On Wed, Oct 17, 2012 at 9:27 AM, <[email protected]> wrote: > gateway. At night when there's no traffic the extensions all seem to > register, but in day 2-5 extensions will be unreachable for inbound. Of > course they call outbound because the extension will authenticate fine. >
Hi Erik, My first instinct is with Mike, that the firewall is dropping the NAT association faster than the register time. Since you didn't mention that changing, I'll suggest something else that you might look at after the firewall. When we were testing with VPNs using UDP (which is one thing you've added to your environment) we found it was possible to bump registrations off in one site by flooding the tunnel to that site. Basically, we had a situation where one side of the tunnel had 5 meg download and the other side had 35 meg upload. Since UDP doesn't handle congestion notification, we could send 20 megs UDP traffic through the tunnel from the 35 meg side and it would cause huge amounts of UDP traffic to be dropped at the 5 meg side, including SIP traffic used for registrations. I should say that I don't think I ever caught dropped registrations happening in production, but we did attribute some voice quality issues to this problem. I could imagine a situation where you've got a tunnel to your data centre, which probably has more upload bandwidth than your office has download bandwidth, and when people really get going syncing their Exchange mailboxes, or if backup is running, you could congest the line such that registration messages were being dropped. Again I'll stress - theoretically. We ended up using the upload bandwidth limiter feature in OpenVPN to keep the sites with fat pipes from overwhelming the smaller sites as an interim measure then installed a dedicated DSL line for VOIP trunking. I wouldn't say that this is a likely cause of your issue but if all else fails, you might want to look at it. Good luck and please let us know what you find out. Regards, Dave Donovan
