Watchguard with remote worker phone

[Spekkert]

Hi Guys,

im having trouble to get the remote worker phone solution to work with watchguard XTM series. Has anybody got this to work? Or is this a device thats on the list that do not work?

Thanks!

 

[hairlessupportmonkey]

i bet its the broadband at the other end....

are you using a proxy or just a packet filter for you policies?

ACSS - SME
General Geek

 

[Spekkert]

I just use packet filtering, and the other end is also a watchguard XTM.

You have this working? Just with forwrding the ports with SNAT?

 

[hairlessupportmonkey]

why not set up a site to site vpn?

ACSS - SME
General Geek

 

[tlpeter]

What is the problem you have?


BAZINGA!

I'm not insane, my mother had me tested!

 

[Spekkert]

I know i could use a site to site but this is just for testing. We use the watchguard almost evry time with a ip office install. So i would like to know if this works with the remote worker solution. So HSM did you get this to work?

Peter, the phone tries to register and switches between screens of registering and "phone screen" (im useing a 9608).

this is the message i get in monitor:
156628655mS H323Evt: Recv GRQ from d97ab6f0
156628655mS H323Evt: e_H225_AliasAddress_dialedDigits alias
156628655mS H323Evt: found number <240>

This keeps repeating.

User settings and extetion settings are correct. Port forwarding is correct. Als tried this:
REMOTE_H323=1800

Thanks!

 

[tlpeter]

Did it make any difference?
When you used port 1800 did you change the 1720 tcp port to 1800?
If you don't then it won't work

BAZINGA!

I'm not insane, my mother had me tested!

 

[Spekkert]

Peter,

i added the port in the policy. BUt there is no difference. I dont see anything being blocked in the firewall..

 

[tlpeter]

But did you remove 1720?
If you don't then odd things happen (no speech is one of them)

BAZINGA!

I'm not insane, my mother had me tested!

 

[Spekkert]

Ok, a changed the policy to this:
udp 1719
TCP 1800
Rtp port
UDP 5005

Also the puplic ip is pingable.
Firmware ip office 8.1.69 with the correct firmware in 9608

Stil the same problem...

 

[tlpeter]

Did you run stun?

BAZINGA!

I'm not insane, my mother had me tested!

 

[hairlessupportmonkey]

Yes, you need STUN to be running to re-write your packets from Private / NAT IP to your public interface IP. Hence no speech.

Yes, I have had the WG working with remote phones. VPN mode works even better though.

ACSS - SME
General Geek

 

[Spekkert]

I havent tried stun yet. Peter which stun server do you use?

HSM, for the watchguard config, you only use the SNAT port forwarding or is there something else that you change in the watchguard?

 

[tlpeter]

I use stunserver.org


BAZINGA!

I'm not insane, my mother had me tested!

 

[hairlessupportmonkey]

Yes, SNAT as per Avaya's documentation

read this:

http://marketingtools.avaya.com/kno.../manager/index.htm?remote_http_extensions.htm

ACSS - SME
General Geek

 

[Spekkert]

Ok, tried the stun server, but as soon as i enable the stun option my sip trunk goes down...

Do I have to use the Stun server option... With mitel and panasonic this is way easier... or is it just me...

 

[amriddle01]

It's not just you, Avaya have made a hash of it. And they seem to have abandoned it in favour of SIP endpoints in R9 rather than improving it

 

[hairlessupportmonkey]

And with SIP remote phones you might as well have an analogue phone attached to an ATA for all the functionality you get.

Stick to VPN phones. Best method still by far.

ACSS - SME
General Geek

 

[Spekkert]

Ok, the stun is working and the sip trunk is up to. It took some time for stun to work, like almost 10 minutes. Is this normal?

And there is no way to do this without STUN?

 

[amriddle01]

The STUN just detects the information and fills it in for you, if nothing has changed/will change you needn't run it again, just statically programme the info