USG20W-VPN Not Forwarding RTP From LAN to WAN on Inbound Calls

DeanH
DeanH Posts: 45  Freshman Member
First Anniversary 10 Comments
edited April 2021 in Security
Hello All,

I have a USG20W-VPN running V4.39(ABAR.0) firmware that is not forwarding RTP (audio) from the LAN to the WAN when calls come in to the PBX.

What is occurring is the SIP INVITE comes in and the PBX responds with a 100 Trying and a 180 Ringing as it should.  Then, the PBX begins sending RTP (audio) out to the server that sent the INVITE.  The 200 OK is sent once the customer answers the phone.  The ACK is received from the server and the call is set up.  This outbound RTP from the PBX is not being forwarded from the LAN to the WAN of the ZyXEL.  So, although the call is set up, there is no audio back to the caller, so the caller thinks it is not going through and hangs up.

Per customer reports, they reboot the ZyXEL and inbound calls work for a while, then begin exhibiting this symptom.  They say it takes about 30 minutes before it begins.

What could be causing this issue?  I have checked the rules and all checks out.

I have pulled the diagnostic data, I just need to know where/who to send it to for investigation.

Comments

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited January 2021

    There are some points we need to clarify:
    (1) When the call established, the voice from the caller could be headed by callee? If the call direction reverse, do the SIP and RTP flows work? 
    (2) Could you illustrate the topology consist of USG20W-VPN, PBX, Phone- caller, Phone-callee to me?
    (3) Could you provide startup-config.conf, the sniffer packet of Phone-callee side via private message to me?

  • DeanH
    DeanH Posts: 45  Freshman Member
    First Anniversary 10 Comments
    Hello Zyxel_Jeff,

    Here are the answers to your questions.
    1. No audio could be heard by either side.  Our system sends comfort noise packets until it receives the first audio packet from the other side.  If that never arrives, it never sends actual audio to the site.  In essence the call never fully completes setup from an audio perspective.
    2. Phone caller -> server -> Internet -> USG20W-VPN -> switch -> PBX -> phone callee.
    3. Sure
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    We already received your private message.
    But the topology which you mentioned in the private message is different from previous topology.
    So, we need to clarify some question.
    (1).Which topology is you are implementing now? Topology1. or Topology2. ?
    Topology1. Phone caller -> server -> Internet -> USG20W-VPN -> switch -> PBX -> phone callee
    Topology2. caller phone -> telephone carrier -> our network -> Internet -> customer ISP -> USG20W-VPN -> switch -> callee phone 
    P.S. BTW please note their IP address on private.
    (2).Could you provide startup-config.conf, the sniffer packet of USG20W-VPN and Phone-callee side via private message to me?
    You can sniffer packet on USG20W-VPN Web GUI path: Maintenance > Packet Capture


    Please provide those information to us for further investigation, thanks.

Security Highlight