I've recently experienced the opposite with a Sonicwall - had a client
with SIP trunks running without issue through a Sonicwall (TZ2XX) - they
expanded and setup a VPN to another branch. From that point on, we
experienced call quality issues as well as registrations being dropped.
After installing a dedicated Internet connection and trying a multitude
of settings on the Sonicwall, we eventually gave up and in a last ditch
effort, installed a separate gateway (WRT54G running Tomato) for the
VoIP traffic - the issues cleared up right away.
I was really surprised that we had experienced issues with the Sonicwall
as my impression with them was that they were solid and could handle the
traffic...
That being said, the WRT54G is a really cheap, quick and simple solution
to try, so you may want to give it a go to eliminate your firewall.
Martin
On 18/10/2012 6:04 AM, Marc Carrafiello wrote:
Yeah, this thread is a bag of cats. It could be a number of things, but I
just want to chime in on the SonicWall devices.
I just replaced all my Cisco ASAs with SonicWalls, and even the lowest
($300) model I put in a remote office has IPSEC VPN throughput of 75Mbit.
That office has SIP phones inside it, and they connect fine (through the
IPSEC VPN) perfectly fine. There's no SIP NAT/Connection Tracking/Fixup
happening because the traffic goes through the VPN onto the corporate
network, but from what I know from my network guy, SIP and SonicWall's work
very good together when NAT has to also happen.
With that said I did previously have a Cisco 1700 series router in a branch
office that kept reloading (rebooting) periodically because it wasn't rated
for the amount of traffic I was putting through it, so network utilization
is definitely a worthwhile place to look.
-Marc
On Thu, Oct 18, 2012 at 1:05 AM, John Lange <[email protected]> wrote:
If the firewall does not have hardware accelerated encryption, a VPN
is a very CPU intensive operation for a firewall/router. You don't say
what model of sonicwall it is but it seems likely that it can't handle
the load. VPNs on firewalls doing voice is a bad mix unless you're
willing to spend good money on a decent firewall.
It's probably not exhausting its NAT translation pool or memory since
there shouldn't be any additional NAT activity if you're using a VPN
but if you have a way to check, that would also be worth a look.
Another possibility is DNS. If you've changed something in your
network topology when you moved Exchange, then perhaps one of the DNS
servers is failing to resolve the VOIP provider causing intermittent
registration failures.
One question though; why are you doing Exchange over a VPN? Exchange
communication is secured to the client (Outlook) via SSL certificates,
there is no VPN needed. Double check with an Exchange expert (I'm not
one) but I believe encrypted communication is mandatory on all
Microsoft products these days.
John
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
