IP Telephony - NBX
cancel
Showing results for 
Search instead for 
Did you mean: 

VTL established but I hear no voice on a call.

cwelectric
Occasional Visitor

VTL established but I hear no voice on a call.

I have a site to site VPN established, with a VTL between an NBX v3000 and NBX v3001.



I am able to dial the remote site by extension and vice versa, the phone rings and the user can pick up the call, but there is no voice whatsoever when the call is picked up.



I have performed extensive troubleshooting and this is what I have found. I am using IP On-the-fly to allocate IP addresses. I placed a call and left the phones off hook. The call stayed up and IP addresses were allocated correctly from both pools. However, I am unable to ping the IP addresses remotely. When on a call, I can ping my local phone, but at the same time while I am remoted into a machine at the remote site, cannot ping their local phone that is on the call.



There is no routing issue here. I am able to ping all workstations and servers at the remote site without issue. For some reason, it seems that ONLY the IP addresses allocated to the phones are giving me problems.



I have opened up the necessary ports in the firewall as well.



Any idea how I can fix this issue? It's driving me crazy because I'm so close to getting it working!

9 REPLIES
merlin_1
Super Advisor

Re: VTL established but I hear no voice on a call.

Did you open up

2093

2094

2095 UDP Ports ?



You would have to do a far end trace and see if the traffic ( Audio UDP ) is getting ot the other side

cwelectric
Occasional Visitor

Re: VTL established but I hear no voice on a call.

We are using an X506 and an X5 for our routers/VPN connection. Within the built in services there is an "nbx" option, which is UDP ports 2093-2096. I have gone so far as enabled that service each way, just to be sure.



When you say do a trace, how would I go about doing that?

merlin_1
Super Advisor

Re: VTL established but I hear no voice on a call.

network traces ar taken at the NBX by either mirroring the NBX and chassis ports or put them into an old style dumb 10/100 hub and trace out a vtl call . Look for audio on both ends ( if possible - recommended to trace out both sides )

cwelectric
Occasional Visitor

Re: VTL established but I hear no voice on a call.

On Friday, I went to far as to add deny and permit all statements to the ACL of both routers, and set the rules to log.



I have also already set the permit all NBX rule to log.



I didn't see ANY traffic sourced from the IP of either phone going in either direction.



It's like the calls are connecting and staying up just fine, but no traffic is passing back and forth after that point.

merlin_1
Super Advisor

Re: VTL established but I hear no voice on a call.

Are you using vlans ?



I would set up a trace and trace out the tel side and see if you get traqffic on ports 2093 thru 2096



That would be a start but if you are able to offhook and onhook , thats really a switch/router issue that we will have to review

You may want to o[pen a case and have one of the security specialists review the trace with you as well . You can also post this on the same site here under the security section too .

This message was edited by merlin on 7-6-09 @ 11:38 AM
cwelectric
Occasional Visitor

Re: VTL established but I hear no voice on a call.

I am using the Voice VLAN option within the NBX, yes. Same equipment and configuration on both ends.

merlin_1
Super Advisor

Re: VTL established but I hear no voice on a call.

A trace would tell us the VLan info on a bad audio call . I would suggest setting up a network trace to capture your vlan tag and all packets going from the router to the phone .

cwelectric
Occasional Visitor

Re: VTL established but I hear no voice on a call.

Getting ahold of an old hub is more difficult than I imagined. I will try this as soon as I get one. Going to look around online today...

Luckycharms
Frequent Advisor

Re: VTL established but I hear no voice on a call.

As long as the subnet the phones use are an IP address that is allowed over the VPN your good and there are no ACL or policies etc that may block packets. If your using a site to site VPN then there is no need to open UDP ports.



You may need to look at this from a networking perspective specially if using "IP-on-the-Fly". I would recomend using DHCP for all your phones, IP on the Fly is ok for a LAN but not so much for WAN specially when firewalls are involved.



The NBX NCP's have static IP address I assume so the call setup path and the audio path are somewhat seperate. NCP talk to NCP and Phones talk to NCP for setup. But LAN to LAN phones to each other for audio.



I know you said that Routing is ok when you PING the PC's at each end. So a simple test would be to assign static IP address (but not any on IP on the fly range from each NCP) to a phone on each end of the VPN. Make a call and see if it works or fails. If it fails then its possible you may still have a IP routing/forwarding issue.



If it works then the issue is probably a timeout issue with devices i.e Firewalls because of "IP-on-the-Fly". With "IP on the fly" specailly if the pool of ip addresses is small compared tot he number fo phone i.e 2 IP addresses for 20 phones. The IP addresses can be allocated (depending on the NBX version) in such a way the the first couple of IP addresses are constantly being re-used.



What can happen is that the ARP cache of a firewall does not get updated with the new mac address of a new phone using an IP address from a previous phones phone call. So packets are being forwarded somewhat correctly based on theinformation in the forwarding table but to the wrong device. In other words they are being sent to a phone but not the right one. Its not a bug or firewall issue really but a combination of a few factors qty of L3 calls between sites, a small number of IP addresses allocated to "IP-on-the-fly" and default caching timers of network devcies (arp cache, bridge address tables)



You may need a packet trace appplication to be 100% sure and most firewalls have a packet trace function built in so once you know all 4 IP addresses ( 2 NCP and 2 Phones) and the 6 or more MAC addresses (2 NCP's, 2 Phones and 2 firewalls) depending on how many Rotuers/L3 Forwarding devices are bwteen phone A and Phnoe B. You can make sure packets from 1 phones IP address(phone A) to the other phones IP address (phone b)are forwarded using the correct MAC addresses.



A suggestion look and treat the goes into and the goes out of paths for each device and direction seperatly.



Hope this helps.