NEC VoIP & VPN

[jh999]

We have a WatchGuard Firebox Core x750 at our main office with about 20 WatchGuard Firebox Edge x10e’s connected into it via VPN. The Edge’s create a VPN for our phone system which allow the 20 at-home agents to connect into our call center via VoIP.

All of the VPN’s work great as well as the VoIP phones. The problem we’re having is that one at-home agent cannot call another. The at-home agents can call into the office and speak with anyone but cannot reach anyone at home (they get a busy signal).

The design of our phone system is to drop out and let the two phones talk directly when it senses both phones are IP. We spoke with our phone vendor and they informed us that this cannot be changed. Our main office is on the 10.182.1.x subnet and our remotes are on the 10.183.x.x subnet. WatchGuard told us that we needed to create a tunnel for each BOVPN to allow both 10.182.1.0/24 and 10.183.0.0/16 which we did.

After we did this the at-home agents could now talk to one another. The issue we’re being faced with now is that if they don’t call each other about every 10 – 15 minutes the tunnel seems to die out which pretty much brings us back to our first problem.

I was wondering if anyone knew of a way to keep the tunnels active indefinitely? At first we were using the VPN Keep Alive within the Firebox Edge however it appears to only allow up to six entries.

 

[pave35]

What NEC system????

 

[OzzieGeorge]

Sounds more like a problem in your network than in the phone system!

 

[jh999]

It is an NEC NEAX 2000 IPS.

 

[pave35]

I know you can disable P2P in the IPKII I'll have to look up the IPS. Pretty weak network equipment it you only have 6 entries or the tunnel doe snot stay in place.
The whole concept behind P2P is to relieve un-necessary congestion on the network.

 

[ctvi]

I would create a dos batch file with a scheduler that pings the remote sites every hour. This has nothing to do with NEC. It is has only to do with the VPN keep alive parameter.

Note that the watchguard uses a text config file. If you call their support, they may should you how to edit it and add as many sites as you want. I am not sure that it is possible but certainly worth a try.

http://www.ctvi.com

 

[ctvi]

Why do you say there is only room for six?

see this link:

https://www.watchguard.com/help/smalloffice/71/configvpn/config12.htm

VPN Keep Alive
To keep the VPN tunnel open when there is no communication across it, you can use the IP address of a computer at the other end of the tunnel as an echo host. The Firebox® X Edge sends a ping once a minute to the specified host. Use the IP address of a host that is always up, and that answers ping messages. You can enter the trusted interface IP address of the Firebox X Edge, or the trusted interface IP address of a Firebox III or Firebox X that is at the other end of the tunnel. You can use multiple IP addresses so the Firebox X Edge can send a ping to multiple hosts across different tunnels.

To connect to the System Status page, type https:// in the browser address bar, followed by the IP address of the Edge trusted interface.
The default URL is:

https://192.168.111.1.

From the navigation bar, select VPN > Keep Alive.
The VPN Keep Alive page appears.

Type the IP address of an echo host. Click Add.
Click Submit.

http://www.ctvi.com

 

[gmannatl]

If it is not the VPN keepalive as ctvi suggested it could be an issue with the UDP stack closing. I had a similar situation in the past with VPN where the routers (Adtran Netvanta's) were set to close any open ports after XX seconds. In my scenario the calls would go silent after an hour. However, if they put the call on hold and resumed the call they would get a speech path again. Here is something to try . . . .

Have the agents call each other until the speech path drops out. Then have one of the agents put the call on hold and then pick it back up. If they can continue to talk this is the issue. If however, after the 15 minutes the call actually disconnects then it is definitely something with the "meshed" tunnels between the x10's.