Greetings! We are currently experiencing a problem using a Nortel VOIP solution over SecuRemote and I was wondering whether anyone else has managed to solve similar problems.
We have a PBX which is a Meridian 11C. The software for the IP phones is the Nortel i2050 phone (Version 1.4.0 Build 346). On the Checkpoint side, we are running NG FP3. We have a pair of firewalls running Cluster XL and configured for load sharing. We are using IP Nat pools on the firewalls and VPN users are using SecuRemote to access the environment. Our problem is that VPN users are having intermittant problems using the VOIP software. After running a number of network snoops, we've determined that the PBX tries to send keepalive packets back to the client. There are apparantly two timers on the PBX which send keepalive packets back to the SecuRemote client at pre-determined intervals. Somewhere along the line, these intervals drift apart until there is a period of inactivity and the VPN tunnel collapses. Keepalive packets sent by the PBX are no longer encrypted and the VOIP application stops working. Under "Remote Access" We have enabled "Enable tunnel refresh (facilitates back connections from Gateway side to client) and have it configured to send keepalive packets from the SecuRemote client back to the Gateway in order to keep the VPN tunnel open, but this has not helped. Every application in our environment is working properly, except for this VOIP application. Has anyone on this list seen this problem before and had any success getting these products to work together in the configuration I've described above? Any suggestions would be greatly appreciated. Thanks. Joel ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
