Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 4197 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with my Avaya IP office 500 with SOPHOS thru IPSec

Rodney Altamera

Hi to All Sophos Gurus!

Good day!

I have an issue with my client's network. One of his office is connected to their main office thru IPSec Site to Site VPN. The branch office is using SOPHOS XG310. The main office is using Cisco ASA 5505. The problem in the branch office we are using Avaya softphone connected to their Avaya IP Office 500 located at their main office. The problem we cannot connect our avaya. The other server such as CRM and file server we can connect.

The Tunnel is actually fully up and working with no issues. But when I check the logs I have discovered that everything is coomunicating on the other side except the Avaya SIP Server. There is upstream from the branch office to the main, but there is no downstream or response from the SIP Server. Please check below the IP details and screenshots.

Here are the logs.

 

Here are some graph of the traffic thru the tunnel.

 

 

Here is the vpn status showing both ends are good. The File Server, CRM Server and the Avaya IP Office 500 Server is located on the main office in one subnet 192.168.1.0/24.

Does anyone have any idea how to fix this? Or what is causing the issue.

Below is also the link to the article from SOPHOS Community which I followed to make the tunnel work.

https://community.sophos.com/products/xg-firewall/f/vpn/75579/xg-firewall-to-asa-5510-site-to-site-vpn

Does some have any idea how to fix this?

 

Thanks

 

Rodney



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to melvin dutt

    Hi melvin dutt,

     

    As of the moment we are still trying to figure it out. But yesterday we have discovered thru the avaya logs that it is blocking the remote site's IP connecting to the phone system. We are going to try and test the new configuration within the day. I'll update this thread once we are successful.

     

    Thanks

     

    Rodney

Children
  • 0 in reply to Rodney Altamera

    Ok, this is very interesting. I have a handful of sites with 9600 series H323 based phones that VPN back to an Avaya CM via the built-in IPSec client. The phones build an IPSec tunnel to the XG, and communicate fine.

    I have a test install running at the moment with a J179 (SIP Based) Avaya phone connecting to an IP500 via a site to site IPSec tunnel between two XGs. This works perfectly fine. I was just cleaning up an older 9600 phone, and needed to register it to something to test, so decided to register it to the remote IP500 that I currently have a tunnel to. It boots up, connects to the web server on the IP Office, downloads some files, prompts me for a login, then gets stuck on "Discover <IP Address>". On this same phone system an Avaya SIP phone works fine.

  • 0 in reply to Jeremy Parr

    Hi Jeremy Parr,

    Thanks for sharing. We were able to fix the problem by creating a route on the avaya side to our gateway. Now all is working. We can now access the AVAYA IP Office 500.

    Above is the screenshot for the ip route config.

    Above is the screenshot of the status.

     

    Thanks

     

    Rodney