Not applicable
Created on ‎12-13-2010 05:48 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VOIP over VPN IPSEC
Hello,
I' ve configured VPN properly between fortigate & Cisco ASA & I want to allow our Nortel i2002 phone to connect to VOIP gateway through VOIP .
Any special configuration needed to allow VOIP ?
thanks
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nothing special, you might want to look at priority-queuing for the VoIP traffic. Btw, my office uses that same phone and I used it in the past over a FGT-cisco firewall also. IIRC it' s not standard SIP traffic.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Not applicable
Created on ‎12-13-2010 06:35 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry , what do u mean by ( look at priority-queuing for the VoIP traffic) ? I looked in Protection Profile to enable VOIP log but there is no VOIP log available , SO how can I log the VOIP traffic ? I' m using FW V.4.0,build0192,091222 (MR1 Patch 2)
Not applicable
Created on ‎12-14-2010 01:07 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any suggestion please
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It' s a good idea to create a traffic shaper for the SIP traffic to guarantee bandwidth and priority
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Not applicable
Created on ‎12-14-2010 02:13 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you Eric , but is there anyway to log the SIP traffic to check what is wrong excatly?
Not applicable
Created on ‎12-14-2010 02:51 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hossam, would you please let me know how did you configure the VPN tunnel between FG and ASA ?!
this is v.imp to me
Thanks man..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Dodzmano, I followed this article
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=13574&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=12111504&st
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can log match to your fwpolicy, but that' s not going to tell you what' s wrong. What are you trying to achieve? Systems logs or applications logging ?
And yes, I would enable a traffic-shaper, but be advise it' s probably not SIP traffic. It' s unified stimulus or unistim for short. I would advise you to pcap some phone traffic to see the port(s)/protocol range and then prioritize that fwpolicy 1st and apply a shaper to it. I think when I last computed bandwidth guesses, it was about 87kbps or so per call.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc , sorry can you explain please how to investigate what is wrong exactly ?
