How do I route to a second gateway device to send VoIP out of the second device?

Posted on 2012-04-13
Last Modified: 2014-04-16
I have a LAN with 2 VLANs running.  Default is just regular data, VLAN2 is for a call center using softphones on their PCs, VLAN3 is for polycom SIP phones attached to a local Asterisk server (Switchvox).  All this is behind a Sonicwall.

Problem:  Sonicwall is not VoIP friendly and we are getting bad call quality, drops etc.

Proposed solution:  Route VOIP traffic (VLANS 2 and 3) over a second gateway - Edgemark 4550 - so all voip bypasses the Sonicwall.

Details:  Sonicwall is the network's default gateway with two WAN connections, a default pipe and a failover that also carries all the SIP trunks to the carrier.  The Edgemark is currently on a WAN port on the Sonicwall.  The Edgemark is a fail-over internet connection and is carrying the SIP trunking.  Currently the Edgemark is not doing NAT, only passing through to the secondary WAN port on the Sonicwall which is performing all NAT and gateway functions.  The Edgemark is not the primary route to the internet.  I would like to keep it as a failover connection on the Sonicwall but it may not be possible in this architecture to do so and get routing as I want it.  The Asterisk box is on the LAN.  It can be moved outside the firewall if need be but I like it on the LAN if possible.  Network switches are DLINK layer 2+ with static route capability.

Challenge:  I attempted to use static routes in the switches to route VLANs 2 and 3 to use the Edgemark as the gateway instead of the Sonicwall.  I keep getting error "router must be directly connected" when I try to make the route.  I have the Sonicwall LAN port with VLAN subinterfaces connected directly to a trunk port on the switch so not sure why I am getting the error.  The other challenge is that the Edgemark must have a connection to the LAN for data to travel out of it as a secondary gateway, bypassing the default Sonicwall gateway, but the Edgemark must also connect to the Sonicwall as a secondary WAN to allow the WAN failover function.  I think it may be a problem to have the Edgewater connected to both  inside and outside ports of the Sonicwall.  Why the error when creating the route?  Where is the best place to put the Asterisk server?  How do I arrange the Edgemark and Sonicwall to get what we are looking to do?

My brain is toast on this one.
Question by:tiffinIT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 22

Accepted Solution

Matt V earned 500 total points
ID: 37844923
If VLAN2 and VLAN3 are going to route out the second gateway, then make that their default gateway.  They should never need to talk to the SonicWall.

Not sure how this is done on the SonicWall, but with a Cisco router, you could setup a route map to say that all traffic coming in from the VLANs needs to go back out to the second gateway, if you have to route through the SonicWall first.

Expert Comment

ID: 37846423
The way I've typically set this up is as follows

First, the edgemark will provide an external wan connection to your firewall

Second, the edgemark will connect to your switch to a port tagged for voip traffic (let's say tag id 2) - If the edgemark does not tag the traffic, the port on the switch should auto-tag it so that the phones can see it

Typically, if you have your VLANs setup properly and the phones will get an address from the edgemark using DHCP, then use TFTP and get their config info from the edgemark ... It should never see or talk to the SonicWall ... the phones should be tagged to 2, the port to the edgemark should be untagged to 2, and the port should tag all untagged traffic coming from the edgemark to 2 so the phones could see it

Now, as far as QoS goes, depending upon your implementation, you may have no way of doing inbound QoS unless you are using a circuit from your VoIP provider that can handle QoS outside of your facility. for example, if you have DSL, there really is no way to do inbound QoS ...

Good luck

Author Comment

ID: 37849452
Good suggestions, the caveat to the suggestions is that the computers on VLAN3 need to talk to servers and computers on the regular LAN.  I believe that requires them to talk to the Sonicwall and have it as their default gateway.  I should have mentioned originally. Also, remember that I do not want any VOIP traffic getting inspected by Sonicwall as this is where the whole problem lies that's prompting the routing out a second gateway instead.
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.


Expert Comment

ID: 37849593
All you have to do is have the VOIP phones on a separate VLAN (which is shared by the edgemark I guess that is giving DHCP addresses) - The phones will generally get a TFTP file for their config and be on a separate logical network than the rest of the computers on the network.

What am I missing?

Author Comment

ID: 37849802
There are computers running softphones on the one of the VLANs.  The computers that run those softphones need to communicate to servers and printers on the regular LAN.  I want the SIP traffic of the softphones to bypass the Sonicwall.

Expert Comment

ID: 37849807
Is the edgemark on the same subnet as the sonicwall?

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Juniper SRX 210H Throwing Error umass0: BBB reset failed, IOERROR 4 52
Clarification about access via WAN 6 45
switch design question 6 47
Router Question 12 75
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question