I have two sites using a vpn tunnel on RV220W routers on each end. I have a SIP ATA switch for VOIP at each site. I also use SIP trunk to an external provider from each site. If I enable SIP ALG, SIP traffic through the VPN tunnel fails and the IP trunks to the external provider work perfectly. If I disable SIP ALG SIP traffic through the VPN tunnel works perfectly but inbound SIP VOIP calls on the IP trunks from the external provider fail. Since the IP trunks for inbound calls is more important, and SIP traffic for office to office is only used for extension to extension calling, I have enabled SIP ALG. Is there any way to disable SIP ALG on the VPN tunnel traffic. Does anyone have a solution to this problem?
Hi Greg, can you force the SIP traffic to go over the WAN instead of the tunnel? I don't see a way around your scenario, SIP ALG is enabled or disabled. I'm also not sure why the SIP traffic would fail through the tunnel with the ALG enabled since it would be considered a LAN to LAN connection and nothing really to do with NAT.
It almost makes me wonder if there is some weird fragment issue. What happens if you modify the firewall features of the router such as disable block fragment packets or enable multicast passthrough or even disable the firewall all together for testing purpose?
-Tom Please mark answered for helpful posts
Please mark answered for helpful posts
I set up one to one nat on each system since I have multiple public addresses and I set the system up to use the public addresses.....this seemed to help, I can now call an extension at the other office. the phone call connects and everything seems OK....however, after 5 seconds the call drops. during this 5 seconds I can have a conversation with the person on the other end. Note that in attack prevention I had to disable "block multicast packets". I tried to disable/enable all of the other options in various combinations. only "bock multicast packets" had any affect. With this enabled it did not work. not enabled it worked per my description above.
You are right that my expectation of the tunnel would be that everything goes through. I have no problem with any other traffic between the sites using the tunnel. It almost looks like the SIP ALG is getting the packet prior to the packet getting to the tunnel.