Avaya - Sonicwall VPN issue

[jimbo1007]

Hi,

I have a 9620 handset which works fine locally but when I try and use it at the remote site it is just trying to discover the phone system address and will not connect. There is a sonic wall between the 2 sites and I can ping the IP office at the main site from the remote site. Any ideas?

TIA,

 

[TheZCom]

Make sure you have H.323 transformations turned off (found in VoIP section of configuration) on any sonicwall gear. Z

 

[jimbo1007]

The box is unchecked for h323 transformations. Their network guy said it might be an issue with the gateway settings on the handsets. [pre][/pre]

 

[jimbo1007]

The network guy also said that all ports are open and there is nothing blocking it.
The extensions have just been set up as normal h323 extensions, I have not forwarded and ports ect as I thought the handsets would work exactly as if they are in the same office. Is this correct or is there more configuration that needs to be done over a vpn?

Apologies if this is abit basic. It is only the second time I have configured handsets at a remote site.

 

[kwing112000]

Can you ping the IP Office from one of the remote aites? it could be an IP route on the IPO that is not correct.

Kevin Wing
ACSS Small and Medium Enterprise (SME) Communications
ACS- Implement IP Office
ACA- Implement IP Office
Vive Communications

 

[iramipo]

Hope you have Configured Static IP address to the Phone and Provided all fields like
IP Add :
Call Serv Add :
Mask :
Router Local Gateway IP)
FileServ Server Add/Blank)
8021:Auto

If so it will definitely reach using the VPN link.

 

[jimbo1007]

I entered the call server address (the phone systems IP) when I logged in as an extension all these other fields configured themselves except http which is blank.

I can ping the system from the remote site. The only thing I have just noticed is that the extensions I created do not have remote worker enabled. Should this be a problem though? I thought that when they are connected over a vpn it is as if they are in the same office anyway?

 

[amriddle01]

Golden rule is never believe the network guy, especially where Sonicwalls are concerned, if the system can long the handsets IP using SSA then something is getting blocked, if it can't the routing is wrong, over to him pretty much either way.... as long as the systems IP routes are correct

 

[Gunnaro]

Three things:

1) If you manually enter the Call Server IP, you should do them all, or at least the HTTP/S.
Sometimes the phone config will be wiped if only one of them is static. (not always)

2) Do you have an IP route on the IPO for the other site?

3) Is the far end IP range different from the main site? (equal subnet will confuse the phone and the IPO)

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[jimbo1007]

The remote site (192.168.0.xx) is on a separate IP address range to the main site(192.168.168.xx). Although the network guy said they both talk to each other and are both on the same subnet. Do you think this could be the issue?

Also I have not done much work on the IP routes before. Currently there is just one on the system (192.168.99.0). Do I need to add something else to IP routes?

Tia

 

[amriddle01]

With that default route only, you surely can't ping the system from a remote site...... if you can something is really wrong

 

[jimbo1007]

I'm sure it's the IP route that's causing this now. Please could someone point me in the right direction.

Would be much appreciated

 

[amriddle01]

So were you fibbing when you said you could ping the system from the remote site?

 

[nnaarrnn]

you need 0.0.0.0 on your LAN1 port pointing to the 192.168.168.XXX gateway

 

[Gunnaro]

Well, you could look in left pane in the Manager, it should say IP Routes.

Make a new one: 192.168.0.0 / 255.255.255.0 / 192.168.168.x (where the x-octet is your gateway, usually .1 or .254)
This will open up for all IP's at the far end.

(Don't do the 0.0.0.0! If your firewall fails/is misconfigured, that kind of route will open up the IPO to all external hackers)

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[Gunnaro]

And of course you need to pick the right LAN destination, either 1 or 2

Kind regards

Gunnar
______________________________________
Mille viae ducunt homines per saecula Romam

 

[jimbo1007]

If I ping the system IP address from the remote site I get a response, no fibs lol

 

[jimbo1007]

forgive me for sounding dumb but the gateway address is the router address at the remote site correct?

 

[amriddle01]

Are you sure they aren't on the same subnets and you are in fact pinging something local? What does you're ARP cache say the MAC is that's responding?

 

[amriddle01]

your not you're...