Cisco + GRE + pfsense + sipxecs



  • Hi,

    I have a couple of polycom soundpoint 650 inside my 2 networks which are both behind pfsense.

    My network looks like this:

    SITE A SIPX –> PFSENSE --> CISCO -->  |||| VIA GRE TUNNEL  |||| <-- CISCO <-- PFSENSE <-- SIPX SITEB

    I use Cisco IPSEC GRE Tunnel for this purpose.

    I set the pfsense to Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))

    My NAT rules:
    WAN     172.16.3.0/24   *   *   *   *   *   YES    (VLAN SUBNET)
    WAN    172.16.1.0/24  *  *  *  *  *  YES    (PFSENSE/CISCO SUBNET)

    Create 3 firewall rules in pfSense (FOR WAN/VLAN):

    * Action: Pass
       * Interface: WAN
       * Protocol: UDP
       * Source: any
       * Destination: WAN address
       * Destination port range: 5080

    * Action: Pass
       * Interface: WAN
       * Protocol: TCP/UDP
       * Source: any
       * Destination: WAN address
       * Destination port range: 5060

    * Action: Pass
       * Interface: WAN
       * Protocol: TCP/UDP
       * Source: any
       * Destination: WAN address
       * Destination port range: 30000 – 31000

    I can connect via IPSEC GRE Tunnel and can route on each sites. I can ring the phones but if you pickup you can't hear voice from the user.

    My questions are:
    1. Could this be a firewall problem? Any other ports to open in order to establish the voice?
    2. Is it required to pass gre protocol even if I have GRE tunnel established?
    3. I can establish a call using xlite on each site but not on a hard phone.

    I also made an ACL in cisco to open 5060(UDP/TCP) but it's no use.

    I will greatly appreciate any inputs here.

    Thank you in advance.


Locked