I have an issue with our remote access employees.
We have employees with softphones, who connect to our phone server through Check Point Endpoint Security VPN.
I made two access rules, one for SIP traffic from RA Clients to the phone server and one for RTP (UDP/20000-25000) traffic from the server to the Remote Access Net.
Also, we have iBGP from the internal side, so I made a route on VS gateway (we have VSX) to the Remote Access Net, with the external gateway as a next-hop (to announce RA Net to BGP).
Everything works fine. But 3-4 times a day some employees don't hear a caller. I looked through logs and found out, that in such cases RTP packets don't go to the client but unencrypted go to the Internet.
What can be the problem? How to debug the issue?