Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[FW-1] Problem with VOIP over SecuRemote (Nortel i2050 IP Phone)

from Firewall Administrator [Permanent Link]
Subject: [FW-1] Problem with VOIP over SecuRemote (Nortel i2050 IP Phone)
From: Firewall Administrator <fwadmin AT MAIL.TRADEWIND DOT NET>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Wed, 4 Feb 2004 12:15:46 -0500 
Greetings!

We are currently experiencing a problem using a Nortel VOIP solution over 
SecuRemote and I was wondering whether anyone else has managed to solve similar 
problems.

We have a PBX which is a Meridian 11C.  The software for the IP phones is the 
Nortel i2050 phone (Version 1.4.0 Build 346).

On the Checkpoint side, we are running NG FP3.  We have a pair of firewalls 
running Cluster XL and configured for load sharing.  We are using IP Nat pools 
on the firewalls and VPN users are using SecuRemote to access the environment.

Our problem is that VPN users are having intermittant problems using the VOIP 
software.  After running a number of network snoops, we've determined that the 
PBX tries to send keepalive packets back to the client.  There are apparantly 
two timers on the PBX which send keepalive packets back to the SecuRemote 
client at pre-determined intervals.  Somewhere along the line, these intervals 
drift apart until there is a period of inactivity and the VPN tunnel collapses. 
 Keepalive packets sent by the PBX are no longer encrypted and the VOIP 
application stops working.

Under "Remote Access"  We have enabled "Enable tunnel refresh (facilitates back 
connections from Gateway side to client) and have it configured to send 
keepalive packets from the SecuRemote client back to the Gateway in order to 
keep the VPN tunnel open, but this has not helped.

Every application in our environment is working properly, except for this VOIP 
application.  Has anyone on this list seen this problem before and had any 
success getting these products to work together in the configuration I've 
described above?  Any suggestions would be greatly appreciated.

Thanks.

Joel

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [FW-1] Problem with VOIP over SecuRemote (Nortel i2050 IP Phone), Firewall Administrator <=
Previous by Date:  [FW-1] FTP-Problem with NG AI, Oeztuerk Kerem
Next by Date:  Re: [FW-1] snmp and nokia, Rob Epping
Previous by Thread:  [FW-1] FTP-Problem with NG AI, Oeztuerk Kerem
Next by Thread:  [FW-1], Labreche, Christian
Indexes:  [Date] [Thread] [Top] [All Lists]