9608 VPN Issue over SCN

[Signo]

First off thank you all for your valuable input, this community is awesome.

So now to the problem.

I have a 9608 that is vpn to a sonicwall tz215 which is controlled by the IT contractor. We have got the phone up and working and I can make and receive calls to users on Network A (10.0.0.0/24) which is the network of the IPO that this users extension resides on.

I can't complete a call to Network B (10.0.1.0/24) across the site-to-site VPN. The signaling is working as the phone will ring a user at site B but there is noo talk path.

The phone has the protected network set to 10.0.0.0/24 and the IPO is 10.0.0.200.

I know its a routing issue but I have no idea how to approach it. The phone does not have a virtual IP and does not know the default route. Is this a routing issue in the Sonicwall or is the phone misconfigured in some way? I know this phone has direct media path enable, and I was thinking this may have something to do with it.


Any thought are greatly appreciated.

 

[Richard10d]

I'd try turning off Direct Media for that extension.

Most VPN setups restrict what IP space can go over the VPN, and so your calls work as long as the other end is on a valid network, signalling works because IPO is on a valid network for your VPN, but remote stations are not, so media will fail. Turning off direct media will cause all traffic (even SCN) to flow through the IP office.

 

[Signo]

I made it out to the clients yesterday and was able to turn off direct media path and everything now works correctly.

Thanks for your help.

 

[Gunnaro]

Then you have a routing issue, you just circumvented it by turning off the DMP.

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[Signo]

I agree but they not my sonicwalls and IT contractor does not know what to do. They inherited the sonicwalls and dont like them but the client is not going to scrap them until they fail.

I receive pressure form my client and all he sees is that my stuff does not work. So it is what it is.

 

[gwebster]

Turning off direct media results in transcoding delays for IP to IP calls which ultimately results in lower quality of service. This will be especially apparent if you are using G.729 which provides marginal voice quality to start with.

 

[Richard10d]

Their VPN simply isn't setup to handle all possible internal networks, that could be by design and thus turning off DMP is simply the right solution. If instead they do expect all internal networks to be accessible from their VPN, then their VPN configuration needs to be updated to reflect all possible networks that should be serviced, and it sounds like that's not your problem!

 

[Gunnaro]

Sonicwall

A tiny drop of superglue in the reset pinhole, depress the button...Next power outage it won't come up anymore

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[Signo]

I almost spit coffee all over my keyboard. That is a great little trick.

I have to admit I dont do a lot of VPN stuff either, we are a small telephone company and we only have about 15 IPO's in the field. We dont even advertise that we sell systems, and it's my seconday job, my main job is as a CO tech for the class 5 telephone switches.

You guys have way more experience with the product then I will ever have.

Gunnaro, I really appreciated your new time profile overview.

And thank you for all the help you guys volunteer.

 

[Gunnaro]

No problem

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[Richard10d]

Direct Media does offload some work from the IPO, but transcoding only takes place when the codecs are different, in which case you can't do DM anyway. What DM does save on is the number of VCM channels required. DM does not use a channel, but now that extension always uses a channel. Since you only have 1, who cares. If you had hundreds, get them to fix their VPN config.

If their VPN vendor needs some help, I had a TZ180 for years and am familiar with their IPSEC config and multiple subnets... and any $ I can get for the pain I suffered through it would be a nice salve.

 

[amriddle01]

Turning off DMP does not use a VCM channel, the system reverts to RTP relay in that case and simply passes packets in/out its interface, no VCM resources are involved (this is also the case with IP phones > Sip trunks). It's only when codecs differ or a TDM device/service is connected that a VCM channel is used

 

[Richard10d]

amriddle01: Good to know, it was based on the help that I decided it used a VCM

Allow Direct Media Path ... If enabled, IP calls can take routes other than through the system. This removes the need for a voice compression channel.

 

[Richard10d]

Forgot to add: And if I read a little further it says:

If disabled or not supported at on one end of the call, the call is routed via the system. RTP relay support allows calls between devices using the same audio codec to not require a voice compression channel.