Meraki

Community

MS Teams Calling Issue

piasterloo
Here to help
Wednesday
Wednesday

MS Teams Calling Issue

Hello Folks,

 

We have a client team working from our office, utilizing Cisco AnyConnect VPN on our guest VLAN.


The issue is that during both inbound and outbound calls, the call rings and can be answered; however, there is no audio. Approximately 8 seconds later, the call disconnects as a failure. The client VPN uses split tunneling, where SIP signaling is routed via the VPN, but once the call is established, media is transmitted through the local router and onto the internet.


Initially, there were numerous retransmissions observed in the pcap targeting the team's destinations. After whitelisting one client, these retransmissions disappeared, but the issue persists. Any advice or suggestions on resolving this would be greatly appreciated.

 

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Thursday
Thursday

Do you have an MX on your network? It’s not clear, we need more information. Here are a few things you can try.

Make sure your split tunnel configuration is set up correctly. Verify that SIP signaling traffic is routed through the VPN and media traffic is routed through the local network.

 

Make sure your firewall is not blocking RTP traffic. Disable any inspection of voice protocols such as SIP, SCCP, or H323.

 

Perform detailed packet capture analysis to identify any anomalies or dropped packets.

 

Try whitelisting the client to see if that improves the situation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
piasterloo
Here to help
Thursday
Thursday

Yes there is an MX in the Network facing the Internet...We did a whitelist on the client and nothing helped

0 Kudos
Mloraditch
Kind of a big deal
Thursday
Thursday

So I could be wrong vis-a-vis teams but I think your split routing of signal and media traffic is the likely issue unless you have transforms setup somewhere on the sip path.

 

SIP media streams are setup in the signaling traffic and they use the ip info in those packets to setup the media path. By default that’s going to tell the media to come back to the client via the same IP (natted or not) of the signal traffic. You can manipulate that somewhat with sip header modifications but what you are describing seems very strange. 
Teams may have special magic built in, but Id not do what you've done without documentation saying it will work.

Id see if it works without splitting the traffic path up and go from there.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
Thursday
Thursday

Is it possible to get their admin to change it so that either all or none of the teams traffic goes via AnyConnect?

 

Does this config actually work anywhere else?  Like if they go home and connect to WiFi does it work?

piasterloo
Here to help
Thursday
Thursday

yes ...it works when connected via a hotspot or home Wi-Fi.

0 Kudos
In response to piasterloo
PhilipDAth
Kind of a big deal
Kind of a big deal
Sunday
Sunday

I wonder if the subnet they use in their company is the same as the subnet you use in your company.

In response to PhilipDAth
piasterloo
Here to help
Sunday
Sunday

 

It's different, but does that necessarily make a difference? As I pointed out, it works well when they're connected to a hotspot or home Wi-Fi, so we should assume that the hotspot or home Wi-Fi shares the same IP as their VPN subnet.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.