Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Sometimes unencrypted traffic to the remote access clients

Hello everyone,

I have an issue with our remote access employees.

We have employees with softphones, who connect to our phone server through Check Point Endpoint Security VPN.

I made two access rules, one for SIP traffic from RA Clients to the phone server and one for RTP (UDP/20000-25000) traffic from the server to the Remote Access Net.

Also, we have iBGP from the internal side, so I made a route on VS gateway (we have VSX) to the Remote Access Net, with the external gateway as a next-hop (to announce RA Net to BGP).

Everything works fine. But 3-4 times a day some employees don't hear a caller. I looked through logs and found out, that in such cases RTP packets don't go to the client but unencrypted go to the Internet.

What can be the problem? How to debug the issue?

Thank you!

 

0 Kudos
1 Reply
Highlighted
Admin
Admin

You're most likely in TAC ticket territory here, particularly if the same client had been receiving the RTP traffic encrypted before then it suddenly stopped working.
0 Kudos