SonicWALL NSA 2400 VPN Issues with Avaya IP Office 500 units


We are using Site-to-Site VPN connectivity from India to UK using SonicWALL NSA 2400 firewalls.

India Network -
UK Network -

Site-to-Site VPN works fine no issues with network connectivity or accessibility with devices

We are using Avaya IP Office 500 telephone system unit at India site where all India Avaya IP Phones are connected to India Avaya IP Office. Phones get IPs from India Avaya telephone system.

Our Avaya IP Office is configured to pass all calls to UK Avaya IP Office. e.g. our calls goes to UK from India telephone system-->UK Telephone System-->in/out side UK calls.

Daily I get error on my India IP Phones when I am dialing any extension or number in UK e.g. UNOBTAINABLE

To resolve this issue I have to RESET VPN tunnel (Un-tick and Tick again VPN check box on SonicWALL) everyday to start calling to UK.

India site is also connected to other different sites over Site-to-Site VPN terminology where we are only accessing DATA. These tunnels I never had to reset or had any issues with network connectivity.

I would like to know if anyone has come across this type of issue or experts can advice how I can make it permanent so that daily RESETTING VPN goes away.

SonicWALL Firmware Version: SonicOS Enhanced

Thanks for your help in advance.
Who is Participating?
ketanaagjaAuthor Commented:
Finally the issue got resolved.

Anti-Spyware module of the SonicWALL NSA 2400 firewall was blocking VoIP packets on 24 hour interval. (Why every 24 hours SonicWALL support is still to answer)

SonicWALL Support also unchecked prevention of "Low Danger Level Spyware". (As visible in attached screenshot)

When both Avaya IP Unit's IPs have been bypassed from Anti-Spyware module issue got resolved.

amatson78Sr. Security EngineerCommented:
Are you using MAIN Mode or Agressive Mode (Static IPs at both ends or is one side at least dynamic?) Are keep alives enabled on both or either of the VPN sides?

Keep Alive Settings
ketanaagjaAuthor Commented:
I am using Aggressive mode in IKE Phase 1 proposal, however I already had tried all other modes but situation is same in every proposal modes.

I am even using 1 week of life time (604800 seconds) for VPN tunnels but no effect as daily I have to reset tunnels to start calling over VPN.

Keep Alive is enable on one of the firewall. Both ends have Static IPs configured with 20mb dedicated internet line.

I have attached screenshots from both firewalls for your reference.

VPN Advance TAB screenshot
VPN Proposal screenshot
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Blue Street TechLast KnightCommented:
Hi ketanaagja,

Are there any other VPN s2s tunnels running between those two locations? If so are the the ones you are saying which have no problem?

If they are not try changing the MTU, here's how:

Let me know how it goes. Thanks!
Blue Street TechLast KnightCommented:
Any update on this?
ketanaagjaAuthor Commented:

Apologies for later reply as I was out of station due to marriage.

As per instructions I tried setting up MTU size from default 1500 to 1472 and lower but got no success.

While checking MTU response from my Windows XP PC it seems there is more issue with MTU.

Default 1500 MTU size.
I got REQUEST TIMED OUT message on 1470 MTU size (is this normal?) and lower than 1470 also. I am only getting PING response on 512 MTU size which looks strange to me. Below is the screenshot for review.

512 MTU Size Response

Shall I try SonicWALL interface MTU size to 512 or other size? This is where entire confusion is.

MTU Route application shows below status:

MTU Route Information
Blue Street TechLast KnightCommented:
That is strange. Are you connecting to the Internet via PPP?

The MTU of many PPP connections is 576, so if you connect to the Internet via PPP, you might see your machine's MTU to 576 or lower.

Also, try this command:

Open in new window

- that should auto size the correct MTU for you. Tell me what the results are.
ketanaagjaAuthor Commented:

I am using fiber link on SonicWALL through ISP and its dedicated 20mb internet line.

Below is the screenshot of mturoute

mturoute result
Blue Street TechLast KnightCommented:
I'd check with your upstream and make sure there are no issues and call the ISP. But as it stands 540 is your optimum MTU.
ketanaagjaAuthor Commented:

Today I called down to Dell SonicWALL support and tech guy set two rules as per below screenshots:

LAN>VPN and from VPN>LAN

UDP timeout settings
Here they changed UDP timeout settings from 30 seconds to 300 seconds and asked me to monitor tomorrow morning if your voice gets failed or not.

This has been added on both end's SonicWALL firewalls.

I'll be monitoring this one tomorrow if this works or not.
ketanaagjaAuthor Commented:

300 UDP timeout seconds did not work and again I found out losing phone calls on avaya IP units where I had to disable/re-enable VPN tunnels.

Upon contacting SonicWALL support they again asked me to change 300 UDP timeout to 3600 seconds and check tomorrow.
Blue Street TechLast KnightCommented:
These Access Rules should have been setup by default if the VPN was setup properly.

Did you check with your ISP yet?
ketanaagjaAuthor Commented:
Access rules which are created automatically is for entire network not specifically for Avaya IP telephone systems. SonicWALL support guy entered both rules manually specifically having both telephone system IPs and setting up priority to 1.

1472 MTU size is working on ISP side and the same I configured yesterday on firewall but issue was generated today in afternoon where I lost phone calls connectivity.
ketanaagjaAuthor Commented:
Other experts guided the solutions but it did not work out the solution as needed. I engaged core support of firewall and they took 3 weeks to solve out the issue thoroughly by analyzing issue packet by packet. Once issue got resolved I thought to publish the same on experts exchange site so that other users who might face such issue can instantly solve their queries.
Blue Street TechLast KnightCommented:
Glad you got it resolved. As a best practice I log all attacks and only block high and medium attacks for anti-spyware, antivirus & IPS regardless of running VoIP traffic. I wouldn't guessed it to be the culprit in this instance though. Thanks for sharing.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.