Re: one way audio with SIP trunk through a site-to-site VPN Issue

Abdelrhman Elmenyawe · ‎01-10-2020

I have a problem that calls through VPN connection between two sites with sip trunk are established well (Signaling) but for media (RTP) they sometimes are one-way audio or no audio at all.

There is a VPN connection between two sites by Fortigate. The VPN is working well.

There is call manager CUCM in both sites, one is v12 restricted and another v8.5 Unrestricted. The SIP trunk is working well.

>>I have checked Codecs between two sites and made sure that both were using the same usable codec for both.

>>I have checked routing, all voice subnets in both sites are reachable and can ping to each other.

>>I have FortiGate(firewall) in both sites and made sure that all ports needed were open without any applied policies or changes in the SIP header of the packet.

>>There is no NAT over the VPN connection.

NOTE: This problem also appears when trying to make PSTN calls through voice gateway(ISR 4321) with CUCM v12 in BE6M-M5-K9.

Could anyone help me with any recommendations to solve this headache problem?

Dennis Mink · ‎01-12-2020

Typically this is a routing or firewall issue, not a codec issue.,

you would need to verify from where to where your RTP stream is set up, most likely between your VPN softphone (?) and the IP address of your SIP provider,

explicitly open up your firewall from a test IP address to your sip providers IP. also provide SIP traces (wireshaerk) from a failed call so you can establish between which IP adresses the RTP stream is attempted to be established.

Please remember to rate useful posts, by clicking on the stars below.

Abdelrhman Elmenyawe · ‎01-12-2020

Thank you, Dennis, for replying
but I have also this problem to PSTN calls, one-way audio when I establish a call from inside cluster to PSTN phone, the PSTN phone hear me but I couldn't hear with IP Phone
I will attach Show run of voice gateway, debug voip rtp and debug ccsip mess

Dennis Mink · ‎01-12-2020

Is your phones ip 10.14.20.23and vgw 10.14.20.20?

Please remember to rate useful posts, by clicking on the stars below.

Abdelrhman Elmenyawe · ‎01-12-2020

10.14.20.23 is my Voice Gateway IP address
10.14.20.20 is my call manager IP address

Dennis Mink · ‎01-12-2020

OK thanks understood, so what is the IP address of a phone that is having the issue and can you ping from the 10.14.20.23 to the IP address of that phone and vice versa? and is there a Firewall in that path?

Please remember to rate useful posts, by clicking on the stars below.

Abdelrhman Elmenyawe · ‎01-12-2020

Hi Dennis, I found that the problem in IOS 16.6.4 in ISR 4321 and when I upgraded to 16.9.4
Everything worked well in the voice-gateway.
Now I have only the problem with SIP trunk between two sites that I mentioned before.

Scott Leport · ‎03-27-2020

Hi there,

Given that you raised this in January, I am going to assume this is resolved. However, in case not can you clarify a few things please?

1. What are the IP subnets of the phones between your two affected sites?

2. Is there IP reachability between these two sites?

3. Can you run a test call from either end and check the streaming statistics (make sure the phone you're on has "web access" enabled. That will reveal what the source and destination IP's are set up in the RTP stream

4. As a test can you open up all ports on the Fortigate Firewalls on whatever policies these rules exist on at your sites and run the test again and inform us what your results are please?

Good luck!

Scott