Problems with VoIP/SIP Connection over IPsec VPN
Freshman MemberHello forum,
I have configured a working IPsec VPN connection between 2 sites (Ping, HTTP, ... everything works), but no SIP registration can be performed.
I have configured a working IPsec VPN connection between 2 sites (Ping, HTTP, ... everything works), but no SIP registration can be performed.
Short to my structure:
Location A:
USG 40W
IPsec server (fixed IP)
LAN: 192.168.1.0/24
CISCO VoIP Phone Adapter with IP 192.168.1.21
Location B:
USG 20W VPN
IPsec client (dynamic IP)
LAN: 192.168.11.0/24
Fritzbox as a SIP / VOIP server in "IP client mode" with IP 192.168.11.34
No. Time Source Destination Protocoll Length Info
170 2.821014 192.168.1.21 192.168.11.34 SIP 626 Request: REGISTER sip:192.168.11.34 (1 binding) |
171 2.821217 ZyxelCom_1e:38:e7 Broadcast ARP 42 Who has 192.168.11.34? Tell 192.168.1.1
209 5.814228 192.168.1.1 192.168.1.21 ICMP 590 Destination unreachable (Host unreachable)
at the same time, the ping from the 192.168.1.0/24 network to the VOIP server works:
900 12.414553 192.168.1.10 192.168.11.34 ICMP 98 Echo (ping) request id=0x503e, seq=1/256, ttl=64 (reply in 903)
903 12.462777 192.168.11.34 192.168.1.10 ICMP 98 Echo (ping) reply id=0x503e, seq=1/256, ttl=60 (request in 900)
All SIP settings on the USG devices are disabled.
The routes are (in my view) configured correctly - otherwise the ping would not work either.
Why does the USG 40W (site A) not use the route to site B for the SIP request?
Thank you in advance for tips or hints.
regards
0
Comments
-
Hello FL_AT,
When the issue happens, can you capture the packet on
- lan interface which VOIP phone connected
- WAN interface of USG40W
- VOIP server.
It helps to understand what packets were missing.
As the packet message you shared, did you configure the IP/MAC binding on USG? Since the gateway interface cannot communicate with Voip phone, could you confirm VOIP phone's IP address and MAC address.
Charlie
0 -
Hi FL_AT,
you've probably solved but sip or iax registration failure is a common issue for me especially after a reboot due to a firmware upgrade, everything works except for those registrations, the only things that seems able to solve it's to reboot the device again.
I've always wanted to open a ticket for this issue but it's really hard to reproduce and the fact that a simple reboot is able to solve, makes me believe that this could also be the Zyxel's answer.
Fabio0
Zyxel Employee
Categories
- All Categories
- 184 Beta Program
- 1.7K Nebula
- 90 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 915 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 984 FAQ
- 427 Nebula FAQ
- 255 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 66 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight
