Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Softphone and VPN

    Starting a thread for myself on this issue. Recently installed a Citrix Access Gateway VPN. I believe I have all the issues worked out with the Firewall, VPN etc. Everything works great except the softphone. I can use the call manager with no problems, make calls, check voicemail but it will not let me use the softphone. After about 5 seconds it swithces from the phone icon to the red x line not in service. Softphone works when I am on the internal network but not over the VPN. I have done everything I can think of short of removing the firewall completely. I opened up all ports to and from the VPN and still got the same results. I have tried watching the firewall logs as I attempt to connect the softphone I am not seeing the firewall blocking it. Any ideas? We are on Shoretel 8.0 seeing as it was not a general release its possible that its a bug in 8.0. We are upgrading to 9.1 soon.

  • #2
    also I can ping to and from every piece of shortel equipment I have from the VPN.

    Comment


    • #3
      Do you have the rtp port 5004 unchecked. Also run wireshark and make sure your sip traffic is registering with the switch and when you make a call make sure the call is being setup via the switch, at that point you should have a clearer understanding of whats going on.

      Comment


      • #4
        we had some issues with our conference phones not wanting to register a few weeks ago perhaps this is related. I will try to do some snooping with wireshark and see what I can see.

        Comment


        • #5
          also rtp port 5004 is unchecked

          Comment


          • #6
            actually it says

            Always Use Port 5004 for RTP (This option is unavailable because your system utilizes either SIP Trunks or SIP Extensions. This feature is incompatible with SIP devices.)

            Comment


            • #7
              what should i be looking for in the capture? I feel like I am looking for a needle in a haystack

              Comment


              • #8
                Basically what you want to see is the source ip of the Softphone and the destination (switch). You should watch for a successful registration with the switch (registar switch and or proxy switch you defined in the sites menu, however it is optional but you do need to see one of them). From here the switch should send back a (ack message). You wont get an ack message if authentication fails, the cause of that is bad username and pass. Secondly you want to look for the call set up (your not going to get that far). Should see something like call invite or something. I got some fires to put out but if you could capture the packet and cyoa with the addresses, post it and we will walk it out.

                Understanding SIP Messages [Cisco Small Business Voice Gateways and ATAs (Linksys Business Series)] - Cisco Systems

                400Degreez......take two of these and walk it out!
                Last edited by 400degreez; 10-26-2009, 10:31 AM.

                Comment


                • #9
                  this is the PCM softphone by the way. I will run wireshark on my network and then compare that to the output from the vpn and see if i can start to find the issue.

                  Comment


                  • #10
                    It sounds like the VPNed computer cannot reach the ShoreTel switch. Have you tested they can see each other?

                    Comment


                    • #11
                      OK just got done doing some testing with wireshark. I have two shortel switches on the site with the vpn. To my novice eyes when wired the softphone appears to register with the switch with ip .12. when I am running through the vpn it tries to talk the the other switch which is .11 i will get a few oks from .11 then it will report that .11 is unreachable. I don't believe there is a routing issue as all other functions of the PCM work fine.

                      I have done my best to make sure they can see each other. I can ping from the VPN'd comptuer and reach all of my shoretel equipment. I can ping from my shoretel server and reach the vpn equipment. I can remote into the Citrix Access Gateway and get to all of my shoretel equipment.

                      Comment


                      • #12
                        FYI, note that the other functions of PCM talk to the server, not to the switch. Still, connectivity sounds good. We'll see if anyone else has a guess at what this could be....

                        Comment


                        • #13
                          I would try looking at the maximum allowed packet size for the VPN. If the limit is set too low a connection will be built, but then will not be able to pass voice and some signaling. I do not remember what the ceiling is for how big ShoreTel packets can get.

                          I have never had this particular issue with a shoftphone, but I have had something very similar with multiple sites connected via VPNs.

                          Comment


                          • #14
                            MTU is set to 1500 on the VPN.

                            Comment


                            • #15
                              Ok, uninstall and reinstall, if you are using vista....run as admin

                              Comment

                              Working...
                              X