Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 1465 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue in voice traffic

Basel Sabha

Dear sir,

I hope you are doing well,

Kindly sir i am facing issue in voice traffic send through IP Sec VPN tunnel.

I have XG 210 in the head office and 116 XGS in the branch the

IPsec VPN is active and i can ping all server and devices

but the issue is in the IP phone its Ring (from both sites) but there is no voice



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, check & perform the following:

    Step1current UDP time-out value Under the Advance shell [ssh menu > press 5 for the device management > press 3 for the advance shell) 
    type the following command:
    #show advanced-firewall

    Step2: Then increases the UDP time-out to 150 or 300 seconds, with the following command: 
    #set advanced-firewall udp-timeout-stream 300
    #set advanced-firewall udp-timeout 300

    Step3: turns off the preloaded IPS patterns for SIP
    #set ips sip_preproc disable

    Step4:     check the SIP module status:
    #system system_modules show

    Step5:     if you think the protocol is required, you can load/unload with the following command:
    To load: #system system_modules sip load
    To unload: #system system_modules sip unload

    *Note    The commands are persistent even if the Sophos Firewall is restarted.

    > If you are using any custom Port for the SIP other than the traditional 5060 then you may use it with the following command below:
    #system system_modules sip load ports <custom_port>

    > And lastly ensure you've configured a firewall rule for SIP.
    Path: Go to Rules and policies > Firewall rules.
    Ensure you select the recipient's network in Destination networks. If you want to call any phone, set the recipient's network to Any.

    > Also ensure if there is no UDP flood settings enabled.
    Path:     Go to Intrusion prevention > DoS & spoof protection.
    Under DoS settings, clear the Apply flag checkboxes for UDP flood.
    Test the VoIP connection.
    If this setting resolves the VoIP issue, lower the UDP flood protection values before applying the flag again.
    A single value doesn't work for all environments. Adjust the values until you find those that work best for your VoIP setup.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    thank you for your help 

    but  non from the above worked 

  • +1 in reply to Basel Sabha

    Hello Basel Sabha,

    On the branch office firewall, add an IPsec route for system-generated traffic to the Voice Server server at the head office. Apply source NAT on the system-generated traffic to translate the internal source IP address at the branch office to the destination IP address (Voice Server server at the head office).

    On the CLI, enter 4 for Device console.
    Add an IPsec route from the branch office firewall to the Voice Server server in the head office. Enter the following:

    system ipsec_route add host <IP address of host> tunnelname <tunnel>

    Example

    system ipsec_route add host 172.16.16.17 tunnelname BO_to_HO

    Translate the IP address of the LAN port (Voice Server relay interface) of the branch office firewall to the Voice Server server's IP address at the head office. You must use this command to translate traffic generated by Sophos Firewall. Enter the following:

    set advanced-firewall sys-traffic-nat add destination <Destination IP address or network> snatip <Source IP address to translate>

    Example

    set advanced-firewall sys-traffic-nat add destination 172.16.16.17 snatip 10.10.1.1

    here 172.16.16.17  is voice server at HO and 10.10.1.1 is BO Sophos LAN IP

    Hope this might help 

    Thanks and Regards 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Basel Sabha
    Basel Sabha said:
    non from the above worked 

    Voice was working earlier and stopped working ?

    Please Go to System-->Admininstration --->Backup and Firmware -->Firmware and share the status of the firmware shown on GUI

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Basel Sabha
    Basel Sabha said:
    non from the above worked 

    Voice was working earlier and stopped working ?

    Please Go to System-->Admininstration --->Backup and Firmware -->Firmware and share the status of the firmware shown on GUI

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML