Sonicwall Site-to-Site VPN Tunnel with IP Office 500 and Remote 5620 1

[VPNTech]

I would be SO appreciative for any help with this issue. I have spent hours searching and can't find out what is wrong, here is the Scenario.

MAIN OFFICE

- Sonicwall Pro 4060 OS Enhanced 4.x The ip range is 10.0.0.X /255.255.255.0 Subnet GW is .1
- IP Office 500 at main site with its IP 10.0.0.35
- IP Office Manager 10.0.0.33

REMOTE OFFICE

- Sonicwall TZ170 OS Enhanced 3.2x IP Range 10.8.0.X/255.255.255.0 Subnet GW is .1

There is a site-to-site VPN tunnel between the two firewalls, it works great, can ping from the 10.8.0.x network and hit the IPOffice 500 or the IP Office manager and from the 10.0.0.x network I can ping anything on the 10.8.0.x network including the 5620SWIP phone.

I have a 5620 SW IP Phone assigned the following:

Phone IP Address 10.8.0.200
CallSV=10.0.0.35
CallSVPort=1719
Router=10.8.0.1
Mask=255.255.255.0
FileSV=10.0.0.33
802.1Q=Auto

The phone boots, finds the TFTP server and downloads the *.scr, *.txt, etc. files but then just goes to DISCOVER 10.0.0.35 and thats where it stops.

I've read up that says make sure H.323 Settings are enabled in the VoIP tab (which they are on both firewalls). I've even added rules to allow 1719-1720 with UDP and TCP just to make sure, but still no go.

I've also added a route within the IP Office to route any 10.8.0.0 traffic to the gateway 10.0.0.1

I'm at a total loss. Every tech doc I've seen shows how to configure the 46xx and 56xx phones when you load the VPN firmware on the phone, but I'm just using the standard firmware, scr, etc files that a local IP phone would use becuase I already have the VPN tunnel created, I just want to use that and use this 5620 phone here.

Thanks!

 

[iposcn]

I had a similar set up once, first I would remove any custom firewall rules that you set up as they are not applicable once the tunnel is established. Second, I would DISABLE H.232 transformations on both Sonicwalls, this setting always messed up my calls.

In theory, the Route that you have set up is unnecessary, though various techs have had different opinions on that. It should not affect anything negatively to leave it.

Everything else looks good to me.

 

[VPNTech]

Thanks for the feedback. Unfortunately I tried that and it didn't work. The phone still shows Discover 10.0.0.35.

I'm wondering if it has to do with it not being able to transmit broadcasts or something. I did a packet capture from the TZ170 side and found the following:


Time: 07/10/2008 08:38:38.768
Content: UDP received on LAN 350 bytes
From: 10.4.0.250 49305 (00:1b:32:e0:26:f3)
To: 10.0.0.35 1719 (00:06:c3:f4:2f:4c)

But I'm wondering if the Sonicwall on the other side is droping the packet or doesn't handle broadcasts (I'm guessing here, might not even be related). I even enabled support for Netbois broadcasts and enabled the IP helper to transmit them but that doesn't help.

So back to the drawing board...

 

[VPNTech]

Just wanted to update you. Actually unchecking "Enable H.323 Transformations" on the VoIP tab did it (it has to be disabled on both firewalls) and it worked great!

Thanks for the post. Earlier I thought it didn't work but I had taken the Tunnel down and didn't realize when I'd tried it that the tunnel was down.

Its funny because Avaya Docs say to enable that on Sonicwalls, go figure!

Thanks again!

 

[iposcn]

Great news, glad it worked because I wasn't sure what else to recommend.