SipX, Bria, and Fortigate VPN

[Brant Kenny]

Morning all.  I'm working through an issue with a Fortigate SSL-VPN and Bria Enterprise.  Whenever a user connects to our VPN and attempts to make a call using Bria, there is no audio.  Analysis of captures shows that SipX is sending audio traffic to our T1 gateway instead of directly to the softphone.  

Registration shows the Bria client on VPN as being very similar to clients registered over the Internet.  We can see the VPN appliances internal IP and the client's assigned internal IP address.  

Is there a setting we missed?  We already specified that the IP range assigned to VPN clients is listed as an internal network.  

Thoughts are appreciated.

[Michael Picher]

Consider DNS as well as making sure that there is no ALG in the firewall...

Big hint, 95% of the time, the problem is DNS.

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/1586c7c4-ec9f-45fe-b2e6-82988e0287dan%40googlegroups.com.

--

 

Michael Picher Video Collaboration, SME 215.297.4400 x 751 Arbor Way, Arbor Crest I, Suite 150, Blue Bell, PA 19422 coredial.com

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

[Brant Kenny]

DNS appears to be working correctly.  Our Bria clients are registering properly when on-prem and when directly connected to the internet.  VPN clients use the same DNS servers as our internal clients.  All ports are open and Bria can register/receive signaling with no problems.  It's only voice traffic that's redirected.

[Michael Picher]

Check IP gateways / routes on your gateway...  maybe it doesn't know how to route to the vpn subnet.

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/b6f195e9-3136-4226-b469-32f1e8ffc104n%40googlegroups.com.

[Peter Krautle]

Brant, what version of Bria are you working with? In Bria 6, there are registration mode and NAT options in the account setup that you need to pay attention to in order to get audio to work. As well when Bria is deployed on the Internet, are you using an SBC or port forwarding the correct ports from your public facing firewall to Sipxcom.

 

Peter

To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/b6f195e9-3136-4226-b469-32f1e8ffc104n%40googlegroups.com.

[Brant Kenny]

Right now, we're port forwarding to Sipx and using Bria Enterprise 6.4.2.  Audio is fine on-prem and over the internet.  The same ports are open between our SSL-VPN zone and Sipx.  We can register Bria on-prem, on VPN, and over the net.  The AudioCodes Mediant 1k acting as the T1 gateway seems to be the issue.  Voice traffic is sent from Sipx to that device and drops.  I'm not sure why voice traffic is sent to the gateway when it's 'internal' traffic.  I'm digging into the Mediant as well.

[Matt Keys]

"I'm not sure why voice traffic is sent to the gateway when it's 'internal' traffic." -- Check that you have the VPN subnet(s) listed in the Intranet Subnets.

[Brant Kenny]

It is.  We specified the /24 dedicated to VPN traffic and /8 to be sure.  

[Matt Keys]

You might try sending server profiles or rebooting the server to make sure that change has taken. In the signaling you should see the private (vpn) address in the 302 Moved Contact: header, and in the 200 OK w/SDP upon answer, both in the Contact: and the SDP body.