VoIP via PBX drops

[andyfram]

Our corporate HQ has a Panasonic TDA600 PBX, and a remote office has a Panasonic TDA200 PBX - both have the IP Gateway card for VoIP. On both sides, the next hop of the PBX is the sonicwall, and the second hop is the Internet router.

The branches are connected via VPN with a sonicwall device.

When either end places a call to the other, the phone rings, and the correct extension shows up on the caller ID. But every time, after about 20 seconds, the connection drops to dial tone.

Panasonic is sure the PBXs are set up correctly.
The sonicwall folks say the VPN tunnel between the 2 branches is wide open policy-wise.
There is plenty of bandwidth (HQ has one partial and one full T1, and the branch has ADSL).

Anyone experience something like this?

 

[Sympology]

I'm not familiar with this system, but what Protocol are you running?

It sounds like SIP but I may be wrong.

If SIP, it uses two methods.

First you have the SIP protocol, that controls call management, eg set, teardown etc.
Then you have RTP, which is your voice traffic. To me it sounds like this is the issue.
Sometimes the SIP & RTP address can be different, so you may find the RTP IP address is not allowed though (or not even configured).

Get you guys to put a sniffer on and see what traffic is passing through.

Only the truly stupid believe they know everything.
Stu.. 2004

 

[andyfram]

So far I can tell the following protocols are being used...

HTTP TCP 80
RTP/RTCP UDP 5004-5011
H.225.0 Call Signaling TCP 1720
H.245 TCP 1712-1724
H.225.0 RAS UDP 1719

But all of these ports are open and there is no NAT since the PBXs are using private IPs.

The firewall logs shows no traffic is being dropped.

 

[yurtek]

Your problem is probable QOS. Test this via:

http://myspeed.visualware.com/voip/

Check at both ends.

contact the appropriate ISP.

 

[Niko777]

You are probably getting dialtone because the far-end hangs up. Dial tone is used as a tone disconnect. They probably don't hear anything and hang-up the call.
Do a trace on both ends and look at the sample counts in the RTP packets. Verify that every packet you sent is received and vice versa. Having a T1 and ADSL doesn't mean that you have a reliable pipe. Even if you prioritize your voice traffic it doesn't mean the ISP will look at it. But it may help fix any bottlenecks at the router.

 

[andyfram]

Bypassed the sonicwalls and now it works fine.

 

[phones1]

protocal your using looks more like H323

Remember if it doesn't work hit it harder

Scott UK

 

[chefwong]

Andy-

what was the resolution ? Was it the SW ? Were the firmwares up to date ?

What were the speeds on the ADSL circuit ?

 

[andyfram]

The firmware was the latest on both ends, and we reduced overhead as much as possible.

Resolution was bypassing the sonicwall completely. Sonicwall support does not know why it works that way.

Both branches scored a MOS rating of 4 (out of 4.5) from the speed test link in one of the posts above.

 

[rfpup]

There are few real firewalls that support H323 suite.

 

[chefwong]

What are you using now between the 2 branches for VPN ?

 

[Sympology]

Yes h323 is a pig for going through firewalls. That's why more and more are going to SIP.

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004

 

[rfpup]

We use Checkpoint with Nokia hardware.

 

[andyfram]

The sonicwall devices provide the VPN as well as firewall services.

There are a few settings (that didn't do anything when played with) for H232, which would indicate sonicwall is "aware" of that protocol and supports it. (There are also a few settings for SIP).

 

[bill7189]

Are you using Enhanced software? Also what is your TCP timeout set to?

 

[crac74]

Try to disable the fixup protocols H.323
On some Cisco firewalls, H.225 and H.245 messages are not handled as intended...It could be the same problem on your fw.