Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Phones over VPN

Status
Not open for further replies.
celledge

celledge

IS-IT--Management
Aug 8, 2004
66
US
I have a small remote site where I would like to use an i2002 phone. I am using a Netgear FVS338 VPN router at the site to create an IPSec tunnel back to my corporate office (to a larger Netgear box). The connection is PPPoE DSL. Everything is running fine at the site. I can ping the call server fine and all of my other apps are working. In fact, the i2050 soft phone works fine on the PC. But, I need an actual hard phone for this application. It will not register. All of the IP settings are correct, the S1 address is correct and the port is correct (4100 to Succession 1000). I have tried both phase 1 and phase 2 phones with no luck.

I did a sniff of the traffic and I see the i2050 communicate with my call server, then both of my signalling servers then it comes right up. The i2002 and i2004's I have tried only made it to the call server, then say Server Unreachable.

I know this is a complicated problem. Any ideas out there? I have checked everyhting I can think of on the VPN side (routing, MTU size, etc).

Thanks! Chris
 
Sort by date Sort by votes
got the virtual loop in LD 97 and built the phone as a i2002 in LD 11?

if so, I'm kinda stumped and will look some more...just got out of a class on this stuff.

what kind of PBX? and release?
 
Upvote 0 Downvote
Everything is fine on the PBX. I have over 300 other IP phones on this system, so I feel confident the switch side is correct. It seems more like a networking problem, which isn't really for this group, but I thought someone may have seen this before. I am just stumped that the i2050 works great but the phone won't register.

I have a Succession 1000 with Rel 3. I am upgrading to 4.5 in the coming weeks.

Thanks
 
Upvote 0 Downvote
What is the status of the IP Phone not registreted?
What is the display?
If connected to SigServ (leader or follower) by telnet and login with pwd level 1, can you see any information relative to the registering sequence?
 
Upvote 0 Downvote
What kind of VPN are you using? A software on the computer?

i2007
 
Upvote 0 Downvote
On the phone I get a "Server Unreachable" error. There is never any communication with the Sig Server. When I sniff the phone, I only see it initiate a connection to the Call Server, then it stops. Like I mentioned above, the i2050 contacts the Call Server then both Sig Servers and works fine.

I am using a hardware based IPSec VPN, so the tunnel should be transparent to the phone.

Thanks for the posts!
 
Upvote 0 Downvote
That's your problem, the VPN is to transparent to the I200x set. The reason your I2050 works is because its using your PC IP address and your PC is already on the network via your tunnel. The I200x doesn't know the tunnel is there...

We weren't able to ever get a I200x working remotely, Nortel answered was...if you can't ping the SS from the Phone then its your network...have a nice day.

Nortel seems to think the problem is with VPN authentication by the set and NAT configuration...

So my .02 worth, keep trying different configuration until you can ping from the set.
 
Upvote 0 Downvote
Your answer isn't exactly correct. The VPN is created between 2 routers, so the phone has no need to be aware of it. Nor does the PC. The PC and phone both have addresses in the same subnet and all traffic is routed across the VPN. I am not NAT'ing any addresses, they are routed as if they are part of my LAN.

I have a call with an engineer at Nortel later today. I will post any updates I may get..
 
Upvote 0 Downvote
We found the problem. If your network (or in my case VPN equipment) does not support 802.1Q you will have this problem. In my situation, I had 802.1Q support enabled in my Node / QoS settings. My Netgear VPN routers do not support this tagging, so either the tags were being stripped or the packets were being dropped; I am not sure which one. I turned off 802.1Q through Element Manager and the phone registered immediately. This should not affect my Qos because I already have QoS configured throughout my LAN and my VPN has static QoS settings.

I hope this helps someone else.. It was a pain to find and I probably wouldn't without help from Nortel.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

curlycord
  • Locked
  • Question
BES50GE - IP Conflict
Replies
3
Views
316
curlycord
curlycord
JM2009
  • Locked
  • Question
IP Trunk Login 1
Replies
3
Views
527
JM2009
JM2009
Robones
  • Locked
  • Question
Call server ip address suddenly changed
Replies
2
Views
333
Robones
Robones
Option11PLM
  • Locked
  • Question
MGXPEC - NT8D09 cards are working but phones do not appear to be powered up & no tones (dial, ringing, etc.)
Replies
2
Views
440
dianvaguar
dianvaguar
JM2009
  • Locked
  • Question
CS1000 how to use telent to download the ip trunk error message??
Replies
3
Views
646
psychotech
psychotech

Part and Inventory Search

Sponsor

Back
Top