Results 1 to 8 of 8

Thread: How to connect through SonicWall VPN

  1. #1

    Default How to connect through SonicWall VPN

    Hello Forum,

    I am trying to get my Cisco 7941 to register with my quadro4x.
    The Phone is on the other side of a VPN tunnel established by 2 SonicWall
    applicances.

    The thing is, if I reboot the local sonicwall, the phone will register properly,
    everything works perfectly. So, I think that there is nothing wrong with
    the phone config or quadro line settings etc.

    After a few hours, though, the phone will fail to (re)register.

    Rebooting the sonicwall will restore service again, for a few hours.

    My config is like so:

    QUADRO------SONICWALL A-----------SONICWALL B---PHONE
    172.30.0.2-----172.30.0.1------vpn------172.31.0.1---------172.31.1.76


    The quadro is not performing any routing or firewall services; this
    is all done by the SonicWall.

    I noticed in the quadro's SIP registration log, that the registration
    address of the user, in this case sip:senthil@172.30.0.2 is translated
    to sip:senthil@199.227.189.243. The latter addesss is the public WAN
    address of SonicWall A (this is a static IP address).

    When the registration works, I see the quadro's LAN address 172.30.0.2
    appears in the logs, in all instances, instead of 199.227.189.243 you see below.

    So, if anyone has any ideas as to why the behaviour would change after a few
    hours, I am a bit stumped.

    It seems that one of the sonicwalls is messing up the SIP PDU by translating the
    address, but I can't figure out what triggers this.

    PdP


    8<----------------------------------------------------------------------------------------------------------------------------------

    QUADRO LOG, FAILED REGISTRATION ATTEMPT:


    11:42:34 Receive SIP message # (09/04/2008 16:42:34:078 GMT) # UDP # 708 bytes # from: 172.31.1.76:49455 # to: 172.30.0.2:5060

    ***************************** SIP message buffer start *****************************
    REGISTER sip:199.227.189.243 SIP/2.0
    Via: SIP/2.0/UDP 172.31.1.76:5060;branch=z9hG4bK5519e2ae
    From: <sip:senthil@199.227.189.243:1477>;tag=001d457de5f c0477944e3293-e251ed04
    To: <sip:senthil@199.227.189.243:1477>
    Call-ID: 001d457d-e5fc0002-1b4688e6-9bcb7a51@172.31.1.76
    Max-Forwards: 70
    Date: Sun, 04 Nov 2007 01:49:24 GMT
    CSeq: 1245 REGISTER
    User-Agent: Cisco-CP7941G/8.3.0
    Contact: <sip:12@172.31.1.76:5060;transport=udp>;+sip.insta nce="<urn:uuid:00000000-0000-0000-0000-001d457de5fc>";+u.sip!model.ccm.cisco.com="115"
    Supported: (null),X-cisco-xsi-6.0.2
    Content-Length: 0
    Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP001D457DE5FC Load=SIP41.8-3-3SR2S Last=phone-keypad"
    Expires: 3600

    8<----------------------------------------------------------------------------------------------------------------------------------

  2. #2

    Default

    You need to tell the quadro about the remote subnet. Go to NAT Exclusions (can't remember where, let me know if you can't find it) and put the remote subnet in there.

    From memory, I could register but not hear any audio until I did this.

  3. #3

    Default

    It is in "Telephony -> NAT Traversal Settings -> NAT Exclusion Table". I have doubts that this will solve your issue, but it's worth to try it anyway. Inform us about results.

  4. #4

    Default

    You need to goto Ip routing configuration > IP staic Routes

    Route to - The remote subnet (The one your pc's are on)
    Via IP Address (This is the gateway to the Private lan, the staic gateway of your DMZ or similar)

    We have ours working on a TZ190

    Hope this helps.

    Thanks,
    Ian

  5. #5

    Default

    Hello forum, thank you for the suggestions, but I tried each to no avail.

    Note that my quadro is not used as a router, and the firewall is disabled.
    I have the WAN port assigned with th 172.30.0.2 address, the LAN port is not used. Could this cause some sort of problem?

    I have tried toggling on/off the sonicWall VOIP settings:
    Enable SIP Transformations, H323 Transformations, and Consistent NAT

    Turning them off does remove the transformations from the registration req. but the behaviour remains the same, the phone will fail to register after the first timeout (30 mins).

    Fwiw, my sonicwalls h/w and f/w is:

    SonicWall A:
    PRO 1260 Enhanced,
    FW SonicOS Enhanced 3.2.3.0-6e

    SonicWall B:
    TZ 170 Standard
    SonicOS Standard 3.1.3.0-6s

    Thanks for looking, any suggestions would be appreciated. If I ever get it to work, I will post.

  6. #6

    Default

    The tips above only work if the phone is connecting to the Quadro on the LAN port. I think you'd need to configure the extension as a remote extension to connect to the WAN side.

    Also your phone isn't on the same subnet as the remote Sonicwall. Why?

  7. #7

    Default

    Hello lansmart, thank you for the info. I will give the remote extension a try.

    However, our local phones don't have any problem registering and functioning through the WAN interface.

    Wrt. the phone + subnet, we are using 172.31.xx.xx/255.255.0.0
    The remote sonicwall LAN IP is 172.31.0.1 (default gw)
    The remote phone is assigned by dhcp, 172.31.1.76

    The thing that mystifies me is that when I reboot the local sonicWall, everything works perfectly, until the phone tries to re-register ( 60 minutes later, not 30 ). Something "happens" in the intervening 60mins.

    Again, thank you all for any suggestions....

    PdP

  8. #8

    Default

    I think that the problem here is the configuration of SonicWall. Also it's strange that the IP-Phone isn't on the same subnet as the Sonicwall.

    When registering IP-Phone from Quadro WAN side, we strongly recommend to configure them as a Remote Extension, otherwise later you might have some problems such as one-way voice, etc. Only phones placed in Quadro LAN side must be configured directly on the IP-Lines.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Quadro ISDN Gateway SIP Proxy / Client - Connect to SoftPBX.
    By armonis in forum 'How Do I' Questions
    Replies: 2
    Last Post: 01-07-2008, 07:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •