This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SWBW_Klixer
Explorer
‎2022-10-18 11:15 AM

Site-to-site VPN VoIP between CP 6400 with R81 and CP 1530 does not work

Hello,

via an existing VPN tunnel, IP telephones from the manufacturer Avaya are to register in a branch office via H232 on the "IP Office 500 V2" PBX at the main location and make calls via this.

The registration of the phones works.

However, telephony is not possible via these devices.
An extremely delayed operation of the IP telephones can also be seen.

In the branch office, a CP 1530 appliance establishes a permanent VPN tunnel to the CP 6400 security cluster. There is a router in front of the CP 1530 appliance and implements the Internet dial-in. There is a switch behind the CP 1530. The interfaces of the CP 1530 and the switch are assigned Vlans.

No blocked packets can be seen in the log via Smart Console.

Can someone help me to solve the problem. Thank you in advance.

0 Kudos
10 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-10-18 01:30 PM

Did you already contact CP TAC ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
SWBW_Klixer
Explorer
‎2022-10-19 02:47 AM
In response to G_W_Albrecht

No

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-10-20 07:50 AM
In response to SWBW_Klixer

Why not ? That is the way to get your issue resolved asap !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-10-20 07:52 AM
In response to G_W_Albrecht

Then you will have to follow this guide:  sk95369: ATRG: VoIP

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2022-10-18 06:32 PM

What version is the 1530 operating with and how are your rules for SIP/H232 traffic defined?

What if any advanced settings are set on the 1530 with regards to VoIP?

CCSM R77/R80/ELITE
0 Kudos
SWBW_Klixer
Explorer
‎2022-10-19 02:54 AM
In response to Chris_Atkinson

The version of the 1530 is R80.20.50 (992002773).

There are currently no explicit rules for SIP/H232.
In the current test phase, the value "Any" is set under "Services&Applications".
There are no explicit settings on the 1530 related to VoIP.

What should be set?

Many Thanks

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-10-19 04:01 AM
In response to SWBW_Klixer

sk176295: How to configure VoIP on Locally Managed Quantum Spark appliances using new VoIP wizard (S...

VoIP.png

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
SWBW_Klixer
Explorer
‎2022-10-19 07:18 AM
In response to G_W_Albrecht

The 1530 is not managed locally. We use the central management.

Where can you set the appropriate settings here? Many Thanks.

0 Kudos
rrbranco
Collaborator
Collaborator
‎2022-10-20 07:43 AM
In response to SWBW_Klixer

Check you scenario and configure the rules based on the info available at 

 

ATRG VoIP -

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

attention to "... Do not use this service in the same rule with the 'XXXX' service (because they contradict each other). ... "

 

0 Kudos
RS_Daniel
Advisor
Advisor
‎2022-10-20 01:27 PM

Hi,

I see two important things to check here. First as every one here already told you, make sure you have a correct configuration according to your specific scenario and sk95369. Second thing, can you provide more details about your ISP connections? are they static IP addresses? dynamic? if dynamic, does DHCP provide a public IP or private IP address that is nated later by the ISP? 

did you check drops on CLI with "fw ctl zdebug + drop | grep X.X.X.X" while you replicate the issue? if you did not, try filtering the PBX ip address first and then the IP phone address.

Regards

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events