IP phones over VPN on BCM200?

[jamaster14]

Im having some issues getting IP phones to work at a remote location over a VPN connection. The setup is as follows:

Main Site:
--------------

BCM200 3.7
BSR222

Remote Site:
--------------
BSR222
PoE Switch


The vpn connection is made between the two BSRs. The BCM 200 plugs from Lan2 into one of the switched ports on the BSR. The VPN connection shows as being up and active in the logs on the BSR's. The BCM200 has 10 seats for ip phones, and a voip gateway keycode.

when i plug an ip phone into the BSR at the remote site, the BSR shows it has been assigned an ip address, but the phone keeps searching to locate the server on its display

not really sure where to go from here... havent been able to find any helpful documents on nortels site.

 

[biv343]

Is the published IP address for VOIP set to LAN1 or LAN2? Can you ping the BCM from the remote site?

 

[jamaster14]

biv, thanks doe the response.

im not sure what you mean by "published IP for VOIP"

Lan2 has an IP address of 192.168.10.200
I dont think can ping it from the remote side...

is there a ping utility in the routers configuration(im unable to find one) as im not currently at that site and it would be helpful

 

[nsanto17]

if you can't ping the bcm from the remote side then you will not be able to connect the IP phones.

If there is a PC at that remote location then you can use that to try and ping the bcm.

Can you give us a little more detail as to the VPN setup?

 

[jamaster14]

nsanto17...

the remote site is like 2 hours away so i wont be able to try and ping from the side at the moment. as far as the VPN setup, here is a diagram of how things are set up....

the network switches you see are the clients. the PoE switches are ours:

http://s89.photobucket.com/albums/k204/jamaster14/?action=view&current=CertifiedSiteMappublushed.png

there are 2 sites. a main site and a small remote office. the main site has 2 small buildings. there are physically wired together, so no vpn needed. the IP phones work in both buildings. the BCM 200 is in the main site, connected to the BSR. the BSR is connected to a switch which is connected to everything else.

the remote site there is a bsr and a poe switch. the phone gets an ip address(192.168.3.203) but never connects

 

[nsanto17]

Which device is doing the VPN? BSR222 or the FIOS Modem?

 

[jamaster14]

nsanto17:

the BSR222's are handling the VPN using BranchOffice configuration

 

[telcodog]

What are the WAN addresses of those routers? Not sure why the network switches are connected to the FIOS modems ahead of the BSRs.

I doubt that you would be able to ping the BCM with that setup. Are there any other routers involved with this?

 

[telcodog]

Forgot to ask. Do you have NAT Traversal checked in your ABOT setup?

 

[nsanto17]

Telcodog is correct.

Do you BRS222's have WAN Addresses? If not then the VPN tunnel will not work properly.

 

[jamaster14]

The BSR's have WAN addresses. i X'd them out in the diagram because i didnt want to publish them. there is a switch before the BSR because the company has 3 static WAN addresses and there are other computer/network devices that need there own wan.

but the BSR's have there own dedicated WAN address and are connected through their WAN port. the BSRs can be accessed remotely through their WAN addresses.

the Fios modem has no built in switch, so for all 3 WAN devices to get there assigned WAN address, a switch needed to be put in the mix.

 

[jamaster14]

NAT traversal is NOT checked off in the BSR's

 

[nsanto17]

Since the two bsr devices have WAN address is the tunnel up and running? If it is then you should be able to ping the phones at the remote location.

do you have two gateways setup at the remote location?

1) bsr222
2) firewall for internet traffic?

If so then you would need to set up some static routes so the traffic knows which gateway to use.

Is the BSR Acting as your firewall to the internet???

 

[telcodog]

Make sure you check the NAT Traversal box. You are setting up an IPSec tunnel and NAT doesn't play well with VPNs.

What is the set up for those IP sets at your main site? Do they DHCP or are they statically assigned? Any VLANs in play here? According to that drawing, those sets are on the 96.x.x.x network. Why is it set up that way?

What's the setup on the sets at the remote end? Static or dhcp? What are the S1 and S2 addresses.

Before you go any further, you need to get someone at the remote site with a PC try to ping the BCM at 192.168.12.200. If you can't do that, you're dead in the water. If they can get a response, have them do a tracrt as well so you can see the route to the BCM.

Give that a try and let us know how you make out and we'll go from there.

 

[jamaster14]

@Nsanto17

- The VPN tunnel is up and running. it shows its up in the SA monitor.

- i can not ping the phones at the remote location, because they will not connect(this in itself is the problem, cant get ip phones to work at the remote site)

- there is no firewall. the BSR is the only gateway, and the firewall has been disabled

 

[YnotPhone]

Is there someone on the remote site with a computer that can try to ping the ip address of the BCM?

I think that is what telcodog what trying to state... this way you know if there is a path to the BCM for the sets to route to.

 

[jamaster14]

@Telcodog

i will check the NAT traversal boxes at each site in the BSR's.

- the ip sets are set up as DHCP.

- there are no VLANS

- 96.x.x.x is the WAN address. the BSR router on that side has a LAN/DHCP setup of 192.168.3.1 and is handing out addresses

you asked:

"What's the setup on the sets at the remote end? Static or dhcp? What are the S1 and S2 addresses."

- what do you mean by S1 and S2? the remote end sets are DHCP

i currently can not pint the bcm(192.168.12.200) from the remote side.

thanks for all the help... really appreciated, im very new to networking and ip based phones. so bare with me

 

[nsanto17]

S1 and S2 are should be the lan IP of the BCM

 

[jamaster14]

@nsanto.

Lan1 of the BCM is 10.10.10.1, and is currently not connected physically to anything.

Lan2 of the BCM is 192.168.12.200 and is physically connected to the switched port on the BSR222 at the main site.

i can ping 192.168.12.200 from a computer at the main site
i can not ping it from a computer at the remote site

im not sure if that awnsers your question... if not, where would i find S1 and S2 configuration(i.e. on the bcm, on the bsr, on the ip set?)

 

[nsanto17]

Your S1 and S2 should be 192.168.12.200

Your issue seems to lie with the VPN tunnel.

Can you confirm that the VPN tunnel is up?