IPOffice 500v2 Static Routing and VPNs

[aramsumair]

Hello everyone ,

I am trying to setup proper routing for our new IP Office 500v2. My goal is to enable both LAN ports, one for internal users and one for external.

Here some info on our setup..

Our main US office has 3 satellite offices in Europe, Malaysia and India. All interconnected with IPSec VPN tunnels and are routable to and from using the same subnet.

As it stands we close to a solution, currently we can ping the IPOffice externally on Lan 2 and internally on Lan 1 but not from our remote sites across the VPN. It seems to me that the IPOffice is disallowing any traffic that was tagged/touched by our ASA/VPN.

My conclusion is our Avaya tech did not setup the IP Routes Properly, i attached a screenshot of the current setup. Can someone take a look and see what we maybe doing wrong.

 

[aramsumair]

The blacked out entry is our external IP for the IP office. I did notice the tech is using alot of 0's .. i assume these are considered as wildcards ?

 

[IPOfficeIreland]

Hi aramsumair, you need to explain your ip subnets with examples.

 

[IPOfficeIreland]

but at a guess I don't see why you need the 1st rule using your public IP as the ipo can't reach this, unless it is on a public itself, if you follow.

if your internal ip phones are on same subnet and a gateway is not needed and all external phones/scn systems are via lan2 through a single router (router does vpns) then you only need 1 rule
0.0.0.0/255.255.255.255 via 192.168.20.1 LAN2
leave the remote manager rule also

 

[aramsumair]

These are our subnet/ranges

Europe 192.168.10.0/24 255.255.254.0
USA 192.168.20.0/24 255.255.252.0
Malaysia 192.168.30.0/24 255.255.255.0
India 192.168.40.0/24 255.255.255.0

Our network currently has no issues with routing across the VPN tunnels from site to site. I can ping any machine at any site from my desk and that applies anywhere else on our network. The issue seems to stem from the packets being dropped by the IP Office if it has come across the VPN.

And if i set the 3rd route subnet to all zeros (see attachment in first post) the routing across the VPN works... but it loses connection to our voicemail server.

 

[amriddle01]

You have clashing IP routes (0.0.0.0) going to different destinations it will never work like that, they need to be slighty more specific even if it just the first couple of octets

ACSS (SME)
APSS (SME)

http://www.ipoffice.tel

 

[aramsumair]

Thanks amriddle01 .. i was trying to explain this to our pbx guy and he said he didn't know why but this works.. so now i am tasked with fixing this.

 

[aramsumair]

Ok well here's an update on what is going on. If i change the first octet of the we receive incoming calls but the auto attendant/menus dont play so the person hears dead air. This also breaks the ip softphones .. we can make calls but no audio.... putting it all back to zeros fixes the issue but again it will not route across our vpn.

 

[hairlessupportmonkey]

you have two routes on lan2 with two different gateways and all metric 0. i would be a bit suspect about that actually working because you have told the IPO to route all traffic on all subnets out to 10.0.1.1

just a thought.

I would delete them and start again.

also, i hope you have changed the RemoteManager password from default, as anyone might be able to dial in on your main line number using default passwords and usernames

 

[amriddle01]

aramsumair, this is a routing issue pure and simple, you need to put in a route for each network that talks to each interface, e.g if 10.1.0.0 and 10.2.0.0 and 10.3.0.0 all talk to LAN1 put a route in IP Routes for each one pointing to LAN1. You can leave a 0.0.0.0. (catch all) in for LAN2 but you can't have one pointing to LAN1 and LAN 2 a bit like shortcodes can't be the same and Incoming call route can't route the call to two places at once. If you post the networks associated to each LAN we can help with the IP routes

ACSS (SME)
APSS (SME)

http://www.ipoffice.tel