Yeah, this thread is a bag of cats. It could be a number of things, but I just want to chime in on the SonicWall devices.
I just replaced all my Cisco ASAs with SonicWalls, and even the lowest ($300) model I put in a remote office has IPSEC VPN throughput of 75Mbit. That office has SIP phones inside it, and they connect fine (through the IPSEC VPN) perfectly fine. There's no SIP NAT/Connection Tracking/Fixup happening because the traffic goes through the VPN onto the corporate network, but from what I know from my network guy, SIP and SonicWall's work very good together when NAT has to also happen. With that said I did previously have a Cisco 1700 series router in a branch office that kept reloading (rebooting) periodically because it wasn't rated for the amount of traffic I was putting through it, so network utilization is definitely a worthwhile place to look. -Marc On Thu, Oct 18, 2012 at 1:05 AM, John Lange <[email protected]> wrote: > If the firewall does not have hardware accelerated encryption, a VPN > is a very CPU intensive operation for a firewall/router. You don't say > what model of sonicwall it is but it seems likely that it can't handle > the load. VPNs on firewalls doing voice is a bad mix unless you're > willing to spend good money on a decent firewall. > > It's probably not exhausting its NAT translation pool or memory since > there shouldn't be any additional NAT activity if you're using a VPN > but if you have a way to check, that would also be worth a look. > > Another possibility is DNS. If you've changed something in your > network topology when you moved Exchange, then perhaps one of the DNS > servers is failing to resolve the VOIP provider causing intermittent > registration failures. > > One question though; why are you doing Exchange over a VPN? Exchange > communication is secured to the client (Outlook) via SSL certificates, > there is no VPN needed. Double check with an Exchange expert (I'm not > one) but I believe encrypted communication is mandatory on all > Microsoft products these days. > > John > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
