Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6842
Views
0
Helpful
4
Replies

VOIP over VPN dropp RTP protocol

dale
Level 1
Level 1

‎10-27-2011 08:38 AM

We are installing a new 2911 ISR in our office and connecting with a Linksys (CISCO) RV016 VPN router.  These are two small doctors offices that need to have computer, and Voip traffic over a VPN.

Currently we connect an older RV082 and the RV016 together and have NO issues with VOIP traffic.  If we establish a connection with the 2911 router then we are having an issue with no voice or RTP traffic coming through.  Phones will connect, and dial out, but no voice can be heard.

The First office is on a Verizon Fios Network with a MTU of 1492. The Network and servers are as follows:

Remote Office                                                                            Main Office

Linksys Spa 942 phones

               |                                                                        

Netgear 10/100 POE Switch

               |                                                                        =================

Linksys (cisco) RV016 VPN                                            |          2911                 |

               |                                                                       |    POE Module Sw     |

Comcast Cable Modem                                                  -------------------------------       

               |                                                                                       |          |

             VPN                                                                                VPN       |

               +=======================================+     Asterisk

                                                                                                              (Call Man)

Basically we have the Internet coming in from Gig0/0 and routing traffic to multiple outside IP addresses so we are using 3 subs in our configuration.

192.168.1.X          192.168.2.X          192.168.3.X               192.168.0.X (Remote Group)

When we connect the old routers (RV016 and RV082) VPN VOIP and Data traffic go fine.   We are using a Term Server on one end, Web Server, and the Asterisk PBX for our VOIP Call Manager.

So far we connect up the 2911 and the RV016 and have no issues with data traffic.  But the VOIP is dead on the remote end.  No sound.  We did a Wireshark on traffic, and we are getting some 407 errors from the Astersick Host, and a unknown RTP version 1 error message.  THe only thing that we had to do on the RV082 router was port forward UDP 506 and 10001 - 20000 for the traffic, and setup a access rule, but nothing else.

We are getting traffic on the 2911, but nothing else.  We have excluded the 192.158.0.X traffic from the NAT so not to get into that issue, and have even tried forwarding ports but nothing seems to help.  Is there a good way to route this traffic?  Our bandwidth is pretty fast so I am not sure if QoS is needed, but if so it is not one of my strong areas.  What is the best way to route this traffic through the VPN without loosing the RTP part of the call.

Labels:
0 Helpful
4 Replies 4

Daniele Giordano
Level 8
Level 8

‎10-31-2011 10:23 AM

I think that the 2911 changes the SDP header of your SIP messages because uses the ALG features. Can you try to disable the ip nat service sip?

If you use 5060 UDP port you must use the command no ip nat service sip udp port 5060.

If It doesn't work add the wireshark trace and the output of debug ccsip messages.

Regards.

0 Helpful

dale
Level 1
Level 1
In response to Daniele Giordano

‎11-04-2011 10:37 AM

I put this line in and still not getting audio on the other end.  I will be doing captures tonight from working and non working phones.  I need to get this resolved.  I have spent 3 weeks on this issue and I have run out of time.  Should I use the DEBUG VOIP SIP command for the capture on the router?  I believe this would be the best resolution to the service to see what is going on.  The phones work with a RV016 and RV082 router in place.  All data traffic works fine in sending and recieving calls.

I have read about all of the articles on Cisco and voip traffic.  We are going to be shutting off the natting on the router to see if I can just get the voip traffic to flow.  Once we get it flowing then I can work on building up the house on a stable foundation.

At this time, we are routing multiple IP addresses throught the 2911 and have IP NAT OUTSIDE on the G0/0 port and IP NAT INSIDE on the G1/0 Interface, which is a POE Switch Module in the 2911.

I know that the cisco router wants to act as a call manager, or terminate the SIP traffic on the 2911, but we have a working Asterisk box that handles all SIP traffic.  If there is a way to just forward the traffic there properly, without the 2911 trying to intercept the traffic, that would be wonderful.  I am looking at the possibility of creating dial-peer groups for all of the phones, but really is this needed?  What is so frustrating about the whole situation is that I put in a 5 year old sub $200 router and everything works.

Dale

0 Helpful

mmitchum143
Level 1
Level 1

‎12-02-2011 06:38 AM

Dale,

Have you had any luck getting this resolved?  I have users with the exact same symptoms (on FiOS) with different equipment and am ready to start bangiing my head against a wall.

Our users have Avaya hardphones behind an ASA 5505 with an IPSEC tunnel.  Call control works fine, but we get no dialtone/audio.  The VoIP traffic is all encapsulated within the IPSEC tunnel, I have tried switching back and forth between true ESP and IPSEC Over TCP with no change.  So the problem is not dependent upon protocol or port -- so it has to be something to do with the size and/or frequency of the packets and I believe it is something unique to the FiOS network.

What's strange is that our users having this issue are:

1)  All are FiOS users

2)  All residing within the same county (Chesterfield, VA) -- does not seem to affect neighboring regions

3)  All will work sometimes and sometimes not, depending on their external IP address range. (we dread power outages)

Anyone had any success with an issue like this or have any advice to try?  I'm currently tweaking MTU values, but not having any luck so far.

Thanks,

Mike

0 Helpful

dale
Level 1
Level 1
In response to mmitchum143

‎12-02-2011 07:44 AM

I did resolve this issue.  Believe it or not it was the Asterisk Box itself and not the Router.   What was throughing us off was the fact that we could install to cheapo routers and everything worked fine.  After installing the 2911 everything went south, basically no audio on the other end.

The whole problem that we were running into was the Asterisk box was CHANGING the SIP header information and sending the call back out to the internet, which was wrong, it should have been routed back to the internal remote subnet.  The whole issue was the person who setup the asterisk box in the SIP.CONF file changed the local subnet from 192.168.0.0 to a 192.168.1.0.  This was causing the asterisk box to reject the remote traffic coming from 192.168.0.0 and only accept the traffic from local 192.168.1.x subnet.

Once we changed the setting, everything worked good.

Dale

In your case, I would check the FIOS network.  Sounds like an issue on thier end.  I would also check the local subnet setting on the asterisk box (Assuming you are using one) and make sure that the local subnet is set correctly.  Do a wireshark capture on the switch and see what the IP address coming off the box is.  If it has changed I bet you have the same issue I had, but if it is something where you are getting it working sometimes, and then others not...it might be with the local fios network.

0 Helpful
Customers Also Viewed These Support Documents