Audio problems on VOIP phones since network split

Hi All,

Firstly, this whole network setup is inherited and has little documentation, coupled with the fact that I'm not familiar with the phone system in question.

Phone system: FreePBX
Handsets: Aastra 9133i

The network used to be a simple single subnet: 192.168.1.* as it occupied a single office location.

They have since moved some of their operation to an new office.  The existing office is still on 192.168.1.* and the new office is on 192.168.2.*  There is an IPsec VPN tunnel between the 2 sites with all traffic allowed over this tunnel.

The phones left at the old office (where the phone system resides) work fine.

The phones at the new office are able to connect to the phone system and get config changes etc no problem.

I can make and receive calls from the phones in the new office, however:

Internal call extension to extension: No audio at all
Outbound call from extension to my mobile: The caller can hear me, but I cannot hear them.
Inbound call from my mobile to their extension:  No audio at all.

The phone system utilises SIP services that point at the Fortigate firewall at the old office.

I suspect this is a firewall or routing issue somewhere but have no idea where to even start with this so any help appreciated.

Thanks,

Steve
stevencUKDirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David SankovskySenior SysAdminCommented:
Hi Steve.

While it might be a networking issue, I doubt it.
If you have a S2S VPN the network 192.168.2.0\24 should be able to access 192.168.1.0\24 without any trouble and as you pointed out, you did enable all services to pass through.

Does the new office use Fortigate as well? if it does, I'd check the SIP Helper configuration on the new Forti and edit it to match the settings on the old one. That should solve your issue.
stevencUKDirectorAuthor Commented:
Hi David,

Thanks for your reply.

The new office is not using a Fortigate. We have a Draytek Vigor 2830 in that office.

One of my concerns is that the phones in the new office are configured to use the local internet connection as their gateway, I.e. the Draytek. I don't know if this is relevant though.

Steve
David SankovskySenior SysAdminCommented:
In that case, You might want to configure a policy based route for all the phone devices that all their communication should be forwarded through the S2SVPN.

I'm afraid I'm not familiar with Draytek products at all, and as such I can't tell you how to properly configure that setting on it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

stevencUKDirectorAuthor Commented:
I'll have to investigate that and see if its a possibility...

Any other thoughts welcome though.

Cheers,

Steve
jorge diazSECommented:
Hi Steve,

Where's the phone server, on the old or new location?

i had a very similar experience but in my case i was using Sonicwall FW and Fonality phone system. After frustrating weeks of troubleshooting and dealing the Sonicwall tech support i ended up swapping the Sonicwall firewall and everything worked just fine. Data communication worked just fine but for whatever reason sip and rdp traffic just did not work properly.

Before swapping the fw i did, as i said the issue was the way the firewall handled sip traffic but may be it can work for you on your Draytek firewall:

created fw objects for each phone and made sure no security rules applied to them (antivirus, ips, etc.)
disabled alg on the fw
enabled qos
stevencUKDirectorAuthor Commented:
Hi Jorge,

The phone system is located in the old office on the 192.168.1.* range.

Unfortunately we cannot get rid of the Fortunate firewall as its a managed device that comes with the internet connection there.  The good thing is, we can hopefully get support from them if it proves to be a Fortunate issue, although I have no way of looking at it just now.

We don't have any firewall rules running on the draytek, just the default.

What I am looking at doing, and it will be a while before I can get to site to do it, is to set each phone on a static IP (the phone system only references the MAC address for some reason) and I can then try creating a route policy to force all traffic from the phone over the site to site VPN.

Hopefully that will kick it back into life.  Failing that I might need to break out wireshark and see what the phone is doing...

Cheers,

Steve
Bryant SchaperCommented:
One way audio is almost always a routing issue.  S2S doesn't matter, I would bet that your phones are not binding to the correct IP.  We have had similar problems with calls over VPN, and we had a route to the router in place, but we were coming in on another sub interface and changed it to match the subnet of the ASA and it fixed our problem.
stevencUKDirectorAuthor Commented:
Thanks for all the pointers so far.  I am closing this question as I am going to be passing the problem to someone else.  I have tried the policy route which unfortunately didn't fix the issue but did make a difference in that it appears to change the direction in which the audio can be heard from.

Cheers,

Steve
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Voice Over IP

From novice to tech pro — start learning today.