inTheKnowSea
asked on
VOIP Packet loss over Sonicwall VPN
I am having some issues with some phones and was hoping someone could hopefully point me in the right direction. I am not a phone guy by any means, so excuse any mistakes or anything that is unclear. Our past set up was as follows
Site A - Sonicwall NSA 250 M with Avaya IP Office 8.1
Site B - Sonicwall TZ 205 with 20x Avaya 9608 phones
The sites are connected via a Site to Site VPN.
A week or so ago, we swapped out Firewalls. We moved Site A's to Site B, and put a Sonicwall NSA 2600 at Site B. We did a simple export/import of configs. Even though they were different Firewall models, Sonicwall documentation said it was supported, and we haven't had any issues. Except one.
Our phones seem to experience call dropping and quality issues. We get 10x dropped calls a day, and inside IP Office I can see Quality of Service Alarms going off like crazy.
I have set up QoS and BWM on both sides of the Firewalls, I don't believe bandwidth is the issue. It's ONLY my remote phones at Site B, which are all H.323 phones. But if someone from Site A calls Site B, there is a chance it will drop as well. Site A can call Site A all day, or externally, no issues. I played around with H323 transformations on the Sonicwall, and that actually seemed to fix the issue, but after enabling it my phones would deregister themselves after a few hours, and would not re-register.
I have set up wireshark on both ends, nothing out of the ordinary, no increase of traffic when issues comes up.
Our codec was set to 8kb previously, I changed it to a 64kb codex, and no change. I would think I would see 1/8th packet loss atleast, but I still get anywhere from 30-80%.
I've attached a picture of my QoS alarms. My phone system is .40.
I have gone over both Sonicwalls, switches, anything related over and over and I can't find out what the issue is. The rest of the network is fine. I can send data over that VPN just fine 24/7, no latency or packet loss.
Any help would be appreciated.
phones.PNG
Site A - Sonicwall NSA 250 M with Avaya IP Office 8.1
Site B - Sonicwall TZ 205 with 20x Avaya 9608 phones
The sites are connected via a Site to Site VPN.
A week or so ago, we swapped out Firewalls. We moved Site A's to Site B, and put a Sonicwall NSA 2600 at Site B. We did a simple export/import of configs. Even though they were different Firewall models, Sonicwall documentation said it was supported, and we haven't had any issues. Except one.
Our phones seem to experience call dropping and quality issues. We get 10x dropped calls a day, and inside IP Office I can see Quality of Service Alarms going off like crazy.
I have set up QoS and BWM on both sides of the Firewalls, I don't believe bandwidth is the issue. It's ONLY my remote phones at Site B, which are all H.323 phones. But if someone from Site A calls Site B, there is a chance it will drop as well. Site A can call Site A all day, or externally, no issues. I played around with H323 transformations on the Sonicwall, and that actually seemed to fix the issue, but after enabling it my phones would deregister themselves after a few hours, and would not re-register.
I have set up wireshark on both ends, nothing out of the ordinary, no increase of traffic when issues comes up.
Our codec was set to 8kb previously, I changed it to a 64kb codex, and no change. I would think I would see 1/8th packet loss atleast, but I still get anywhere from 30-80%.
I've attached a picture of my QoS alarms. My phone system is .40.
I have gone over both Sonicwalls, switches, anything related over and over and I can't find out what the issue is. The rest of the network is fine. I can send data over that VPN just fine 24/7, no latency or packet loss.
Any help would be appreciated.
phones.PNG
ASKER
Yea I have actually loaded up the original Firewall and cross checked all settings, all are mirrored that I can tell.
The S2S definitely transferred, if that didn't work we would be dead in the water.
The S2S definitely transferred, if that didn't work we would be dead in the water.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah ok I hear you. Settings are identical as far as I can tell.
I've done the packet trace, nothing out of the ordinary.
I'll run another one and post the results here when an issue pops up, maybe you can see something I am missing.
I've done the packet trace, nothing out of the ordinary.
I'll run another one and post the results here when an issue pops up, maybe you can see something I am missing.
Packet Capture within the SonicWALL will show every packet and its result so if you are having packet loss it will show you the reason why.
ASKER
So I don't know how I missed it before, I may of just gotten confused after the hours of looking at packets.
But what I saw today was UDP Traffic being blocked from the phones from the Site A's Sonicwall, reason being UDP flood protection.
I have disabled UDP Flood Protection, and will see if that resolves the issues. If I don't see any problems by COB today I will be quite happy.
I will let you know how it goes, thank you.
But what I saw today was UDP Traffic being blocked from the phones from the Site A's Sonicwall, reason being UDP flood protection.
I have disabled UDP Flood Protection, and will see if that resolves the issues. If I don't see any problems by COB today I will be quite happy.
I will let you know how it goes, thank you.
You have to make sure to setup qos to prioritize VoIP traffic, you should also exempt/exclude VoIP traffic from ALG/dpi
The qos within the VPN to reserve VOIP class traffic ......
The qos within the VPN to reserve VOIP class traffic ......
See if the following helps even if it is not your provider.
http://www.voiply.biz/voip/43-how-to-use-sonicwall-with-voip.html
Check your VoIP provider site for similar suggestions, recommendations.
http://www.voiply.biz/voip/43-how-to-use-sonicwall-with-voip.html
Check your VoIP provider site for similar suggestions, recommendations.
ASKER
QoS was my first thought, and got that handled so it wasn't that,
The issue ended up being UDP Flood Protection. Don't know how I missed it, but the packet monitor on the Sonicwall lead me to the issue.
The issue ended up being UDP Flood Protection. Don't know how I missed it, but the packet monitor on the Sonicwall lead me to the issue.
ASKER
Looking at the packet monitor, only packets being dropped were because of UDP Flood Proection. Disabling it resolved all phone issues.
Glad I could help...thanks for the points!
Although the config transfer is supported its a better practice to configure the security appliances from scratch.
Do you have the original VPN config annotated? I believe the settings transfer doesn't support S2S VPNs.