cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
904
Views
0
Helpful
2
Replies
Highlighted
Beginner

SIP Phone registration over site to site vpn with fortigate

Hi,

I am in trouble since last week and could not get the proper solution. We have PRI ISDN line 10 channels and 100 lines and integrated voice router 3825. This scenario working well for years and  now my company opened a new branch office and they want to use the same telephones. I used fortigate firewall on both ends for site to site connectivity with no nat.

Everything is fine and both network ping each other perfectly but phones are not registering. I tested SIP profile on xlite and is working perfectly. I decided to make all sip extensions on remote site. But here another problem start on remote site; soft phone is registering and working fine but sip phone are not working properly. Phones are connecting and disconnecting and one way sound

 

i have following scenario

 

cisco.jpg

 

configuration ; i cannot ping data to voice


version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname CME
!
boot-start-marker
boot system flash:c3825-ipvoicek9-mz.151-4.M9.bin
warm-reboot
boot-end-marker
!
!
card type e1 0 0
logging buffered 1000000
no logging console
no logging monitor
!
no aaa new-model
clock timezone 4 4 0
network-clock-participate wic 0

dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 192.168.5.1 192.168.5.10
ip dhcp pool safe_line
network 192.168.5.0 255.255.255.0
option 150 ip 192.168.5.2
default-router 192.168.2.1
!
!
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
isdn switch-type primary-net5
voice-card 0
dsp services dspfarm
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
sip
registrar server
localhost dns:192.168.2.2
!
!
voice register global
mode cme
source-address 192.168.2.2 port 5060
no outbound-proxy
max-dn 20
max-pool 20
authenticate register
dialplan-pattern 1 04371.... extension-length 4
voicemail 1111
tftp-path flash:

file text
create profile sync 0003446981604596
ntp-server 10.0.1.1 mode unicast
!
voice register session-server 1
!
voice register dn 1
session-server 1
number 4427
allow watch
name 4427
label 4427
!
voice register dn 2
session-server 1
number 4462
allow watch
name 4462
label 4462
!
voice register dn 3
session-server 1
number 4461
allow watch
name 4461
label 4461
!
voice register pool 1
session-server 1
session-transport tcp
number 1 dn 1
cor incoming SuperUser default
cor outgoing SuperUser default
dtmf-relay sip-notify
username 4427 password 1234
codec g711ulaw
!
voice register pool 2
session-server 1
session-transport tcp
number 1 dn 2
cor incoming SuperUser default
cor outgoing SuperUser default
dtmf-relay sip-notify
username 4462 password 1234
codec g711ulaw
!
voice register pool 3
session-server 1
session-transport tcp
number 1 dn 3
cor incoming SuperUser default
cor outgoing SuperUser default
dtmf-relay sip-notify
username 4461 password 1234
codec g711ulaw
!
!
!
voice translation-rule 1
rule 1 /^9/ //
!
voice translation-rule 2
rule 2 /^4/ /44/
!
voice translation-rule 3
rule 1 /^444$/ /801/

voice translation-profile OPERATOR
translate called 3
!
voice translation-profile incoming
translate called 2
!
voice translation-profile outgoing
translate called 1
!
!
crypto pki token default removal timeout 0

archive
log config
hidekeys

!
!
controller E1 0/0/0
framing NO-CRC4
pri-group timeslots 1-10,16

controller E1 0/0/1

interface Service-Engine0/1
ip unnumbered GigabitEthernet0/1.1
service-module ip address 192.168.2.10 255.255.255.0
service-module ip default-gateway 192.168.2.2
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 192.168.2.2 255.255.255.0
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 192.168.5.2 255.255.255.0
h323-gateway voip bind srcaddr 192.168.5.2
!
interface Serial0/0/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn incoming-voice voice
no cdp enable
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:/gui
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip route 192.168.2.10 255.255.255.255 Service-Engine0/1
!
!
!
tftp-server flash:Analog1.raw
tftp-server flash:Analog2.raw
tftp-server flash:AreYouThere.raw
tftp-server flash:AreYouTheref.raw
tftp-server flash:Bass.raw
tftp-server flash:CallBack.raw
tftp-server flash:Classic1.raw
tftp-server flash:Classic2.raw
tftp-server flash:ClockShop.raw
tftp-server flash:Drums1.raw
tftp-server flash:Drums2.raw
tftp-server flash:FilmScore.raw
tftp-server flash:HarpSynth.raw
tftp-server flash:Jamaica.raw
tftp-server flash:KotoEffect.raw
tftp-server flash:MusicBox.raw
tftp-server flash:RingList.xml
tftp-server flash:DistinctiveRingList.xml
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Pop.raw
tftp-server flash:Pulse1.raw
tftp-server flash:Ring1.raw
tftp-server flash:Ring2.raw
tftp-server flash:Ring3.raw
tftp-server flash:Ring4.raw
tftp-server flash:Ring5.raw
tftp-server flash:Ring6.raw
tftp-server flash:Ring7.raw
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw
tftp-server flash:Chime.raw
tftp-server flash:Vibe.raw
tftp-server flash:apps75.8-3-2-27.sbn
tftp-server flash:cnu75.8-3-2-27.sbn
tftp-server flash:cvm75sccp.8-3-2-27.sbn
tftp-server flash:dsp75.8-3-2-27.sbn
tftp-server flash:jar75sccp.8-3-2-27.sbn
tftp-server flash:SCCP75.8-3-3S.loads
tftp-server flash:term75.default.loads
tftp-server flash:apps41.8-3-2-27.sbn
tftp-server flash:cnu41.8-3-2-27.sbn
tftp-server flash:cvm41sccp.8-3-2-27.sbn
tftp-server flash:dsp41.8-3-2-27.sbn
tftp-server flash:jar41sccp.8-3-2-27.sbn
tftp-server flash:SCCP41.8-3-3S.loads
tftp-server flash:term41.default.loads
tftp-server flash:term61.default.loads
tftp-server flash:music-on-hold.au
tftp-server flash:S00105000300.sbn
tftp-server flash:ATA030100SCCP040211A.zup
tftp-server 192.168.5.2
tftp-server flash:cnu42.9-4-2ES9.sbn
tftp-server flash:cvm42sccp.9-4-2ES9.sbn
tftp-server flash:dsp42.9-4-2ES9.sbn
tftp-server flash:jar42sccp.9-4-2ES9.sbn
tftp-server flash:SCCP42.9-4-2SR1-1S.loads
tftp-server flash:term42.default.loads
tftp-server flash:SIP41.9-2-1S.loads
!
control-plane
!
!
voice-port 0/0/0:15
!
!
!
mgcp profile default
!
sccp ccm 192.168.5.2 identifier 1 version 3.1
!
sccp ccm group 1
associate ccm 1 priority 1
keepalive retries 5
!
dial-peer cor custom
name local-call
name national-call
name international-call
name emergency-call
!
!
dial-peer cor list LocalUser
member local-call
member emergency-call
!
dial-peer cor list NationalUser
member local-call
member national-call
member emergency-call
!
dial-peer cor list callemergency
member emergency-call
!
dial-peer cor list callLocal
member local-call
!
dial-peer cor list callnational
member national-call
!
dial-peer cor list callinternational
member international-call
!
dial-peer cor list SuperUser
member local-call
member national-call
member international-call
member emergency-call
!
!
dial-peer voice 11 voip
mailbox-selection orig-called-num
preference 7
!
dial-peer voice 9000 voip
!
dial-peer voice 801 voip
destination-pattern 801
session protocol sipv2
session target ipv4:192.168.2.10
dtmf-relay sip-notify
codec g711ulaw
no vad

dial-peer voice 101 voip
description ******* A A *********
destination-pattern 778
session protocol sipv2
session target ipv4:192.168.2.10
codec g711ulaw
no vad
!
dial-peer voice 401 pots
translation-profile incoming incoming
incoming called-number 4..
direct-inward-dial
!
dial-peer voice 124 pots
corlist outgoing callnational
description ** National Calls Only (within UAE) **
translation-profile outgoing outgoing
destination-pattern 90[1-9][0-8]T
port 0/0/0:15
!
dial-peer voice 123 pots
corlist outgoing callLocal
description ** Local Calls Only **
translation-profile outgoing outgoing
destination-pattern 9[1-8]T
port 0/0/0:15
!
dial-peer data 1 pots
paramspace callsetup after-hours-exempt FALSE
fax rate disable
no digit-strip
no register e164
preemption level flash-override
!
dial-peer voice 125 pots
corlist outgoing callinternational
description ** inter National Calls ) **
translation-profile outgoing outgoing
destination-pattern 900[1-9][0-8]T
port 0/0/0:15
!
dial-peer voice 1111 voip
description ******* FOR VOICEMAIL *********
destination-pattern 1111
session protocol sipv2
session target ipv4:192.168.2.10
dtmf-relay sip-notify
codec g711ulaw
no vad
!
!
sip-ua
!
!
telephony-service
authentication credential cisco cisco123
em logout 0:0 0:0 0:0
max-ephones 50
max-dn 50
ip source-address 192.168.5.2 port 2000
service phone spanToPCPort 0
timeouts interdigit 3
system message Safe Line Group
url services http://192.168.2.10/voiceview/common/login.do
url authentication http://192.168.5.2/CCMCIP/authenticate.asp
cnf-file location flash:
cnf-file perphone
load 7914 S00105000300
load 7941 SCCP41.8-3-3S
load 7942 SCCP42.9-4-2SR1-1S
load 7975 SCCP75.8-3-3S
load ata ATA030100SCCP040211A
time-zone 35
date-format dd-mm-yy
voicemail 1111
max-conferences 12 gain -6
moh flash:music-on-hold.au
multicast moh 239.10.16.16 port 2000
web admin system name shahzad secret 5 $1$kCVU$9TPPcFYpJS9dHCHIRl98C.
dn-webedit
time-webedit
transfer-system full-consult
secondary-dialtone 9
directory entry 1 9101 name Etisalat
directory entry 2 9999 name Ambulance
directory entry 3 9997 name Police
fac custom callfwd cancel #21#
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-template 1
softkeys idle Newcall Redial Dnd Pickup Gpickup
!
!
ephone-template 11
softkeys connected Endcall Trnsfer Hold Acct Confrn Park
!
!
ephone-dn 1 dual-line
number 043714401 secondary 4401
label 4401
name 4401
call-forward busy 1111
call-forward noan 4400 timeout 20
corlist incoming NationalUser
!
!
ephone-dn 2
number 043714406 secondary 4406
label 4406
name GENERAL
hold-alert 30 originator
!
!
ephone-dn 3 dual-line
number 043714403 secondary 4403
label 4403
name 4403
call-forward busy 1111
call-forward noan 1111 timeout 18
corlist incoming NationalUser
!
!
ephone-dn 4 dual-line
number 043714404 secondary 4404
label 4404
name 4405
call-forward busy 1111
call-forward noan 1111 timeout 20
corlist incoming NationalUser
!
!
ephone-dn 5 dual-line
number 043714405 secondary 4405
label 3714405
name ASIM
mobility
snr 1144935 delay 5 timeout 60 cfwd-noan 4405
call-forward busy 1111
call-forward noan 1111 timeout 18
!
!
ephone-dn 7
number 043714407 secondary 4407
label 4407
name 4407
call-forward busy 1111
call-forward noan 1111 timeout 30
hold-alert 30 originator
!
!
ephone-dn 8 dual-line
number 043714408 secondary 4408
label 4408
name 4408
corlist incoming LocalUser
!
!
ephone-dn 9 dual-line
number 043714409 secondary 4409
label EMAF
name EMAF
call-forward noan 1111 timeout 20
corlist incoming LocalUser
!
!
ephone-dn 10 dual-line
number 043714410 secondary 4410
label 4410
name 4410
corlist incoming LocalUser
!
!
!
ephone-dn 12 dual-line
number 043714412 secondary 4412
label AZIZ
name AZIZ
corlist incoming LocalUser
!
!
ephone-dn 13 dual-line
number 043714413 secondary 4413
label 4413
name 4413
corlist incoming LocalUser
!
!
ephone-dn 14 dual-line
number 043714414 secondary 4414
label RAJ
name RAJ
corlist incoming LocalUser
!
!
ephone-dn 15 dual-line
number 043714415 secondary 4415
label Abid
name Abid
corlist incoming LocalUser

!
ephone-dn 16 dual-line
number 043714416 secondary 4416
label Rais
name Rais
corlist incoming LocalUser
corlist outgoing callLocal
!
!
ephone-dn 17
number 3714425 secondary 4425
label LCL
name LCL
corlist incoming LocalUser
corlist outgoing callLocal
!
!
ephone-dn 19 dual-line
number 043714419 secondary 4419
label ABOUD
name ABOUD
corlist incoming LocalUser

!
ephone-dn 20 dual-line
number 043714417 secondary 4417
label ABRAR
name ABRAR
corlist incoming LocalUser
!
!
ephone-dn 21
number 043714402 secondary 4402
label 4402
name 4402
call-forward noan 1111 timeout 20
corlist incoming NationalUser
hold-alert 30 originator
!
!
ephone-dn 22 dual-line
number 043714426 secondary 4426
label 4426
name Receiving
call-forward all 4427
call-forward busy 4431
call-forward noan 1111 timeout 20
corlist incoming LocalUser
!
!
ephone-dn 23 dual-line
number 043714427 secondary 4427
label Loading
name Loading
call-forward busy 4426
call-forward noan 4426 timeout 10
corlist incoming LocalUser

ephone-dn 29 dual-line
call-waiting ring
number 043714444 secondary 043714444
label 3714444
name Operator
call-forward all 043714427
call-forward busy 001
call-forward noan 043714427 timeout 12
corlist incoming callnational
!
!
ephone-dn 46 dual-line
number 3714420 secondary 4420
label AHMED
name AHMED
call-forward busy 008

ephone 1
mac-address 0024.0000.0000

type 7975
button 1:1
!
!
!
ephone 3
mac-address 0024.0000.0000
type 7975 addon 1 7914
button 1:3
!
!
!
ephone 4
mac-address 0024.0000.0000
type 7975 addon 1 7914
button 1:4
!
!
!
ephone 5
video
mac-address 0024.0000.0000
after-hours exempt
type 7941GE
button 1:5
!
!
!
ephone 6
mac-address 0024.0000.0000
button 1:2
!
!
!
ephone 7
mac-address 0024.0000.0000
button 1:7
!
!
!
ephone 8
mac-address 0024.0000.0000

type 7941GE
button 1:8
!
!
!
ephone 9
mac-address 0024.14B3.5EB4
type 7941GE
button 1:14
!
!
!
ephone 10
mac-address 0024.9735.7B1F
username "asim"
type 7941GE
button 1:10
!
!
!
ephone 11
mac-address 0024.9735.7F12
!

!
ephone 12
mac-address 0024.9735.7F92
button 1:44
!
!
!
ephone 44
mac-address 0024.0000.0000
codec g729r8
type 7941
button 1:12

line con 0
line aux 0
line 258
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
login
transport input all
!
scheduler allocate 20000 1000

 

Please someone help find the solution for this.

2 REPLIES 2
Highlighted
VIP Mentor

Re: SIP Phone registration over site to site vpn with fortigate

what kind of IP Phones and models ? What you see the logs ? what kind of Codec it was setup ?

 

here is fortigate recomendations :

 

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36405

https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-voip-guide-52/SIP.htm

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: SIP Phone registration over site to site vpn with fortigate

Hi
I am using third party phones with g711ullaw codec. If i connect soft phone with same configuration it works fine. i disable sip session helper and default-voip-alg-mode is kernel-helper-based. i am not much familiar with cisco so unable to understand log
Thanks BB