I am trying to implement VOIP over H323 at a branch office that is connected to my main office via a site to site VPN. The branch office is an 1100 series appliance (77.20.30) while the main office is an open server running Gaia 77.30.
The site to site VPN seems to work fine, but the VOIP phone is not connecting properly to the server in the main office and the phone cannot make or take calls. My tracker logs show H323_RAS_ONLY traffic being encrypted and decrypted between the gateways with no errors. I did read in the Checkpoint VOIP documentation that you cannot make calls with H323_RAS_ONLY, which seems to match the problem I am having.
The VPN is in simplified mode and has the "accept all encrypted traffic" option set.
I am wondering how I can get the gateway to treat the H323 traffic as H323 or H323_RAS? I assume its because the H323_RAS_ONLY is used due to the "match any" option on that service, and the accept all traffic option treats everything as an ANY rule?
Is there a way around this? Do I have to take off the accept all encrypted traffic option and create individual rules in the rulebase?