Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2390
Views
0
Helpful
2
Replies

SIP ALG and VPN tunnels rv220w

gmerilli99
Level 1
Level 1

‎07-11-2013 08:12 AM

                   I have two sites using a vpn tunnel on RV220W routers on each end.  I have a SIP ATA switch for VOIP at each site.  I also use SIP trunk to an external provider from each site.  If I enable SIP ALG, SIP traffic through the VPN tunnel fails and the IP trunks to the external provider work perfectly.  If I disable SIP ALG SIP traffic through the VPN tunnel works perfectly but inbound SIP VOIP calls on the IP trunks from the external provider fail.  Since the IP trunks for inbound calls is more important, and SIP traffic for office to office is only used for extension to extension calling, I have enabled SIP ALG.  Is there any way to disable SIP ALG on the VPN tunnel traffic.  Does anyone have a solution to this problem?

Labels:
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎07-15-2013 05:56 PM

Hi Greg, can you force the SIP traffic to go over the WAN instead of the tunnel? I don't see a way around your scenario, SIP ALG is enabled or disabled. I'm also not sure why the SIP traffic would fail through the tunnel with the ALG enabled since it would be considered a LAN to LAN connection and nothing really to do with NAT.

It almost makes me wonder if there is some weird fragment issue. What happens if you modify the firewall features of the router such as disable block fragment packets or enable multicast passthrough or even disable the firewall all together for testing purpose?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

gmerilli99
Level 1
Level 1
In response to Tom Watts

‎07-16-2013 08:02 AM

I set up one to one nat on each system since I have multiple public addresses and I set the system up to use the public addresses.....this seemed to help, I can now call an extension at the other office.  the phone call connects and everything seems OK....however, after 5 seconds the call drops.  during this 5 seconds I can have a conversation with the person on the other end.  Note that in attack prevention I had to disable "block multicast packets".  I tried to disable/enable all of the other options in various combinations.  only "bock multicast packets" had any affect.   With this enabled it did not work.  not enabled it worked per my description above.

You are right that my expectation of the tunnel would be that everything goes through.  I have no problem with any other traffic between the sites using the tunnel.  It almost looks like the SIP ALG is getting the packet prior to the packet getting to the tunnel.

thanks for your reply...any help is apprecaited.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents