IPSoftphone (Roadwarrior)

[DaveHTEC]

I am having trouble setting up IPSoftphone -Road Warrior- through a Checkpoint VPN-Secure Remote to enable me to work from home on occasions.
I have installed and configured most of what needs installing and configuring but I have come to a dead end in that I cannot get the remote PC to connect to the VoIP address. When I try to log onto the phone it comes up with “logged in” but then a second later “not logged in” and then it goes into a continuous loop of logging and logging out.

This is what I get when I try to log on to the phone.
Login and Call Status
Login Status: Logged in as Ext 373
Terminal Type: 6408D
Local IP Address: 172.16.*.**
Server IP Address: 172.16.*.**
VoIP address: Not known
Call: Not in call.

When Road Warrior was set up on a computer on our LAN there were no such problems. What could I possibly be doing wrong?

Any help would be much appreciated
Regards
Dave

 

[NX01]

Make sure the firewall allows for ports 1719 UDP, 1720 TCP and the UDP port range in your ip-network-region.

In the future everything will work...

 

[ezncool]

this may be a stupid question, but do you have a medpro board in your pbx? If you do not have this, you can log in to the softphone internally but not when your through vpn.



ezncool
I have no technical solution to your management problem

 

[RingOpen]

In order to get IPAgent to work, I have to disable secure remote in the Local Area Network Properties.
Also we found out that that IP agent would not send and recieve on the same port.(see post on PIX firewall)
good luck

 

[DaveHTEC]

Thank you all. I appreciate that.
I shall try all the different suggestion and see if that resolves my problem. And of course I shall keep you all posted of developments.

Dave

 

[DaveHTEC]

Thank you all for your helpful info.

NX01
I have opened up the firewall to allow ports 1719UDP and 1720TCP but this doesn’t seem to help in the slightest. Perhaps you could elaborate on what you meant UDP Port range in my ip-network-region.

RingOpen
Disabling Secure Remote in the LAN properties would in effect stop me from being able to connect to external –work’s- LAN. As a security policy, staff at my firm are only able to connect remotely to our LAN through the VPN. Apologies for not having made this clear in the first instance.

Ezncool
Yes indeed we have MedPro board. I can also log into the Softphone internally without any problems but not through VPN just as you rightly deduced.

I am not too sure if the problem could be due to network connection issues for I can ping both the C-LAN and MedPro cards on the PBX externally without any problems.

 

[RingOpen]

Check with your firewall personell. We had the necessary ports open (1719 and 1720), We were told that it went out on one port and but came back on a totally different one. They made a change on the firewall rules and that fixed it.
Oh, we were also able to ping all the boards.
Good luck.

 

[DaveHTEC]

RingOpen,
You are invaluable. I shall give that a go and see what happens.

Much obliged.

 

[m4ilm4n]

Others can correct me if I'm wrong (and I probably am), but in getting our IP Softphones to work via a VPN connection I had to make sure that the remote VPN clients could see all IP addresses associated with the switch - ours has three, so that would be the S8300, the G700 and the VoIP (MGR?) addresses.

 

[DaveHTEC]

m4ilm4n
Thank you. Just as in your case, the remote VPN can indeed see all the associated IP addresses

 

[NX01]

The ip subnet that you are using must be assigned a ip-network-region. This is done in the ip-network-map. Your map will have the subnet range (i.e. 192.168.1.1 to 192.168.1.255.) and set the network region there. The network region will have a range of UDP ports use for Voice. 1719 and 1720 are used for logging in and signaling. The port must be opened to allow talk.

In the future everything will work...

 

[craigdred]

Can you ping the C-LAN IP Address? This will tell you if you can establish a physical connection. If you are unable to ping the IP Address, then typically the Firewall is blocking the ports for your IP Software

 

[habenero99]

I have the exact same problem as DaveHTEC using Checkpoint NG R55 , Roadwarrior and a few versions of the softphone.

Any more ideas? Of course I can ping my Clan. I have a sniffer trace showing the PBX talking to the softphone client. What is happening is that the PBX asks the softphone client to re-register at some point and it never connects. My sniffer traces show all ports are working 1719, 1720, and the upper TCP and UDP ports.

For some reason I still can not connect!

 

[habenero99]

I fixed the issue of my softphone not working thought our checkpoint VPN. We were using the service ANY for incoming VPN clients. For some reason you must specify tcp_high ports and udp_high_ports. The "Any" service does allow these ports to work, as I witnessed in my sniffer traces, however I think UDP was not functioning completely (accept replies option?).

 

[NX01]

I have noticed on my status page that the CALL CONTROL SIGNALING Far End port was higher than my UDP port range at times. I logged the ports used and open the firewall with these ports aswell...

In the future everything will work...