Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 3780 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP phones over MPLS link can't communicate

Kevin Stark

Here is my issue:

I have a two sites connected via MPLS link

Site A

192.168.2.0 

Site B 

10.0.0.0

 

Site A IP phones can't communicate with the IP Phone Controller (10.0.5.1) located at Site B

IP routes have been created on XG to route traffic between both networks.

I created a Firewall rule to allow All Traffic on the LAN & Any Service but the Firewall is dropping all Packets between the Site A Phones and site B controller. 

Note: I can ping from Site B to A and vice versa so I know the routing is working

 

I'm new to the Sophos framework so any insight would be greatly appreciated!

Thanks in advance! -Kevin



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sixteen again

    I unloaded the SIP module and that didn't work.

    Any other ideas?

  • 0 in reply to Kevin Stark

    Can you provide more detailed information on the setup?

    Where is the XG Firewall?

    What are the routes on both sides?

    I assume the site A phones are set up to be remote phones on the Site B controller?  Otherwise, they may be trying to use broadcast to connect to the controller, which obviously would not work in different subnets.

    Off hand, my suggestion would be that you are not allowing the correct ports access from Site A phones to the Site B controller.  You would need to specifically allow the communication ports inbound from Site A to Site B or they would be blocked by default.  

  • 0 in reply to Greg CT

    Hi Greg,

    You are correct with your assumption that Site A phones are trying to connect to the Site B controller (10.0.5.1)

    I have created a Service Group with the ports that the phones need to use for communication.

     

    Also, here is a snip from the packet capture.

    I have tried various combination mappings for the ports but with no luck. It's either the port mapping that is wrong or the Firewall rule that I created to support these services.

    -Kevin

  • 0 in reply to Kevin Stark

    HI Kevin , 

    Is the MPLS connected to XG directly ? or via a L3 Router in LAN or other zone. 

  • 0 in reply to Aditya Patel

    Aditya,

    The MPLS is not directly connected to the XG.  The MPLS traffic comes from the MPLS router to an L3 switch then the XG. (Lan)

    The XG is seeing the traffic of the Site A phones trying to communicate with the controller but I just can't figure out how to let that traffic pass through.

    Note: My current setup is with a Sonicwall and it works fine.