Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Does not voice in both side via site-to-site

Hello

Today i configured chekpoint 1590 and faced a problem. My voip client do not hear each other.

My environment has next view. LAN VOIP client - Site2Site - PBX

Most important configuration:

        - Enabled  - Hide internal networks behind the Gateway's external IP address 

        - In ACCESS RULES i allowed traffic from LAN to PBX and back For SIP_UDP and SIP_TCP traffic. I have made additional service with "none" for rtp udp ports 10000-20000. Made allow rule for this service. In SIP_UDP and SIP_TCP service i  have cheked in "Disable sip inspection" box (Without this phone could not register to PBX)

        - I did not made any other nat rules.

Between the network of both site of ipsec tunnel all other traffic is passes, I also test icmp, rdp, ssh connection.

I think, i have to disable some additional inspection for voice, but cat find where in this stripped down web interface.

Also in future, I need to allow my remote client (RA VPN) access to services behind this site to site vpn. Have i need change Back Connection parameter, from Device -> Advanced Settings to true like diskribe in this article https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

  

0 Kudos
Reply
1 Reply
Explorer

I found solution, on UDP port range for RTP traffic service must be enabled "Accept Replies"

Go to Service > create that specific UDP port service > go to advanced and tick "Accept Replies". Then go to policy and create new incoming rule (unless already created) using that specific port (service that you created).