|
|
|
|
Joined: Mar 2011
Posts: 1
Member
|
|
Member
Joined: Mar 2011
Posts: 1 |
Hello all,
I am having a problem with our IP phones on a remote location and I am hoping I can find some answers here.
Background:
We have a CIX 670 in our main location.
We have a remote location that is connected through a direct fibre-line. The remote location is on a different subnet that the main location.
The remote location has the IP phones set to DHCP.
Normally, everything works fine. We installed a new firewall on our main location and the phones will not work. I have allowed all IP traffic from the remote subnet to the internal network on the main site. All other things work fine (i.e. network shares, remote desktop etc.). I can read the firewall log and see traffic from the remote subnet come through from the computers that are attached to the phones (i.e. the phones are routing traffic from the computers) but there is traffic from the phone ip coming through.
When we remove the firewall, it works fine again.
We even tried another brand of firewall and the exact same thing happened.
Any ideas?
Thank you,
X
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
|
Joined: Feb 2007
Posts: 1,314
Member
|
|
Member
Joined: Feb 2007
Posts: 1,314 |
Why would you need to route the IPT traffic through a firewall if it is direct fiber? I can tell you that if the firewall is doing NAT or port forwarding, the IPT's will not work. It seems to me that if it is a direct fiber connection that the traffic should be routing from fiber switch to fiber switch with no firewall in between.
|
|
|
|
|
Joined: Mar 2011
Posts: 6
Member
|
|
Member
Joined: Mar 2011
Posts: 6 |
firewalls by defualt (assuming it's a decent one) will do at least some type of SPI (stateful packet inspection) and as RRino said either NAT or Xlate (in cisco terms).
You would need to tone down the security features on the firewall but then you're back to just having a switch. If the firewall is sophisticated enough you may be able to specify IP and Service policies for that specific traffic. refer to your firewall AG for that.
edit: a second train of thought, use the diagnostic features on the phones to ping the IP cards and also verify your ports on open on the firewall (UDP/1718, UDP/1719, TCP/2994 and UDP/1-65532)
CIX670
|
|
|
|
|
Joined: Jan 2010
Posts: 937 Likes: 5
Moderator-Toshiba
|
|
Moderator-Toshiba
Joined: Jan 2010
Posts: 937 Likes: 5 |
my response is in your other post
Regards
Carl
|
|
|
|
Forums84
Topics94,515
Posts639,962
Members49,847
| |
Most Online5,661
May 23rd, 2018
|
|
|
|
|
|
