Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TP999
New Contributor

FORTIGATE 60D draytek vpn one way audio

Hi 

I have a requirement to connect a =yealink DECT ip =phone in a remote office.

 

i have managed to create an ipsec vpn tunnel from the fortigate to the remote draytek.

 

I have managed to connect and comission the OPEN SIP YEALINk and register it ok.

 

When routing a DDI external SIP  number via the pbx @ the Fortigate site calls route fine with audio working fine.

 

The issue i have is when dialing the users internal number from another local ip phone i get one way audio.

 

The open sip yealink uses port 5059 FYI

 

i have subsequently tested draytek to draytek and it works fine therefore it must be the fortigate setting.

 

Any help would be appreciated.

6 REPLIES 6
DPadula
Staff
Staff

Hi TP999,

He have many articles showing how to troubleshoot voip issues on Fortigate. If you do a quick search using 'sip traffic' on our community search, you will get the following links as eg. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-One-Way-Audio-after-upgrading-to-FortiOS-7...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-One-way-Audio-issue-in-VOIP-with-SIP...

 

Try to use the troubleshooting commands on articles above to understand what is causing the issue. 

 

Regards
DPadula
TP999
New Contributor

im back at work and will try your advice.

 

One point will SIP ALG effect 'internal' pbx calls as external calls are working fine ?

 

nweckel

Hi TP999,

It could impact internal communication if SIP ALG translate IP addresses that it shouldn't. You can disable it with a voip profile with config sip > status disable

You will need to clear the SIP sessions or reboot the FortiGate to apply the changes.

For your troubleshooting I'd recommend to take a packet capture on the incoming and outgoing interface of the firewall during a call. With Wireshark you'll be able to see what happens to RTP packets.

mle2802
Staff
Staff
TP999
New Contributor

 

I confirm ALG is turned off.

 

I tried it on but again no audio from LAN to remote user.

 

The traces below show RTP traffic when calling from FORTIGATE/PBX side to DRAYTEK user, it works fine if a SIP external call is routed to the remote device.  Top trace is FG to DRAYTEK

 

The TRACE below is DRAYTEK TO DRAYTEK VPN showing RTP traffic fine.

 

Am I missing something in my policies.fortigate internal issues.png

 

 

 

hbac

Hi @TP999,

 

The top trace shows 401 unauthorized 192.168.70.246. Can you run packet sniffer in FortiGate CLI and provide the output:

di sniffer packet any 'host 192.168.70.246 and host 192.168.75.10' 4 0 l 

 

I want to make sure that source ports are not being modified by FortiGate.

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors