cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1755
Views
0
Helpful
2
Replies
gmerilli99
Beginner

SIP ALG and VPN tunnels rv220w

                   I have two sites using a vpn tunnel on RV220W routers on each end.  I have a SIP ATA switch for VOIP at each site.  I also use SIP trunk to an external provider from each site.  If I enable SIP ALG, SIP traffic through the VPN tunnel fails and the IP trunks to the external provider work perfectly.  If I disable SIP ALG SIP traffic through the VPN tunnel works perfectly but inbound SIP VOIP calls on the IP trunks from the external provider fail.  Since the IP trunks for inbound calls is more important, and SIP traffic for office to office is only used for extension to extension calling, I have enabled SIP ALG.  Is there any way to disable SIP ALG on the VPN tunnel traffic.  Does anyone have a solution to this problem?

2 REPLIES 2
Tom Watts
Advocate

Hi Greg, can you force the SIP traffic to go over the WAN instead of the tunnel? I don't see a way around your scenario, SIP ALG is enabled or disabled. I'm also not sure why the SIP traffic would fail through the tunnel with the ALG enabled since it would be considered a LAN to LAN connection and nothing really to do with NAT.

It almost makes me wonder if there is some weird fragment issue. What happens if you modify the firewall features of the router such as disable block fragment packets or enable multicast passthrough or even disable the firewall all together for testing purpose?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

I set up one to one nat on each system since I have multiple public addresses and I set the system up to use the public addresses.....this seemed to help, I can now call an extension at the other office.  the phone call connects and everything seems OK....however, after 5 seconds the call drops.  during this 5 seconds I can have a conversation with the person on the other end.  Note that in attack prevention I had to disable "block multicast packets".  I tried to disable/enable all of the other options in various combinations.  only "bock multicast packets" had any affect.   With this enabled it did not work.  not enabled it worked per my description above.

You are right that my expectation of the tunnel would be that everything goes through.  I have no problem with any other traffic between the sites using the tunnel.  It almost looks like the SIP ALG is getting the packet prior to the packet getting to the tunnel.

thanks for your reply...any help is apprecaited.