We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Cisco VPN Remote Client Blocks Outbound Voice traffic

Firstair
Firstair asked
on
Medium Priority
526 Views
Last Modified: 2013-11-16
I have a Mitel Softphone on my laptop that connects through a Cisco VPN client.  Everything connects great other then my out bound voice traffic gets stopped by the Firewall that is built into the VPN client.  Is there anyway to change the settings on the Cisco VPN client Firewall to allow this traffic.
Comment
Watch Question

Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
There is no configuration of the VPN client other than "split-tunneling" on the remote end. What are you connecting to? A PIX firewall or VPN concentrator?
Do you control the firewall, or are you just an end user? If end user then there is absolutely nothing that can be done on the client end to change the behavior of the VPN client.

Author

Commented:
I am connecting to a Pix 515.  I do control the Firewall.  However I have it set up for my self to allow all all traffic through the VPN connection.  It seems to be the Cisco VPN client built in stateful firewall that is blocking this traffic.  I was hoping I could either cange the stateful firewall config on the client or disable it from coming on automatically when the VPN connection is made.
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
So, the softphone connects to a call manager/pbx at the corp office sitting behind your PIX 515?
Tunneling "IP" through the client should allow it. The firewall does not affect any traffic through the established tunnel.
If the softphone connects to an external service, like Skype or other Internet based service, then the fact that you tunnel all traffic through to the 515 will certainly block that function because it needs Internet access which you are tunneling, and the 515 can't turn that traffic back around out to the world and back to you through the tunnel.
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
By the way, I use a Cisco softphone on my laptop to a Cisco call manager that sits behind a PIX 515 and connect using the VPN. It works very well and I've never had an issue with it..
Just to add, I have used softphones from both Cisco and Avaya through PIX vpn and it works just fine. Your case is probably the configuration. To where does it connect to, can you describe a little on that ? When you say 'block' what happens ? It doesn't connect to the server at all?

Cheers,
Rajesh

Author

Commented:
I get connected to the server, I can answer the calls and make outgoing call. When the call is in progress I can  hear them talking but they can not hear me at all.  
This is definitely not a problem with the VPN.

First thing I would try to do is to reduce the MTU size and see if that improves anything. Do this;

On the program menu, there will be a utility called 'SetMtu' in the Cisco VPN Client folder. Use that and set the MTU size to 1300 and see if that makes any difference.

Cheers,
Rajesh

Author

Commented:
MTU is already set for 1300
Okay, then I would try tuning the receiver and transmitter options in the softphone client again ?

May be some modes won't work like Telecommuter/Road warrior.

Cheers,
Rajesh

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
I solved the problem myself at it ended up being a subnetting problem.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.