HI
I have 17 ip phones connected to a 3448. the 3448 is connected via VPN to another 3448 wich connect the voip system. in the 17 ip phones 4 of them are connected on a different subnet because the office did not have 2 data cable. The voice network is 172.17.0.0 255.255.0.0 and the data network is 10.10.201.0 255.255.255.0
if an iphone form the data network call internaly a phone from the voice network there is no audio, RETP packets cant get through
here is a copy of the config
!
!
! ADTRAN, Inc. OS version R10.11.0.E
! Boot ROM version 13.03.00.SB
! Platform: NetVanta 3448, part number 1200821E1
! Serial number LBADTN1311AF102
!
!
hostname "Payette_St-Lambert"
enable password
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip default-gateway xx.xx.xxx.xx
ip routing
ipv6 unicast-routing
!
!
domain-name "payette.xx.xx
domain-proxy
name-server 8.8.8.8 4.2.2.1
!
!
no auto-config
!
event-history on
no logging forwarding
logging forwarding priority-level info
no logging email
!
!
!
banner motd #
****** Important Banner Message ******
Enable and Telnet passwords are configured to "password".
HTTP and HTTPS default username is "admin" and password is "password".
Please change them immediately.
The switchport interfaces are enabled with an address of 10.10.10.1
Telnet, HTTP, and HTTPS access are also enabled.
To remove this message, while in configuration mode type "no banner motd".
****** Important Banner Message ******
#
!
!
ip firewall
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg h323
!
!
!
!
!
!
!
!
!
!
!
no dot11ap access-point-control
!
!
!
!
!
!
!
ip dhcp database local
!
ip dhcp pool "lan"
network 10.10.201.0 255.255.255.0
dns-server 207.164.234.129 207.164.234.193
default-router 10.10.201.1
!
!
!
!
!
!
!
ip crypto
!
crypto ike policy 100
initiate main
respond anymode
local-id address `xx.xxx.xxx.x
peer xx.xx.xx.xx
attribute 1
encryption 3des
hash md5
authentication pre-share
!
crypto ike remote-id address xx.xx.xx.xx preshared-key xxxxxxxxxxxxx ike-policy 100 crypto map VPN 10 no-mode-config no-xauth
!
!
ip crypto ipsec transform-set esp-3des-esp-md5-hmac esp-3des esp-md5-hmac
mode tunnel
!
ip crypto map VPN 10 ipsec-ike
description VPN TO LONGEUIL
match address ip VPN-10-vpn-selectors1
set peer xx.xx.xx.xx
set transform-set esp-3des-esp-md5-hmac
set pfs group1
ike-policy 100
!
qos map VOIP 1
match precedence 7
priority percent 40
!
!
!
!
vlan 1
name "Default"
!
vlan 2
name "Voice"
!
!
!
no ethernet cfm
!
interface eth 0/1
description Internet connection
no ip address
traffic-shape rate 26214000
qos-policy out VOIP
no shutdown
!
!
interface eth 0/2
no ip address
shutdown
!
!
!
interface switchport 0/1
no shutdown
!
interface switchport 0/2
no shutdown
switchport access vlan 2
!
interface switchport 0/3
no shutdown
!
interface switchport 0/4
no shutdown
!
interface switchport 0/5
no shutdown
!
interface switchport 0/6
no shutdown
!
interface switchport 0/7
no shutdown
!
interface switchport 0/8
no shutdown
!
!
!
interface vlan 1
ip address 10.10.201.1 255.255.255.0
ip access-policy Private
media-gateway ip primary
qos-policy out VOIP
no shutdown
!
interface vlan 2
description Voice
ip address 172.17.0.1 255.255.0.0
ip mtu 1500
ip access-policy Voice
no rtp quality-monitoring
media-gateway ip primary
qos-policy out VOIP
no awcp
no shutdown
!
interface ppp 1
description Internet connection
ip address negotiated no-default
ip mtu 1500
ip access-policy Public
ip crypto map VPN
media-gateway ip primary
no fair-queue
ppp pap sent-username
no shutdown
cross-connect 1 eth 0/1 ppp 1
!
!
!
!
!
!
!
ip access-list extended VPN-10-vpn-selectors1
permit ip 10.10.201.0 0.0.0.255 10.10.200.0 0.0.0.255
permit ip 172.17.0.0 0.0.255.255 10.10.200.0 0.0.0.255
permit ip 172.17.0.0 0.0.255.255 172.16.0.0 0.0.255.255
permit ip 10.10.201.0 0.0.0.255 172.16.0.0 0.0.255.255
!
ip access-list extended web-acl-1
remark Traffic to netVanta
permit ip any any log
!
ip access-list extended web-acl-10
remark port 21
permit tcp any any eq ftp log
!
ip access-list extended web-acl-11
remark Admin access
permit tcp any any eq https log
permit tcp any any eq ssh log
permit icmp any any echo log
!
ip access-list extended web-acl-12
remark port 3283
permit tcp any any eq 3283 log
permit tcp any any eq 5900 log
permit tcp any any eq www log
!
ip access-list extended web-acl-2
remark NAT
permit ip any any log
!
ip access-list extended web-acl-3
remark NAT
permit ip any any log
!
ip access-list extended web-acl-4
remark Traffic to netVanta
permit ip any any log
!
ip access-list extended web-acl-5
remark InterVlan
permit ip 172.17.0.0 0.0.255.255 10.10.201.0 0.0.0.255
!
ip access-list extended web-acl-6
remark InterVlan
permit ip 10.10.201.0 0.0.0.255 172.17.0.0 0.0.255.255
!
ip access-list extended web-acl-9
remark FTP
permit tcp any any eq 548 log
!
!
!
!
ip policy-class Private
allow list VPN-10-vpn-selectors1 stateless
allow list web-acl-1 self stateless
allow list web-acl-5 stateless
nat source list web-acl-2 interface ppp 1 overload
!
ip policy-class Public
allow reverse list VPN-10-vpn-selectors1 stateless
allow list web-acl-11 self
nat destination list web-acl-9 address 10.10.201.30
nat destination list web-acl-10 address 10.10.201.30
nat destination list web-acl-12 address 10.10.201.30
!
ip policy-class Voice
allow list VPN-10-vpn-selectors1 stateless
allow list web-acl-4 self stateless
allow list web-acl-6 stateless
nat source list web-acl-3 interface ppp 1 overload
!
!
!
ip route 0.0.0.0 0.0.0.0 ppp 1
ip route 10.10.200.0 255.255.255.0 ppp 1
ip route 70.28.46.198 255.255.255.255 64.230.199.1
ip route 172.16.0.0 255.255.0.0 ppp 1
!
no tftp server
no tftp server overwrite
http server
http secure-server
no snmp agent
no ip ftp server
ip ftp server default-filesystem flash
no ip scp server
no ip sntp server
!
!
!
!
!
!
!
!
!
sip udp 5060
sip tcp 5060
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
line con 0
login
!
line telnet 0 4
login
password password
no shutdown
line ssh 0 4
login local-userlist
no shutdown
!
!
!
!
!
!
!
end
