Speaking from personal experience using Cisco Callmanager and Cisco VPNs (not PIX, but Cisco VPNs hosted on routers with AIM cards), I can say that this is possible- but it's not easy.
Essentially, the problem is not the VPN, it's NAT. In the cisco IP Softphone client, there's a rather disturbing section where you enter in your client's address- you can either have it pull the IP off the card, or set one permanently, or have it connect via HTTP to return the IP address. The important part is that the IP address chosen here must be the IP issued on the VPN, and *NOT* your current interface address. In other words, remove NAT entirely from the equation. Callmanager will accept the RTP stream from wherever it sees a valid connection- but, as we're all familiar with issues with NAT, and SIP, and H.323, Cisco Callmanager follows the standard and replies back to the IP that the client presents during call setup- hence, if the client presents a NATted address (from the callmanager's perspective), it will send the backhaul RTP to that address, and you get one-way audio. Some softphones are better at dealing with this than others. Long live IAX2! Paul Davidson _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users