can be easily intercepted and analyzed if no security is in place. More details here: Configuring Point-to-Point GRE VPN Tunnels - Unprotected GRE & Protected GRE over IPSec Tunnels

    EDIT: If you have CUBE (Cisco Unified Border Element) features enabled on your IOS then you might be able to avoid using a VPN if you add the lines I've highlighted with Bold + Italic fonts in the "voice service voip" section. However, you might need to get your routers to use the interface you have the public IP assigned to as the "source-interface" for media and control traffic. Could take a bit of tinkering to get right but it could work...voice traffic would still be sent in clear though; this would only alleviate the need for a VPN.

    Good luck.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • mnour.tamermnour.tamer Member Posts: 5 ■□□□□□□□□□
    Thanks for your great answer ,
    so if I understand correctly , I should have a mechanism to build a private connection between two sites " VPN or any tunnel connection like GRE ) even I have a real static IP address .
  • negru_tudornegru_tudor Member Posts: 473 ■■■□□□□□□□
    Thanks for your great answer ,
    so if I understand correctly , I should have a mechanism to build a private connection between two sites " VPN or any tunnel connection like GRE ) even I have a real static IP address .

    Sorry but I don't understand what you mean...you MUST have a STATIC PUBLIC IP to establish a VPN or GRE tunnel between two peering sites; this is also necessary if you decide to not build a tunnel and just try with the "media flow-through" option.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • mnour.tamermnour.tamer Member Posts: 5 ■□□□□□□□□□
    Thanks , now I got exactly what you mean .
    I will try it and let you know with the result
  • mnour.tamermnour.tamer Member Posts: 5 ■□□□□□□□□□
    Before I test any thing , I have something to say , I got some part of the configuration here with my comments


    ip dhcp pool Voice
    network 10.8.2.0 255.255.255.0
    option 150 ip 10.8.2.2 /// loopback interface IP address
    default-router 10.8.2.2 /// loopback interface IP address - this one was default-router 10.8.2.1 & there was nothing on earth with this IP address , in that case after changing , should I reset phone to have the new gateway


    voice service voip
    allow-connections sip to sip
    sip
    bind control source-interface Loopback0
    bind media source-interface Loopback0
    registrar server expires max 3600 min 600
    interface Loopback0
    ip address 10.8.2.2 255.255.255.0
    h323-gateway voip interface
    h323-gateway voip bind srcaddr 10.8.2.2


    interface GigabitEthernet0/0.102
    description VOICE
    encapsulation dot1Q 102
    ip unnumbered Loopback0

    interface GigabitEthernet0/1
    description Internet
    ip address 216.x.y.z 255.255.255.0 /// Public Ip address
    IP NAT outside



    ip nat inside source list 1 interface GigabitEthernet0/1 overload


    access-list 1 remark CCP_ACL Category=2 ///// no NAT has been added to the Voice subnet " should I add one ? & add Ip nat inside under the interface GigabitEthernet0/0.102
    access-list 1 permit 10.8.0.0 0.0.0.255
    access-list 1 permit 10.8.30.0 0.0.0.255



    at the end , I should add media flow-through command
    for the session target is the public IP address of the other router

    am I right ?

  • negru_tudornegru_tudor Member Posts: 473 ■■■□□□□□□□
    Hi there.
    Ok, based on what you're asking:
    - I see you don't intend to use VPN/tunnels
    - You do not need NAT for voice if you use the "media flow through" command
    - You can add the "media flow-through" command under the dial-peer configuration as well
    - Yes, you will need to point Router1's "session target ipv4:" section to the Public IP of Router2. How would it know / be able to reach the internal ones?
    - You might need to change the bind-control & bind-media to use the public IP address (Gigabit 0/0); test it first and then adjust if needed
    - Yes, you will need to reset the phones if you make changes to the DHCP pools or IP subnets
    - a tunnel would have made things simpler I think but you might get it working this way
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
Sign In or Register to comment.