We have a Central office with a bunch of satellite offices. All sites have IPsec or L2TP tunnels between the Central and Satellites. We are able to call the central office from any of the satellites and vice/versa but are unable to call satellite to satellite. What to look for besides route statements on the satellites?
Can be everything without schema and configurations.
Probably, just for guess, your satellite network do not have routing directed to other satellite networks.
Here is the routing of just one satellite. 192.168.0.0/21 covers all the know satellite offices. All Satellites have the same route. 192.168.68.0/24 is the subnet for This satellite.
What else could be a top of your head guess?
Export and post the config for one of the satellite offices and the central hub.
To export and paste your configuration (and I’m assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) “/export hide-sensitive file=any-filename-you-wish”. Then open the files section and right click on the filename you created and select download in order to download the file to your computer. It will be a text file with whatever name you saved to with an extension of .rsc. Then in your message here, click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets.
See Sanitized Central Office and one of the Satellites. Attached
Thanks for Looking 
satellite1.rsc (6.86 KB)
Central-Office.rsc (26.9 KB)
I cannot see anything in the configurations that should block packet flow between the 192.168.0.0/21 subnets of a pair of satellite sites. The /ppp secret items at the CO router do contain the routes items, the /ip firewall filter rules do not block the traffic between two L2TP server interfaces (and are quite leaky in general but that’s another can of worms), there is no IPsec policy to divert the traffic.
But where is the exchange, to which the phones register, located? Is it a private one at the CO site or a public one somewhere in the internet? Or maybe there is no exchange and you call peer-to-per by IP address rather than phone number? I.e. what is the expected flow of the signaling and RTP when a call is placed from a phone on one satellite site to a phone on another satellite site? Does the called phone ring but there is no audio, or it isn’t even ringing?
Sindy!
Hello, I hope you are well! Thanks for having a look.
The Central Office Server IP is 192.168.1.25. The satellites can ring each other but no Audio. We dial an extension so the call manager is located at the CO.
This becomes a different issue…
SIP signalling (TCP or UDP) traffic is passing correctly but RTP traffic is not.
You have a NAT and/or Firewall issue.
Do extension-to-extension calls still go through the main phone switch?
Can computers/hosts at Satellite-Office1 communicate with Satellite-Office2? Ping for example?
Sindy, please see info on slack.
I am unable to ping from Satellite to Satellite. I will have to confirm if calls go thru server. I will post tomorrow. Thanks!
Calls go through the server for signalling but use an invite/re-invite system for the media (audio) to go directly between the phones. Because the satellite offices can’t communicate with each other, the audio doesn’t work.
Common VoIP issue with NAT and firewalls.
OK, Ping now works and waiting to test VoIP calls. The route 192.168.0.0/21 did not cover the satellite subnets. I need to go back to routing 101 LOL (Thanks Sindy) I appreciate all that have responded. I will update once I confirm VoIP is indeed working.