VoIP Phone Woes over VPN.

[l33byt1]

Got a bit of an issue. Let me set the scene.
Site A (HQ) - IP Office 406 v2 on 3.1 (65)
Site B (Workshop) 1/2 mile down the road. 1Meg VPN Tunnel between the two.

Now heres the thing. The IP phones at site B update via tftp no problems. You can also regsiter a new extension as the gate keeper is on.
The phone does come up in a way. It shows the registered extension at bottom left of screen 5602 BUT doesnt pull off the user information or give dial tone.

The phone does come up if I plug directly into the front of the 406.

Site A - is 128.212.50.0 gate way of 128.212.50.252
Site B - is 128.213.20.0 gate way of 128.213.20.150

From site B I can ping the IP Office and can always ping the phones where ever I am.
Whats going on. Am I missing some thing or is this an issue with the VPN?

 

[ITfromZX81]

Hi there,

Well, you can give this a shot(I have a remote extension working this way, but it times out on me after a few hours - I think it is a vpn issue in my case so you may have better luck).

You need to setup the extension for the remote site as a seperate extension from the rest of your system. The IP Office needs to know that it has to use a different route to go to that set. The phone must be static because othewise the IPO will not be able to find it.

For example, if your extensions are series 200, set the extension in the remote office to 301(or whatever you want, as long as you are not using that series for anything else - make sure it isn't a series used for another office or this will confuse the pbx).

Now, at the main office, in Manager for the IP Office, setup a new ip route that points to the remote location.

Then, setup a user and extension for that phone. Make sure in the extension list you go to that extension, and in the VOIP tab put in the ip address you want for the phone, ie 128.213.20.151 or whatever the phone's ip address is(I don't think this will work with DHCP as each time it resets it would have a different number).

Also, you MIGHT need to add a shortcode to your system shortcodes list that deals with calls to that extension. Create a system shortcode:
shortcode 3xx [or whatever series is used for the box]
telephone number .
Line group ID 0
Feature Dial

Otherwise when you enter the number the IPO will not know what to do with the call(note - I am not sure if this is totally necessary - since you are setting up a local extension with a different number it is quite possible the system may automatically know to dial the number anyway - try it first without this code and then try it with it).

At the branch office setup a static ip that matches what you entered in the VOIP tab above. Set the extension to match the extension you setup(in the example 301).

Let me know if this works.

 

[tlpeter]

a remote phone works with dhcp as long you have a dhcp server at the remote site
even the phone number doesn't matter as long you don't duplicate
timing out is a problem of the vpn connection
try to make the livetime a big as you can
because when that time is over the vpn builds up the connection again
if you are not on the phone you won't notice but when you are calling you will loose speech (not the connetion)
you see the timer on the phone counting but you can't here the other site

this is my experience with it

what does monitor say when the phone is registering ?

 

[jconrad0305]

make sure that the codec that you are using is supported on your phone. 5600's only use the 2 64k an the 8k. i use the auto select if possible. other than that that is about it. it have gotten quite a few up like this. make sure all ports are open(should be okay on a von though)

 

[l33byt1]

Trace results from a logging on phone.
514752mS RasRx: v=IFace=LAN1, Src=128.213.20.156:49301, Dst=128.212.50.90:1719 tos=0 peb=0
RasMessage = gatekeeperRequest = {
requestSeqNum = 0x7
protocolIdentifier = 0.0.8.2250.0.2
nonStandardData = {
nonStandardIdentifier = object = 2.16.840.1.113778.4.2.1
data =
85 01 40 ..@
}
rasAddress = ipAddress = {
ip =
80 d5 14 9c ....
port = 0xc095
}
endpointType = {
terminal = {
}
mc = false
undefinedNode = false
}
endpointAlias = { 1 item(s)
[0] = e164 =
36 30 34 604
}
tokens = { 1 item(s)
[0] = {
tokenOID = 2.16.840.1.114187.1.6.2
dhkey = {
halfkey =
bf 2e 92 b4 e5 fa 72 58 e6 d7 da 8a 6d 53 42 59 ......rX....mSBY
89 2e b8 47 f3 8f b3 be 69 bf 14 70 6d 7d 48 6f ...G....i..pm}Ho
be a9 d7 50 0a b3 80 39 65 0a df c1 a7 0f d8 33 ...P...9e......3
81 01 5d 32 ce 9c f7 11 ad 10 8d 71 1f 34 6e 8d ..]2.......q.4n.
1a 42 f6 05 2a 23 dd 31 ef 8a 73 54 87 03 b9 61 .B..*#.1..sT...a
02 05 04 f3 85 a6 b1 af 04 e5 b9 85 67 b2 3a 6a ............g.:j
0c 38 aa b9 a8 6f 30 3a 93 5f 6a fd 75 41 05 99 .8...o0:._j.uA..
9d 4f ea 6c 74 cf 65 ea 52 a8 b9 ca 67 97 52 ad .O.lt.e.R...g.R.
modSize = empty
generator = empty
}
??? 12 =
02 20 02 00 04 00 00 42 71 20 01 00 0c 14 04 00 . .....Bq ......
00 0f a5 00 00 09 5e 00 00 ..¥...^..
}
}
authenticationCapability = { 2 item(s)
[0] = pwdSymEnc
[1] =
0a 60 86 48 01 86 fc 0b 01 06 02 .`.H.......
}
algorithmOIDs = { 2 item(s)
[0] = 1.3.14.3.2.6
[1] = 2.16.840.1.114187.1.3
}
}
NonStandardDataMessage =
40 @
514753mS PRN: Recv: GatekeeperRequest 80d5149c
514753mS PRN: CallSystem::CreateVoipExtn No Config for VoIP extn 604 Adding
514754mS PRN: E911: WARNING No default E911 zone (whilst adding extn)

 

[ctvi]

You write: "From site B I can ping the IP Office and can always ping the phones where ever I am."

How about from site A? "where ever I am means site A?

http://www.ctvi.com

 

[l33byt1]

Either site a or site b I can ping the switch.

 

[tlpeter]

what does the log of the vpn say ???
is it blokking something ?
when you can ping it should work so something is stopping it

 

[l33byt1]

I do not have access to the VPN. It is blocked down by another party. SO i am unable to look at the logs for these.

 

[bigjerms]

What firewall/vpn router?

If its a cisco pix turn off fixups for tftp, h323, and any other fixups that might hijack the packets.

 

[l33byt1]

Funnily enough both are PIX's

 

[bigjerms]

seriously try turning off the fixups.

 

[legendinmylunchtime]

Ping = good
IP phone no work = traffic blocked

 

[intrigrant]

Did you upgrade recently from 3.1.56 to 3.1.65?
Then ther is a nice feature : the bin files in both versions for the ip sets have the same sw level but they are different.
The 3.1.56 bin versions can not always work with a routed network, this is solved with the 3.1.65 binaries