Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TChystilina
Explorer

Does not voice in both side via site-to-site

Hello

Today i configured chekpoint 1590 and faced a problem. My voip client do not hear each other.

My environment has next view. LAN VOIP client - Site2Site - PBX

Most important configuration:

        - Enabled  - Hide internal networks behind the Gateway's external IP address 

        - In ACCESS RULES i allowed traffic from LAN to PBX and back For SIP_UDP and SIP_TCP traffic. I have made additional service with "none" for rtp udp ports 10000-20000. Made allow rule for this service. In SIP_UDP and SIP_TCP service i  have cheked in "Disable sip inspection" box (Without this phone could not register to PBX)

        - I did not made any other nat rules.

Between the network of both site of ipsec tunnel all other traffic is passes, I also test icmp, rdp, ssh connection.

I think, i have to disable some additional inspection for voice, but cat find where in this stripped down web interface.

Also in future, I need to allow my remote client (RA VPN) access to services behind this site to site vpn. Have i need change Back Connection parameter, from Device -> Advanced Settings to true like diskribe in this article https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

  

0 Kudos
1 Reply
TChystilina
Explorer

I found solution, on UDP port range for RTP traffic service must be enabled "Accept Replies"

Go to Service > create that specific UDP port service > go to advanced and tick "Accept Replies". Then go to policy and create new incoming rule (unless already created) using that specific port (service that you created).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events