Background…
I have used other devices with simpler interfaces. This is my first time using the RouterBoards and basically have hit a brick wall.
Current configuration…
I have 6 offices connected via 1Mb VPN’s over the internet.
New configuration…
I have a newly installed 5Mb “E-Lan”. Essentially the E-Lan is a private circuit that emulates a switch if you will.
What I have done so far…
I purchased 6 RB750GL routers. I managed to get then configured and started the install at the first location. After some trail and error I was able to get the E-Lan functional and all was good, or so I thought. I turns out our IP phones won’t communicate over the E-Lan. I researched this problem and based on what I found I turned off the SIP service. Then tried to pass the ports, then tried to passed all ports, tried to open up everything, tried routes and then gave up. Had to go back to the VPN.
Network overview…
sonicwall handling the internet (local IP and primary network gateway 192.168.10.1)
ether 2 on all RB750’s
Main location IP range 192.168.10.0 IP 192.168.10.2/24
Loc #1 IP range 192.168.11.0 IP 192.168.11.1/24
Loc #2 IP range 192.168.12.0 IP 192.168.12.1/24
Loc #3 IP range 192.168.13.0 IP 192.168.13.1/24
Loc #4 IP range 192.168.14.0 IP 192.168.14.1/24
Loc #5 IP range 192.168.15.0 IP 192.168.15.1/24
ether 1 on all RB750’s (E-Lan connections)
Main location 10.0.0.10/24
Loc #1 10.0.0.11/24
Loc #2 10.0.0.12/24
Loc #3 10.0.0.13/24
Loc #4 10.0.0.14/24
Loc #5 10.0.0.15/24
Goal…
- Have routes on primary gateway (sonicwall) that direct 192.168.11.0-15.0 to 192.168.10.2 (I can do this)
- Have routes that allow each location to communicate with the Main office network 192.168.10.0/24.
- Have routes that allow each location to have internet access via the E-Lan from the main office gateway 192.168.10.1
- Pass SIP traffic for my phones. SIP disabled in Service Port (based on all recommendations so far)
Note the SIP phones that can’t connect display this message “Contacting Proxy@192.168.10.30:5062” when they time out.
I need help getting the routing setup. While I did get it setup at 1 location I am not sure I did it the best way possible. Also I cannot get the SIP to work. Any other comments or suggestions based on the above supplied information is welcome. If I am approaching this wrong, feel free to point out anything you think might help.
Thanks for any help you can give.
Hi springer1981,
to help you I need:
#1: Topology drawing with all informations (e.g. where is SIP server)
#2: Connections and rules implemented on the SonicWall
#3: configuration you have done on 1st site (Go to WinBox, hit “New Terminal”, run “/export hide-sensitive” and post the output here)
Also, who provides the E-Lan circuit? If you’re paying for the circuit, they should be providing you some basic installation / support test functionality. In theory, if E-lan is setup, you should be able to ping across to each buildings router.
I’m a VoIP provider / PBX installer and SIP phones just need a good to/from route with SIP ALG turned off at each location.
I’m just recently MTCNA certfied, but I’ve been in your shoes. Think of Routerboards as very purposeful driving devices. What is your purpose/need? How to do implement each step of that purpose/need?
Topology I’d imagine is this. You have 1 main office, and 5 remote offices. The remote offices VPN to your main office and their phones register to the pbx as expected.
I’ll use sample ips
Internal Lan for
office 1 - 192.168.1.1/24
office 2 - 192.168.2.1/24
office 3 - 192.168.3.1/24
office 4 - 192.168.4.1/24
office 5 - 192.168.5.1/24
office 6 - 192.168.6.1/24
PBX is at 192.168.1.X/24
VPN client gateway devices resolved to a 192.168.1.X/24 address which allowed your phones to remotely register as if they were on the lan.
With E-Lan, it’s going to be a bit different since it’s acting as a virtual switch. You’ll need to configure additional IP’s on each router (lets say you choose ether5) and set up cross static routes on each router (You’ll need 5 additional static routes on each router). You’ll then need to allow the firewall at each location flat out allow all traffic to come in on these port ether5’s (because it ‘should’ be a trusted connection).
Once this is in play, your phones should be able to register on the lan.
suntelSean, thanks for the tips.
Overall I have a pretty good idea on how all of this is suppose to work. I have the same setup at another location with exception of using Adtran routers. The setup was very easy overall and works flawlessly. This time I went with the less expensive RouterBoard 750’s. I mean how much hard can it be really? Same concept etc…
Here is the difference, the RB750 have a NAT firewall that is on by default!! This was the brick wall I hit.
After disabling NAT everything worked perfectly.
Ahh. Yes, if you don’t ‘remove’ the configuration when you first login to it , it’ll have nat like a general consumer router.
Congrats on finding the issue!
Sent from my iPhone using Tapatalk