Showing results for 
Search instead for 
Did you mean: 

ISA550 Voice VLAN cannot connect to WAN?


I just bought ISA550 and used the configuration wizatrd to set it up, mostly with defaults.

I mapped GE2 to VOICE VLAN/Zone, and although the SPA122 I connected to this port now gets an IP adress (,it fails to register with SIP provider.

I have LB WAN set up (bandwidth), WAN1(GE1) Primary, WAN2(GE7) secondary, but not conecting WAN2 yet until I have configuration working.

I set ALG on for SIP (and tried it 'off') but nothing seems to work.

I also checked Firewall settings and added rule to 'permit' WAN to VOICE. There was only the other direction by default.

I have also not yet updated firmware, as I have only just elevated my access to allow encrypted downloads, biut will try that later this evening, out of hours.

Otherwise, any other suggestions gratefully received.




I have now been able to get most of this working, but had to connect SPA122 to DEFAULT VLAN (GE3).

Added traffic selectors for this and some high priority (Q2) devices. Added QoS rules for these but if I added these to the default WAN_POLICY only those explicitly mentioned could access the WAN.

I then created a a new WAN POLICY without the default QoS rules, just the new ones, and this works!

However, I need to prioritise incoming traffic but only Q1 seems to be available for incoming, so currently only SPA122 has a rule (to mark Cos). Everything else is a free for all.

I have three devices I need to give Q2 on incoming traffic, so is there a way to do this, or is the traffic precedence 'inherited' from outgoing rules?

The documentation, both shipped CD and ESD, is not very clear on this. In fact, there are places where it is just plain wrong.

Otherwise, all seems to be going well. It is handling marginal circuits and LB better than my old router.

One last point. I need to report on WAN availability. I am remote logging to a Linux system to analyse syslog, but cannot find definitive log entries to determine WAN State (DNS LInk detection). Only physical port availability is shown explicitly (Line status - which also correctly triggers email alerts). I can see nothing similar for WAN State.

I use Splunk to analyse the logs, so could use fairly complex search pattern, if necessary.