×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

VPN Annoyance
2

VPN Annoyance

VPN Annoyance

(OP)
I have some 9608 and 9620C phones for some remote users. Site A has 10 people, Site B has 3. Fortigate 60E at home office. First phone VPNs fine. Second phone, various issues from retrieval failed, to just hanging at discover. If I try with a second 9608, it will connect, but lock out the other phone or cause it to reboot.

Monitor shows the same info as the working phone. IPSec monitor in Fortigate shows good as well.

Does anyone have a useful solution to allow my remote phones to connect? Getting another piece of hardware at the remote sites is NOT an option as its a shared coworking space and they will not let us house any equipment in their wiring closets.

RE: VPN Annoyance

What are the subnets at home?

if they are the same subnet, i think that would cause issues....


RE: VPN Annoyance

(OP)
IP Office is 192.168.42.0/24 - remotes vary but 10.0.112.0/24 or 10.1.111.0/24

RE: VPN Annoyance

Are the phones using the built in ipsec VPN, or do you have a site to site VPN set up?

We see this with hosted systems
"Disable all SIP transformations, fix-ups, inspections, or ALG's on the firewalls, routers, and switches"

Fortigate:

Disabling the SIP ALG in a VoIP profile
SIP is enabled by default in a VoIP profile. If you are just using the VoIP profile for SCCP you can use the following command to disable SIP in the VoIP profile.

config voip profile
edit VoIP_Pro_2
config sip
set status disable
end

RE: VPN Annoyance

(OP)
Phones are using built in IPSec -- When I put a meraki VPN appliance in line, it works fine (as one would expect) -- but I can't put a 600$ appliance in each office for 1 or 2 phones winky smile I'll try the fortigate suggestion above. Thanks Tommy

RE: VPN Annoyance

2
You need a policy based VPN appliance as each phone use a separate VPN connection.
Now both phones use the same VPN tunnel causing one to connect but it will loose connection if the second one connects.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close