BCM 400 - Troubles with Subnets 1

[ccHuCkYY]

I have walked into a setup that is a little oddly setup to me.

I am trying to setup softphones (i2050) off site. Requiring the user to VPN (Contivity) into the network and link the softphone to the BCM.

The short of it is that there are two subnets on the LAN. One for the BCM/Phones (192.168.200.x) and another for the PC's (192.168.1.x).

On the LAN, if I setup the softphone on the PC, I can get it working.

If I VPN, I can't link up to the BCM or ping it (PC's are no problem).

My first two attempts to resolve this were unsuccessful.

I did add an IP fromt he 192.168.1.x subnet to the LAN1 on the BCM. I can access the web server and use the admin tools pointing to this new IP address (on local LAN and VPN), but phone functionality isn't working on it. Even after a reboot.

I decided maybe I would plug in the second LAN port, add the IP there, but it's kinda screwing up a bunch of stuff with that.

How would you suggest on fixing this?

I think Cisco router is setup to route between the two subnets, but it's limited somehow on the VPN side.

 

[DBrewsky]

Make sure the gateway to the BCM subnet has access to the VPN network.

To test, on the BCM, do a TRACERTOUTE test to the IP address scheme of the VPN network and see if the BCM's gateway knows how to get to the VPN network.


--DB

 

[ccHuCkYY]

The BCM's gateway is specified as 192.168.200.254... which when I telnet to it reports Level_15 (so I assume it's the Cisco Router).

I can ping computers on the 192.168.1.x network from the BCM, but not the VPN Server (Contivity) at 192.168.1.254...

Tracert to a machine on the 192.168.1.x network is

traceroute to 192.168.1.122 (192.168.1.122), 5 hops max, 40 byte packets
1 192.168.200.254 (192.168.200.254) 1.234 ms 0.407 ms 0.297 ms
2 * * *
3 * * *
4 * * *
5 * * *

 

[Frideo]

Can you tell us these details for each of the LAN ports on the BCM?
IP address
subnet mask
default gateway

Which of the LAN ports is connected to the LAN that has the VPN router on it?
On that network interface of the BCM, is the default gateway the same as the IP address of the VPN router?
It should be, and it nearly always must be, so that the VPN routing works.

Also, to be clear, if you have a PC at the other end of the VPN (not on the same side as the BCM), are you able to ping the BCM and get replies?

If you're not sure which IP address of the BCM to use for ping testing, then I suggest to ask the network administrator what routing policies he has set up for the VPN.

 

[ccHuCkYY]

Thanks... unfortunately, the network administrator doesn't exist any longer, so I can't ask. I do have full access to everything (BCM, VPN Firewall (Convivity), Switches) other than the Router (which is owned by the Telco). I was brought in after he decided to leave, never met the guy.

Here are the answers:
1. Can you tell us these details for each of the LAN ports on the BCM?
IP address - 192.168.200.1
subnet mask - 255.255.255.0
default gateway - 192.168.200.254

2. VPN Firewall (Contivity) LAN IP Settings
IP Address - 192.168.1.2
subnet mask - 255.255.255.0

3. The BCM as of this moment, only has the one LAN port plugged in (LAN2 is unplugged). I had tried to add an IP Address to LAN1 (so it had 192.168.200.1 AND 192.168.1.205). As I said in an earlier email, I was able to ping both addresses from another computer on the LAN.

4. If I VPN into the network, I can only ping the 192.168.1.205 IP address (not the primary 192.168.200.1) . But that additional IP address would not allow me to hook up using a Softphone (even trying on the local LAN). This additional IP Address appears to be on the BCM but only for accessing the web server AND running Element Manager.

 

[Frideo]

Sorry for the delay in getting back to you.
The BCM and the VPN Router are not on the same subnet, so cannot communicate directly with each other.
TYhe BCM is trying to send all packets (that are not for 192.168.200.x) through the Cisco router 192.168.200.254, so they're not going through the VPN router/tunnel.

Also, do you know how the VPN router routes to 192.168.200.1 ?
As it stands, it knows how to get to any 192.168.1.x address (it's on the same LAN) and presumably knows how to get to any connected-VPN-client IP address, but must also somehow be told how to route to 192.168.200.x. If it's not told, it'll use the default route, which usually is the route to the internet (which won't work).
It looks like any client connecting through the VPN will be able to route to a 192.168.1.x address, but not to any 192.168.200.x address. The clients connecting in may need to be given an extra route, so that they know how to get to 192.168.200.x addresses. Perhaps the VPN router would need to be configured for this.

There are many possible solutions to the problem.
For the record, do you know why the PCs and IP Phones have separate IP address ranges?
Are there two separate physical LANs there? Are they using VLANs?

For the easiest setup, I would consider having all the machines (including PCs, BCM and IP Phones) using the 192.168.1.x/255.255.255.0 subnet. Then you can avoid those routing issues, and you may not have to change the VPN router setup at all (and you should not need to use the second LAN port on the BCM).

 

[3Series]

Don't mean to hijack this thread, but I'm currently trying to resolve an almost identical problem with our Softphones (205) and BCM50. Like the OP, our softphones all work fine inside our LAN and we're unable to connect to or ping the BCM through VPN. A couple of slight differences though:

Our BCM and VPN Router are both on same subnet 192.168.16.x and both have static IPs
BCM: 192.168.16.251
VPN Router: 192.168.16.253

using ElmMgr, I can successfully Traceroute to the DNS Server (192.168.16.3) and the one IP phone on our network (192.168.16.201), but not the VPN router or anything else within our LAN.

I am able to ping the DNS Server, VPN Router and the IP Phone, but when I try to ping any other IP address in our LAN, I get the following Error message:

"Error happened. Error Detail: extrinsic method could not be executed (Failed to execute the /bin/ping - c3 192.168.16.x command)"

Any advice/help to narrow down possible causes would be greatly appreciated!!

 

[Dasheen]

3series:

U should start a separate thread. U'll get better chance of response.

 

[3Series]

^^
Dasheen - will do, thanks.

 

[DBrewsky]

make sure you put LAN 2 back to it's original IP address of 10.10.11.1. If you leave it at 192.168.1.205 then all packets will try this interface and not go to your gateway (default next hop router on 3.x systems).

What software level is the BCM?? If 4.0, there is a traceroute program you can use in Element Manager. If 3.x, enable telnet via Unified Manager and then telnet into the main IP address (same username/password). Select option 7 to get to a command prompt and well, run the traceroute from there.


--DB