Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SWBW_Klixer
Explorer

Site-to-site VPN VoIP between CP 6400 with R81 and CP 1530 does not work

Hello,

via an existing VPN tunnel, IP telephones from the manufacturer Avaya are to register in a branch office via H232 on the "IP Office 500 V2" PBX at the main location and make calls via this.

The registration of the phones works.

However, telephony is not possible via these devices.
An extremely delayed operation of the IP telephones can also be seen.

In the branch office, a CP 1530 appliance establishes a permanent VPN tunnel to the CP 6400 security cluster. There is a router in front of the CP 1530 appliance and implements the Internet dial-in. There is a switch behind the CP 1530. The interfaces of the CP 1530 and the switch are assigned Vlans.

No blocked packets can be seen in the log via Smart Console.

Can someone help me to solve the problem. Thank you in advance.

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

Did you already contact CP TAC ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
SWBW_Klixer
Explorer

No

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Why not ? That is the way to get your issue resolved asap !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Then you will have to follow this guide:  sk95369: ATRG: VoIP

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

What version is the 1530 operating with and how are your rules for SIP/H232 traffic defined?

What if any advanced settings are set on the 1530 with regards to VoIP?

CCSM R77/R80/ELITE
0 Kudos
SWBW_Klixer
Explorer

The version of the 1530 is R80.20.50 (992002773).

There are currently no explicit rules for SIP/H232.
In the current test phase, the value "Any" is set under "Services&Applications".
There are no explicit settings on the 1530 related to VoIP.

What should be set?

Many Thanks

0 Kudos
G_W_Albrecht
Legend Legend
Legend

0 Kudos
SWBW_Klixer
Explorer

The 1530 is not managed locally. We use the central management.

Where can you set the appropriate settings here? Many Thanks.

0 Kudos
rrbranco
Collaborator
Collaborator

Check you scenario and configure the rules based on the info available at 

 

ATRG VoIP -

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

attention to "... Do not use this service in the same rule with the 'XXXX' service (because they contradict each other). ... "

 

0 Kudos
RS_Daniel
Advisor

Hi,

I see two important things to check here. First as every one here already told you, make sure you have a correct configuration according to your specific scenario and sk95369. Second thing, can you provide more details about your ISP connections? are they static IP addresses? dynamic? if dynamic, does DHCP provide a public IP or private IP address that is nated later by the ISP? 

did you check drops on CLI with "fw ctl zdebug + drop | grep X.X.X.X" while you replicate the issue? if you did not, try filtering the PBX ip address first and then the IP phone address.

Regards

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events