Solved

How do I configure my Sonicwall to allow VoIP phones?

Posted on 2011-09-02
18
4,466 Views
Last Modified: 2012-05-12
I have a Sonicwall TZ190 and just purchased IP phones from 8x8.  When I connect the phones to my network, i get a message that says "Not connected".   The folks at 8x8 said that I need to adjust my firewall settings to enable QoS and to disable SPI.  They also provided this link: http://www.8x8.com/Support/BusinessSupport/Documentation/QoSSettings.aspx

I'm a novice when it comes to the sonicwall and am looking for detailed steps as to how to configure my router to play nicely with my IP phones.  If you need any additional information from me, please let me know. Thanks in advance for your help!
0
Comment
Question by:ideamatics
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 13

Expert Comment

by:themrrobert
ID: 36474938
Yes, try this:

go to start->run (or hold WindowsKey + R) to open run dialog

type and run: cmd

once command prompt is up, type: ipconfig

get the "Default Gateway"

type this ip address into firefox/ie

enter the login credentials (if you havent set this up before, try these combos:
admin/password
(blank)/password
(blank)/admin
linksys/admin
admin/linksys

if they don't work, a google search of "(ROUTER MODEL) default login" should help you.

Once in your router, go through all of the tabs looking for the options they mentioned.

Usually under WAN or Advanced settings, these options can sometimes be hidden in random places.

Best of luck!
0
 
LVL 13

Expert Comment

by:themrrobert
ID: 36474957
Here is the manual for your router, it should have some additional help

Try your best, its not exactly easy when I'm not at your computer. If you get any further or need more help, post again here and I will check back

http://static.compusa.com/pdf/sonicwall-TZ190-manual.pdf
0
 

Author Comment

by:ideamatics
ID: 36475327
Hi themrobert - I have access to the firewall and can navigate freely inside the interface.  I checked the document you sent and it has nothing relating to VoIP or QoS.  Looking for step-by-step instructions on how to do this. thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 36475340
Certainly make sure that your phones are getting an IP and gateway. Also, you might consider enabling SIP on your sonicwall. Login to the sonicwall and go to VoIP > Settings. Check the Enable SIP Transformations checkbox.

I read the link in your question and it seems that 8x8 simply wants you to purchase one of their routers. To configure QoS, you'd have to configure a number of things on the sonicwall. Enabling QoS simply says the VoIP traffic for the phones is always guaranteed a specific bandwidth. I don't think that's the problem. I think the phones simply aren't able to find the SIP Proxy (or whatever they are using) on the Internet.

I assume the phones came preconfigured, which might mean they aren't getting an IP locally in order to get a gateway and find their way out to the Internet. Essentially being unable to phone home.
0
 
LVL 13

Expert Comment

by:themrrobert
ID: 36475614
Yes I agree with digitap.

Are you able to tinker with the interface on the phone (if any) to get to the network settings? If you are able to set this to DHCP so that it automatically gets an address, or at least configure it so that it is visible and has access to your network, it should then see the internet, and use the SIP Proxy that 8x8 provides.

At this point it definitely appears to be an issue with the network ip settings, (unless your router/firewall/isp blocks sip traffic or 8x8 which seems unlikely at this point.)
0
 
LVL 33

Expert Comment

by:digitap
ID: 36475654
Rather than retype - this is directly out of the help regarding SIP transformations:

By default, SIP clients use their private IP address in the SIP Session Definition Protocol (SDP) messages that are sent to the SIP proxy. If your SIP proxy is located on the public (WAN) side of the SonicWALL security appliance and SIP clients are on the private (LAN) side behind the firewall, the SDP messages are not translated and the SIP proxy cannot reach the SIP clients.

Selecting Enable SIP Transformations transforms SIP messages between LAN (trusted) and WAN/DMZ (untrusted). You need to check this setting when you want the SonicWALL security appliance to do the SIP transformation. If your SIP proxy is located on the public (WAN) side of the SonicWALL and SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in the SIP/Session Definition Protocol (SDP) messages that are sent to the SIP proxy, hence these messages are not changed and the SIP proxy does not know how to get back to the client behind the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through each SIP message and change the private IP address and assigned port. Enable SIP Transformation also controls and opens up the RTP/RTCP ports that need to be opened for the SIP session calls to happen. NAT translates Layer 3 addresses but not the Layer 7 SIP/SDP addresses, which is why you need to select Enable SIP Transformations to transform the SIP messages.
 
      
Tip: In general, you should check the Enable SIP Transformations box unless there is another NAT traversal solution that requires this feature to be turned off. SIP Transformations works in bi-directional mode, meaning messages are transformed going from LAN to WAN and vice versa.
0
 

Author Comment

by:ideamatics
ID: 36478118
Ok I enabled the SIP transformations in the SonicWall (screenshot attached).  I power cycled my IP phone and it still says "No Service".  Do I need to check any of the other checkboxes on the VoIP Settings page?  Do I need to create a LAN-WAN rule to allow SIP?  
sonicwall.jpg
0
 
LVL 33

Expert Comment

by:digitap
ID: 36478402
can you confirm the phone is getting a proper ip on the network?
0
 
LVL 8

Expert Comment

by:amatson78
ID: 36479194
Transformations are only needed if the provider/PBX is not doing transformations. Outbound traffic is un-restricted. As digitap asked are the phones registering to the provider? If you run a packet capture can you see the registration packets or are they being blocked?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:ideamatics
ID: 36488619
I unhooked my phone and plugged the network cable in my laptop and confirmed that there is an IP and Default Gateway.  Not sure how to run a packat capture.  Any tips?   On my screenshot posted earlier, do i need to check any more of those checkboxes under SIP?
0
 
LVL 33

Expert Comment

by:digitap
ID: 36488759
I'm concerned that all you've done is proven that your network cable is connected to the network and a device can get an IP address. However, how do you know the voip phone gets the proper IP configuration? Does something come up on the display of the phone? Did the vendor say you had to configure them with a static configuration?
0
 

Author Comment

by:ideamatics
ID: 36488815
The vendor did not specify that a static IP is needed.  I'm supposed to see a messaged called "Activate" when the phone is turned on.  Instead, I see a message "Not connected".  My hunch is that either the phone can't communicate with the outside world (WAN) or that the response from the host is blocked by my sonicwall (WAN -> LAN).  I'm fairly certain the sonicwall is the problem, but i'm unsure about the configuration to allow the phone to successfully communicate.  
0
 
LVL 8

Assisted Solution

by:amatson78
amatson78 earned 250 total points
ID: 36489386
Did you run a packet capture to confirm if the packets are being blocked?
0
 
LVL 33

Expert Comment

by:digitap
ID: 36489922
Certainly capturing some packets would be helpful. Knowing the IP the voip phone is using would assist in the packet capture as well. I'm going to stand on the fact that if we can't tell what IP the voip phone is taking, then we can't be certain it's talking with the outside server. You could guess what the IP is by looking at the DHCP leases on your DHCP server. Once you know the IP, then we can be certain it "should" be communicating externally with the server.

With the IP of the voip phone, you can go to System > Packet Capture. Then, configure to capture packets of the IP of the voip phone. I'll leave the details of the packet capture config to amatson78. I have a feeling he's done that more than I have. Once we have some logged information, we can see why the traffic is being blocked.

Again, though, what is the internal IP of the voip phone?
0
 

Author Comment

by:ideamatics
ID: 36492051
When I connected my laptop to the network cable that the phone uses, the ip was 192.168.83.21.   I assume the IP phone would use the same IP number, correct?   I cleared my sonicwall log and then power cycled the IP phone.  Here is a screenshot of the log.  Anything look amiss?
sonicwall.jpg
0
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 36492306
Your laptop won't get the same IP as the IP phone. The DHCP server leases the IP address to a host device for a period of time. When the lease is up, it will query the device asking if it still needs it. If it doesn't, it puts the IP address back in the pool. If it does, then it simply renews the lease.

The only thing strange I see is something on the WLAN (skedouche003) is trying to connect with 192.168.83.1 (sonicwall i assume) and having its connection dropped.

I'm also seeing a broadcast connection dropped from 10.1.104.1, which may be nothing.

I still think you need to confirm your IP phone is getting an IP address from your DHCP server. Is the MAC address printed on the bottom of the phone? If it is, then you can match that up in the set of DHCP leases on your DHCP server.
0
 

Author Comment

by:ideamatics
ID: 36493363
I figured out the problem.  The good folks at 8x8 needed to activate my phone from their end.  Apparently the guy I spoke with initially did not think of this and simply blamed the sonicwall.  ugh.  thanks for all the help with this issue!
0
 
LVL 33

Expert Comment

by:digitap
ID: 36493406
Sure. I'm glad it's working. Always be suspicious when they blame you but don't help you at least walk through and prove that "theory".
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now