Voice Traffic Over IPSEC Tunnel



  • Hey all,

    I hope this is in the right area. I'm at my wits end and I don't know what to do so I'm hoping someone has seen or run into this before. I'll try to be specific as possible so this is probably going to be a long post.

    Where I work we have two offices; our main office is in Ohio, and then we have another office in Israel. At our Ohio office we have a Netgate XG-7100-1U router and at the Israel office they have a Check Point 750 Appliance.

    We also have an older Panasonic TDA-100 PBX at our Ohio office and the Israel office has a Panasonic TDA-150 PBX, (I think that's the model number), but basically the same types of PBX.

    We have an IPSEC VPN tunnel set up between my Netgate router and the Checkpoint router so that the two Panasonic PBXs can communicate with each other and carry voice traffic between the two offices and PBXs. This allows us to pick up a phone in Ohio and just dial an extension and talk to whomever in Israel and vice versa.

    But here is the issue we are seeing. If I call an extension number at the Israel office, say ext 212, the call dials and connects for about 5 seconds then drops. Every time. But if you are at the Israel office and dial an extension at our Ohio office, say my extension 401, the call dials and connects and stays connected until you hang up. So as you can see the issue we are seeing only happens in one direction, when you try to call an extension in Israel from the Ohio office.

    Has anyone seen anything like this before? Does anyone know even how to start troubleshooting this? I've gone round and round with the ISP support in Israel for the Check Point router. They don't think there's any issue on their end.

    I don't think there is any issue on my end because I have several remote employees that have small Cisco RV042 routers that have IPSEC tunnels to my Netgate router here in Ohio and Panasonic KX-NT343 desk phones and their voice traffic works fine. We can call them and they can call the Ohio office with no issues.

    I've gone so far as to take our phone system off the Netgate router and put it on one of the Cisco RV042 routers and set up an IPSEC tunnel between the Cisco RV042 router and the Israel Checkpoint router and the issue still existed. So to me I've proven that it isn't my Netgate router causing the issue. But I'm well aware that I could very easily have something misconfigured on my end or something..... Naturally the ISP in Israel thinks the issue is on our end with my configuration...

    And of course since the Check Point router in Israel is a managed router by their ISP, I really have no way to log into it and troubleshoot the issue myself.....

    I don't have any IPS/IDS running etc. The XG-7100-1U is running as a basic firewall/router and it has been working great for us.

    Any thoughts, input, tips, hints etc., would be such a big help right now. I just don't know what else to do.

    Thanks,

    -Jeff


Log in to reply