[b]One way communication between VPN[/b]

[llee1688]

Scenario:
Have 3Com NBX100 VOIP NBX System located in corprate office. Each remote site A and B are linked thru Sonicwall TZ170 VPN using T1 line to the corprate office. Each site have at least 3 3COM phone stations. VPN tunnells are sharing datas as well as voice.

Problems:
When site A initiating a call to site B's phone extension, can hear site B but site B can't hear site and vice versa when Site B initiatin a call to Site A's phone extension; but there is no problem to call to corporate office except sometimes the sounf quality is not good and can only hear one way communication.

Does anyone has this kind of problems? Please help. Thank you.

 

[VAS72]

I have a similar situation with much cheaper hardware. NBX100 in office with a Linksys RV082 router. One remote phone at home with Linksys RV042. Tunnel is active and works fine. Another user uses a pcXset with a software VPN. Home and pcXset can communicate with the office perfectly. But when home calls pcXset, I get an error.

I browsed 3Com support and see something about ARP. I called them and they said I should put the NBX on a public IP and mentioned something about NAT. This can't be the solution as a VPN is supposed to be instead of NAT or a public IP.

At first I thought that it must be my VPN hardware and was actually debating getting the sonicwall. Now it seems that it is not neccessarily the case. So I hope someone else can help us. Thanks.

 

[llee1688]

I can't say it's totally useless. All the phones can call to corporate office and have a perfectly good sound quality. The only problems I have is to have both remote office talk to each other directly, also the communication between corporate and remote office is not 100% perfect, sometimes it has static and sometimes it's just one way communication. You can say it's about 80% of the time it's work perfectly. And There's my problems.

I've called to sonicwall and the technician thought it might be an issue with access policy in the Sonicwall appliance. He promised to investigate the settings and troubleshoot it today. I'll post the outcome when it's available.

Just wandering if you need to pay 3Com when you call their tech support?

 

[VAS72]

I bought a 3Com service contract through inpath.com that gives me next business day hardware replacement and free technical support. The guy I spoke to seemed nice but the english was difficult to understand and, after telling me about the public IP even though I have a VPN, I now wonder about his level of expertise.

 

[llee1688]

I've been playing around with this damm stupid 3COM NBX system for quite sometimes now. I did eventually have the system works perfectly but it has to be sitting outside the firewall. What I did is that:
Since we have enough of pool of public IP addresses, I put the NBX system outside firewall and give it static public address. Each remote site's station also given a public IP address, for example, Site A has 4 Phone stations and I have to give all those 4 phones w/ 4 different public IP addresses and you can't have all those 4 phones sitting behind the firewall and do NAT instead (With the NAT config., you can only have one phone sit behind the firewall).

The draw back of this setting is that I have to do all the new wirings and separated from our data network which beat the whole purpose of efficientcy and scalability.

By the way, just talk to Sonicwall people. he suggested to set the NBX system to use Standard IP instead of IP on the Fly. Double check on the knowledge base in several internet forums, and most of them suggesting Standard IP. I'm gonna try it later today.

 

[VAS72]

Let me know if that works - standard IP vs. IP on the fly. I don't even know the difference between them. Also, I still don't understand why NAT or public IP's are needed if the VPN is working properly. Do you understand that logic?

 

[aragon]

I agree that putting public IP on NBX is a bad idea.
3Com should build a router that auto forwards NBX traffic to their phones.
The good news is that 3Com is converting to SIP in an upcoming release of software so you will be able to use a SIP aware firewall at HO and the remote offices. VPN's will not be needed anymore.
Unfortuneately this will take time.
In the meantime is the pcxset and hardphone on the same remote home VPN?
I suspect ARP requests are being set through the VPN tunnel and not locally through the layer 2 network. This prevents the Since NBX uses layer 2 protocols. By using standard IP every phone will use a dedicated IP address and the CPU should create a database of extension to IP address mapping instead of attempting all communications over the layer 2 network.
Another issue with hardware based VPN's over public internet is that they are typically only available 85% of the time this results in choppy speech or possibly dropped calls.
Talk to a carrier about a managed layer 2 bridged connection or VPN service with SLA's between offices. This is often required for good quality VoIP (QoS).

 

[llee1688]

Try the suggestion on using standard IP, it works fine but can't do conference call. So.... back to square one.

Now I resort to using 3Com router 3CR870 and 3CR860 to link our remote offices. This router is a VPN router that support NBX traffic as well but it's a lame firewall not like sonicwall.
Sonicwall Tech support find out the problems regarding NBX system. They said that 3Com is using a propriertary multicast, that's why it won't work on VPN tunnel.

Just implemented this router yesterday in corporate office and will implement it later in remote office. Won't know the outcome not until later on today.

 

[VAS72]

Please explain what worked fine when using standard IP? I tested two pcXset's on the same remote domain and they don't work either. Can anyone get two phones in the SAME remote office to talk to each other?

What is not so good about the 3Com routers and I wonder if even the 3Coms are better than the linksys I am using now (albeit not as good as the SonicWall).

Please keep me posted on the answers from SonicWall. Thanks.

 

[llee1688]

Finally got it work with 3Com router.

3Com router I mentioned above is almost identical with linksys router except is has an option for NBX. Other than that nothing special. The configuration of the router is pretty simple and a little bit tricky when you set up a site to site VPN. it's web-based configuration.

I check online vendor, those router price range are from $100 to $350. So it's not bad compare to Sonicwall but a little pricey compare to Linksys.

 

[VAS72]

So you are saying that you think the 3Com one is basically the same as the linksys but adds NBX capabilities? Did you get everything to work using the 3com Router? Can you now do remote to remote calling? What still doesn;t work?

Did you still have to do standard-IP instead of IP on the fly?

My linksys has a dual WAN connection which I like but the rest is nothing special. I wonder if I could use the 3Com router WITH my linksys?

Your thoughts?

 

[VAS72]

Also, do you need 3com routers at both locations for this to work?