Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 10004 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VOIP over site to site VPN

ViciousMagician1116

Im having the no audio issue with a Shoretel IP phone.  The server is located in head office behind a 210 and the phone is remote behind an 85w.  They are connected via ipsec site to site VPN.  Everything is good with the VPN.  The phone will connect and get dial tone just fine but no audio on a call.  I cant find anything in the firewall logs being blocked for the phone.  IPS isn't even applied to the firewall rules

 

Where else to look? 



This thread was automatically locked due to age.
  • 0

    Hello ViciousMagician1116!

    This is typically that the packets are not making it to the other end or you may get audio one way but not the other.  You can see this if you go under Diagnostics/Packet Capture and then click configure.   In the Enter BPF String put in host IP_Address_of_IP_Phone, then click save.  Make sure the packet capture it toggled to ON.  Below you will see the traffic to and from that IP Phone.  You may see some denies or violations and that is where you want to concentrate your efforts by making sure that a firewall rule covers what is being denied or violated.  

    I hope this helps!!

  • 0

    I have a similar setup in terms of equipment, with an XG210 at head office and a RED15 at a remote site, and a Shoretel 420 phone at the remote site.  It works very well over the RED tunnel, not sure how it would work with IPSec, but if you can, try using a RED site to site tunnel and see if it works better.

  • 0

    hello,

    you should try to :

    - disable the sip and h323 alg with command system system_modules sip unload / h323 unload

    - disable compression in the vpn ipsec policy if it's not the case

    - try to swith to SSL site to site vpn instead of ipsec

    Guillaume

  • 0

    Check out my response to someone with a slightly different problem than yours in this thread.  (Try the other  suggestions from the other forum members first , but if that failed to fix it  give this a shot) --> https://community.sophos.com/products/xg-firewall/f/network-and-routing/102475/red-keepalive-options-for-voip   

    With the command referenced in the link (my second response) you will be bypassing stateful packet inspection for the phone networks at your HQ and your remote office.

    I'm guessing the initials call rings because it's a simple sip connection between your PBX and your deskphone at the remote site,  but after call setup the phones will then try directly talking to each other (make sure you have firewalls rules in place for each phone subnet on either side.)

     

    -Scott