Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VOIP over VPN no voice to remote network

Status
Not open for further replies.
bleslie

bleslie

IS-IT--Management
Sep 8, 2009
4
US
I've successfully configured a VPN tunnel (site to site) and can browse the network share folders, etc.

We have a BCM 400 (I believe it's a 400) I've managed to get remote IP phones to call and ring phones at our main location, but I hear no sounds\voices\dialtone.

I've read similar problems on this board and they suggested to check ports on the firewall. I've tripple checked the ports on our ASA and ISA.

THE KICKER IS....
I can make calls from remote phones to remote phones (on the same remote site) and get a voice connection.

This makes me believe NAT and Access Rules work since in order to establish a call from the remote site, all traffic would need to sucessfully pass through the firewalls 'hit' the bcm and pass back through it.

I'm using the softpone i2050 and a i2004 IP phone at the remote site, both work.

I just figured out I can call to a softphone at the main site and only hear audio at main site, i can hear NOTHING transmitted to the remote softphone.


where could I be going wrong?

Thanks

Ben Leslie
 
Sort by date Sort by votes
Ahh... So this is fun when dealing with Unistim. The problem is more than likely the reponder address of the RTP ports. Make sure both of your devices (that are controlling your NAT on either side) are set for CONE/Consistent NAT. Depending on what hardware/software you have depends on which option you will see. :)

Bryan J Miles
Systems Engineer
Service Communications, Inc.
 
Upvote 0 Downvote
This just sounds like a wrong default gateway set somewhere. When a call is made from an ip set, it is talking to the bcm to do the setup. Once the call is established, the packet flow is from phone to phone. That's probably why you can talk from set to set at the remote site but can't talk from an ip set at the remote to an ip set at the main. Esprcially if you have one way transmission.

Check all your default gateways.
 
Upvote 0 Downvote
The only default gateway I can image is incorrect is on the BCM, it points to ISA. I've set up the second NIC on the BCM to be on the the network between ASA and ISA, should I change its gateway/net hop to ASA? (our VPN terminates at ASA)

basic setup of network

internet--->Router----->ASA------>ISA------>internal network
IPadd x.x.2.x x.x.4.x x.x.0.x

Do I need routes set up somewhere else?
Just tested this, I CAN'T browse/ping shares on computers located at the Remote site.
ASA reports "a packet does not match any outbound NAT command rules"

I can ping/browse computers on the main site from remote site.
 
Upvote 0 Downvote
I suggest looking up Unistim and STUN. You will see what I am talking about. The other item that I am curious about now is that you say in your last post that you have (2) NIC's and gatewasy set for each? Is this correct?

Bryan J Miles
Systems Engineer
Service Communications, Inc.
 
Upvote 0 Downvote
Been, you will require VPN tunnels between each remote user in order to have voice traffic between the remote users. A Nortel business series router (BSR222) at each end can provide this for you, but it's limited on the number of tunnels that can be created.

Example:
4 IP Remote Phones will require VPN tunnels as such:
User A to BCM
User B to BCM
User C to BCM
User D to BCM
User A to User B, User A to User C, User A to User D
User B to User C, User B to User D
User C to User D

As you can see, each user needs a VPN tunnel to the BCM and then a tunnel to each other person.

Now it gets worse if each remote user has a dynamic public IP address. If so, then that address can change and you will need to use the Dynamic DNS (DDNS) feature and setup an account at DynDNS.org. But, if each user can purchase a static public IP address through their ISP, then the problem becomes easier as DDNS has been known to fail because the DDNS account requires updates at least every 30 days. Even though the BSR222 supports DynDNS updating, it doesn't work at all. I have worked around the failing DDNS issue by installing a DynDNS program on a PC at the person's Home/Office that updates the DynDNS account periodically.

The SIP protocol has jumped leaps and bounds over the archaeic h.323 protocol by including NAT Traversal options within the SIP PBX (google SIPX).

I hope this helps. But if you have questions let me know. Been down this path on all versions of the BCM.


DBrew
 
Upvote 0 Downvote
The BCM has to network ports (NICS) that are on seperate networks, behind ISA and between ISA and ASA.
As far as i can tell it only has one default gateway, which is the internal IP address of ISA. This was set up well before VOIP/VPN was considered here.

The VPN tunnels from remote site to remote site, I'll deal with later, this setup will be mainly for VPs to call in to work when working from home.

I'll check out SIPX.
 
Upvote 0 Downvote
OK, was reading through the post again. The BCM can only send VoIP traffic across one of it's LAN ports.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jonnyt68
  • Locked
  • Question
VOIP phones over multiple IP sites
Replies
1
Views
83
curlycord
curlycord
gberger
  • Locked
  • Question
Bcm50 R6 no ports left on a remote I2050
Replies
5
Views
170
gberger
gberger
dukane123
  • Locked
  • Question
BCM50 remote packages & fraud protection
Replies
3
Views
121
dukane123
dukane123
jsaad
  • Locked
  • Question
BCM 400 3.7 vm no light
Replies
9
Views
207
jsaad
jsaad
cndr99
  • Locked
  • Question
BCM400 => Asterisk: no ringing near end ex BCM 2
Replies
10
Views
183
curlycord
curlycord

Part and Inventory Search

Sponsor

Back
Top