AnsweredAssumed Answered

VOIP over  site to site VPN not working

Question asked by Chris Williams on Oct 23, 2017
Latest reply on Oct 28, 2017 by Hugo van der Kooij

Good day,

 

I am trying to implement VOIP over H323  at a branch office that is connected to my main office via a site to site VPN. The branch office is an 1100 series appliance (77.20.30) while the main office is an open server running Gaia 77.30.

 

The site to site VPN seems to work fine, but the VOIP phone is not connecting properly to the server in the main office and the phone cannot make or take calls. My tracker logs show H323_RAS_ONLY traffic being encrypted and decrypted between the gateways with no errors. I did read in the Checkpoint VOIP documentation that you cannot make calls with H323_RAS_ONLY, which seems to match the problem I am having.

 

The VPN is in simplified mode and has the "accept all encrypted traffic" option set. 

 

I am wondering how I can get the gateway to treat the H323 traffic as H323 or H323_RAS? I assume its because the H323_RAS_ONLY is used due to the "match any" option on that service, and the accept all traffic option treats everything as an ANY rule?

 

Is there a way around this? Do I have to take off the accept all encrypted traffic option and create individual rules in the rulebase?

Outcomes