Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN issues 1

Status
Not open for further replies.

colec12

Technical User
Jul 28, 2011
124
US
We are currently using some soft phones to work remotely. Avaya 6.2 and Cisco any connect VPN. The issue is one way audio and we were told this was by design and this how the vpn works.
 
You were told wrong. I have ten's of thousands of users using softphone + Cisco VPN. Your issue is the UDP ports on page 1 of your network region form aren't open on your firewall.
 
Let me get this straight, someone told you that VPN is one-way? Hope that was not your network engineer.
I agree with “Phoneguy55”, this sounds like a port issue.
 
I've also run into the issue where traffic between endpoints can't route appropriately, rather than port configuration/allowance. Make sure that from the soft phone PC they can ping whatever other endpoint is involved in the call (DSP Resource, phone, gateway where PRIs land, etc.).
 
I ran into an issue with one-way audio between softphone endpoints and got around it by turning off IP shuffling. That could be something else you may see.
 
Typically, VPN tunnels by default do not allow packets to flow directly to another VPN tunnel. That will cause loss of audio if direct media is enabled.
 
This will likely come down to having to understand your firewall rules (work with your network engineers, not against them... even if they can't do the same) and understanding the ip-network-region configurations in your system.

Obviously, connection to PROCR or a CLAN (unpreferred) is needed for h323 registration. After that you need to understand where the RTP packets are flowing. Hopefully all your VPN endpoints are 'captured' by an IPNR meant for these people. Once you have them all grouped you can give them all rules such as no direct media, or direct media only to certain offices etc.

Also, troubleshooting the -now-... get a 1 way call up, do a "status station" and look at the media path. Screen shot that then work with your firewall people to establish that the path is valid for RTP packets. A list trace will also provide similiar data, but the status station during an active call will be a little easier to read.

 
Also, you MUST get rid of the h225 and h323 ALGs/layer 4 firewalls. They will cause problems almost always.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top