H323 routing question



  • We have 2 offices, Main and Satellite that are connected by 10MB fiber with ethernet hand-off on either side.  The subnet at the  main office is 172.20.1.x/24 and the satellite office is 172.20.2.x/24.  We have established a static route between the offices on the main office router.  It routes anything 172.20.2.x to 172.20.1.7 (the WAN IP of the satellite office router).  The routers we use are pfsense routers.

    We are able to ping back and forth across the two subnets but our phone systems, 2 nortel BCMs, cannot dial extensions on the opposite subnets.  Before we got the 10MB fiber  we had a T1 between the two offices and the phone system worked fine.  When we changed to the fiber the only thing we changed on our network, ip wise, was the ip address of the main office router (it used to be 172.20.1.30 and now it is 172.20.1.5).  The guys that support our phone systems tell us all they need is network connectivity between the 2 BCMs and everything should work. They also say they changed the BCM's gateway to the new ip of our main office router.  They tell us that the BCMs use H323 trunks to talk to each other.

    My questions are 1) is there anything special we have to do for H323 to work through our routers and 2) is there something inherent to our linux based routers that makes h323 communication not work and we need to switch to appliances, like ZyXel or Cisco routers?

    Thanks for any help!



  • It would be helpful to have a better understanding of the problem. For example, when a phone attempts a call is the call attempt visible on the local pfSense gateway? Is it visible on the remote gateway? etc.

    By this means you could isolate the hop at which the problem first occurs.

    I'm not familiar with the phones you are using. Perhaps they have some facilities like ping or traceroute that can be used to debug this sort of connectivity problem.

    By "our linux based routers" do you mean pfSense routers? pfSense is based on FreeBSD. If you describe pfSense as "linux based" it will only confuse others.



  • Thanks for your reply!

    sorry about the mixup - not sure why I thought it was derived from linux… I'm not sure I know how to "see" the call attempts - how would I go about this?  Oh and the phones are just Nortel sets, mostly nortel t7316e's and I dont think they know how to ping, etc.



  • In the web GUI of the local pfSense box, select Diagnostics -> Packet, select the LAN interface and enter as the host address the IP address of the destination system for a VOIP call and enter the destination port number for the H323 call (the people who support your phone system should be able to tell you that). Then attempt the call. You should see something in the capture. If you see only a single packet (no reply) then repeat on the WAN interface to make sure the packet goes through the pfSEnse box. If you see nothing then check the firewall logs to see if the packets is being blocked by the firewall, check the phone to make sure its routing correctly etc.


Log in to reply