i2004 VPN capable?

[LimeSMJ]

My i2004 works fine within the main office LAN. When I try to use it at a branch office it fails to find the server. The branch office has a permanent VPN (site to site) connection to the main office (where the phone works fine).

This guy:

http://practicallynetworked.com/support/asante_smc_vpn.htm

...seems to have a working setup but I can't reproduce the results. The connection between the main and branch office is COMPLETELY open - no port blocking either direction as it is a dedicated T1 line. I can ping the phone from the main office when I leave the phone at the branch office. Am I missing something?

 

[subx]

VPN should work fine. Are u sure there is no port blocking? What IP adresses do u use? Are u using gateways?

regards,

subx

 

[LimeSMJ]

The phone is setup in the branch office now for testing. The setup on the phone... static IP address in the branch office subnet. The phone is using the Branch Office's gateway address.

The ports are confirmed to be open in both directions.

Maybe I should change the phone to use the Main Office's gateway address but I figured the routing would be automatically handled by the site-to-site VPN? Ugh. This is frustrating as I can access everything from the Main Office from the Branch Office - FTP, Email, etc. using the Branch Office's gateway.

 

[jdavid99]

try increasing the retry count. This fixed the exact same problem I had with an ip phone.

 

[LimeSMJ]

Tried the retry count but still no go... ugh. It's always the little things (especially with Nortel).

 

[Mike2287]

I'm testing these IP phones now and all my sites work fine except 1 site in south america. the phones will ring but we can't here each other. We all ready checked the firewall and with the service provider to make sure all ports were open. How can i adjust the retry count on these Phones.

Mike

 

[hamsterfish]

Your Ip phone might not be getting an IP address.
Is it static or dhcp?
Try setting a static. I bet the nortel specific dhcp strings aren't applied to machines registering through vpn.

 

[3Sixty]

Can you ping the BCM from the remote site?

If you can not ping the BCM you will not get connected.

What is the local IP address of the BCM?

If it is 192.168.1.100 and the gateway 192.168.1.1 make sure you have setup netlink manaber to use your default gateway 192.168.1.1

If you have not set the default gateway on the bcm you will not be able to ping the BCM.

What is your published IP address?

You will find this setting under services-----telephony services-----click on the word Ip telephony and on th right it will tell you if it is lan1 or lan 2.

 

[3Sixty]

Mike 2287

What are your ping times to South America site?

 

[3Sixty]

Hi Lime SMJ

I have a BCM with a site to site VPN using customer equipment not the BCM.

The setup is as follows

Site A has a Private IP range 192.168.100.2-192.168.100.254
The subnet for this site is 255.255.255.0
The default gateway for this site is 192.168.100.1

Site B has a private IP Address 192.168.200.2-192.168.200.254
The subnet for this site is 255.255.255.0
The default gateway for this site is 192.168.200.1

The BCM is installed on site A with the Lan 1 IP address of 192.168.100.254
The subnet for the BCM is 255.255.255.0
The default gateway for the BCM under netlink manager is 192.168.100.1 (a netgear router that sets up the vpn tunnel to site B)
The published IP address for the BCM is Lan 1 (default)

The I2004 is setup on site B with the IP Address 192.168.200.200
The subnet for the IP phone is 255.255.255.0
The default gateway is 192.168.200.1 (metgear router that sets up vpn tunnel to site A)
S1 Address is 192.168.100.254
S1 port is 7000
The rest of the settings are just default.

This works fine for this customer

Hope this makes sense

 

[redcomet]

what router are you using? draytek?

 

[Mike2287]

mrmarshall

here's the ping times.

Pinging 192.168.168.6 with 32 bytes of data:

Reply from 192.168.168.6: bytes=32 time=89ms TTL=128
Reply from 192.168.168.6: bytes=32 time=132ms TTL=128
Reply from 192.168.168.6: bytes=32 time=195ms TTL=128
Reply from 192.168.168.6: bytes=32 time=88ms TTL=128

Ping statistics for 192.168.168.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 195ms, Average = 126ms

The BCM is in-house now but I haven't got back to testing it through the VPN. At the time I was testing it, it was the vendors BCM at there location.

 

[3Sixty]

Hi Mike2287

Can you change your ping command to the following.

ping -l 100 192.168.168.6 -t

I need you to run the command to get a better idea of the average ping time. I think your problem is the delay. It should be below 150ms. It can be between 150-200ms but I would recommend the lower part in my experience of the nortel product.

What codec are you using?
What Delay?
How have you set up your jitter?

Marshall

 

[redcomet]

I don't think that this is delay. The phone should register even if delay is to high for RTP packets.
2 questions: is 802.1p enabled? what type of router are you using at remote locations?

 

[3Sixty]

The phone does register.They can ring the phone but there is no voice.

Quote

I'm testing these IP phones now and all my sites work fine except 1 site in south america. the phones will ring but we can't here each other. We all ready checked the firewall and with the service provider to make sure all ports were open. How can i adjust the retry count on these Phones.

Mike

 

[3Sixty]

Hi Mike

Just check the info below to make sure all your ports are open on the firewall to.

Signaling between the IP telephones and the Business Communications Manager uses Business Communications Manager port 7000. However, voice packets are exchanged using the default RTP ports 28000 through 28255 at the Business Communications Manager, and ports 51000 through 51200 at the IP telephones. If these ports are blocked by the firewall or NAT, you will experience one-way or no-way speech paths.

 

[Mike2287]

I'll be going back to testing it in the next few weeks when I get a chance. when we were testing it months back the BCM wasn't in-house. and at the time we were testing this we were also testing a satilite internet connection. It worked over the satilite but very poorly. Our land T-1 there runs about 4x faster but we(me and the vendor) think the gov or whoever runs the phone company in that country may have been blocking things on that level.

I don't think I'll have any problems this time around when i start testing but you never know.