Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Juniper SSG and IP Office SCN Config?

Status
Not open for further replies.
nt7332

nt7332

Programmer
Jun 6, 2004
11
Does anyone have a sample config of two SSG Junipers running a VPN and the IP Offices Running SCN. I just want to make sure i have everything setup correctly.

It seems as if everything is setup correctly, but IP Office "A" says the SCN is UP and the other IP Office "B" side says the SCN is "not connected". IP Office B is transmitting packets and the NOT receiving any packets? IP Office A is sending and Receiving packets? Any thoughts?????

Glboal Voice Integration
N.T
AVAYA ACE.
 
Sort by date Sort by votes
what systems and what software version do they have ?


RTFM.gif



ACS - Implement IP Office
ACA - Implement IP Telephony -- ACA - Design IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
What IPO's do you have?
Routes OK?
SCN Licences valid?
Firewall might block 1719/1720 and 5xxxxx range?

Avaya_Red.gif

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________
 
Upvote 0 Downvote
IP500's 4.2.17 Juniper SSG 40 at site A and SSG 5 at site B

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
Do you have networking licenses on both sites ?


RTFM.gif



ACS - Implement IP Office
ACA - Implement IP Telephony -- ACA - Design IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
Routes are ok can ping between sites.
Firewall is set to allow "Any"
SCN licenses are showing "Valid"

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
Double check the iplines and iproutes
There must be something wrong



RTFM.gif



ACS - Implement IP Office
ACA - Implement IP Telephony -- ACA - Design IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
If you do a tracteroute?

Avaya_Red.gif

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________
 
Upvote 0 Downvote
I have checked them over 3 times and re-built them 2 times? i know there is something wrong, im just not sure if im seeing what im doing wrong, that's why i would like to see a working sample config so i can compare the two. i think im going crazy! I probably have a typo somewhere and its driving me NUTZ!

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
You could have a look here;


It's not a VPN/VPN setup but VPN/RemotePhones but it's worth a check on how the VPN is setup.

Avaya_Red.gif

___________________________________________
It works! Now if only I could remember what I did...
___________________________________________
 
Upvote 0 Downvote
Ipline on site A

192.168.10.1 is site B configured on site A
iproute
0.0.0.0 0.0.0.0 ipadres of the gateway on site A

Ipline on site B

192.168.20.1 is site A configured in site B
iproute
0.0.0.0 0.0.0.0 ipadres of the gateway on site B

Voice networking must be ticked on site A and site B

Can you check this settings ?

RTFM.gif



ACS - Implement IP Office
ACA - Implement IP Telephony -- ACA - Design IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
you may need to turn the H323 inspect off in the junipers.

Kevin Wing
ACS- Implement IP Office
ACA- Implement IP Office
Carousel Industries
 
Upvote 0 Downvote
RosesAlbFW1-> trace-route 192.168.6.5 from eth0/1
Type escape sequence to escape

Send ICMP echos to 192.168.6.5, timeout is 2 seconds, maximum hops are 32, tra
ce from ethernet0/1
1 90ms 110ms 96ms 192.168.6.5
Trace complete
RosesAlbFW1->
--------------------------------------------------------------------------------------------------------
SanfordFlFW2-> trace-route 192.168.4.5 from eth0/6
Type escape sequence to escape

Send ICMP echos to 192.168.4.5, timeout is 2 seconds, maximum hops are 32, tra
ce from ethernet0/6
1 91ms 92ms 91ms 192.168.4.5
Trace complete
SanfordFlFW2-> trace-route 192.168.4.4 from eth0/6
Type escape sequence to escape

Send ICMP echos to 192.168.4.4, timeout is 2 seconds, maximum hops are 32, tra
ce from ethernet0/6
1 91ms 114ms 90ms 192.168.4.4
Trace complete
SanfordFlFW2->


Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
Ipline on site A

192.168.10.1 is site B configured on site A
iproute
0.0.0.0 0.0.0.0 ipadres of the gateway on site A (just checked this out and its good)

Ipline on site B

192.168.20.1 is site A configured in site B
iproute
0.0.0.0 0.0.0.0 ipadres of the gateway on site B (just checked this out and its good)

Voice networking must be ticked on site A and site B (just checked this out and its good)

Can you check this settings ?

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
where do i find the H323 inspect option?

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
Then you have a network problem if your networking licenses are valid !

By the way your ping time are a bit high !
200ms is the max for voice calls


RTFM.gif



ACS - Implement IP Office
ACA - Implement IP Telephony -- ACA - Design IP Telephony
ACA - Voice Services Management
______________
Women and cats can do as they please and men and dogs should relax and get used to the idea!
 
Upvote 0 Downvote
I know it has to be a network problem. i know its high but still under 200ms. im still at a loss....

Glboal Voice Integration
N.T
AVAYA ACE.
 
Upvote 0 Downvote
For Juniper SSG, you want to go to "Security -> ALG" and uncheck H323.

There's also a way to build a VPN tunnel that doesn't require policies - I can't remember the steps off the top of my head but look on Juniper's website documentation under ScreenOS - I think section 5 is VPNs. You'll want to find the "Route-based VPN" section.
 
Upvote 0 Downvote
I just had this same problem with 2 ssg20s connected via a point to point t1.

since it took me most of the day to figure it out, I figured I'd share since the avaya and juniper documentation is sparse.

the bgroup0 interface needs to be in route mode. nat mode will not allow the ip office scn traffic.

I turned off the h323 and sip ALGs.

if everything else looks right, check your mode on the trust/lan interface and set it to route.

the untrust/wan interfaces usually default to route mode.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Dimorus
  • Locked
  • Question
ip office 406 and ip office 400 analog phones (downgrade)
Replies
4
Views
159
ipohead
ipohead
TN94z
  • Question
IP Office 11.1.3.1 with IP Flex - Sending caller ID
Replies
7
Views
445
TN94z
TN94z
joestar
  • Locked
  • Question
Skype for Business (Lync) and IP Office SIP Integration
Replies
0
Views
231
joestar
joestar
4thright
  • Question
IP Office 500 v2 - T1 Trunking
Replies
14
Views
583
derfloh
derfloh
john3voltas
  • Question
IP Office Server Edition - tcpdump / Wireshark
Replies
3
Views
319
john3voltas
john3voltas

Part and Inventory Search

Sponsor

Back
Top