Screen OS

Hi all!

 

I have a problem , I hope you can help me.

I have created a Remote VPN access with a Juniper SSG5 in one side and with a remote client VPN Shrew Soft as seen in this URL:http://www.shrew.net/support/wiki/HowtoJuniperSsg

 

Across this access I want to pass voice traffic. The client PC has an IP SoftPhone whose server  is located behind the Juniper.

I have voice audio only in one direction, from the IP Phone to the other side. From the IP Phone I cant hear.

 

1)I can ping from one side to the other

2)I tried some debug "snoop"feature in the SSG5 and I cant see nothing.

 

Any idea?? Thanks in advance.

Hi,

 

I have similar problem like yours while using Shrew VPN client. I'm using Avaya One-X Communicator (v5.2.1) for video and voice communication where when I connected to our office Juniper SSG140 firewall by Shrew VPN client, my colleagues can hear me but I can't hear them. There's a case where our communication is established but we can only see video without voice from both side.

 

Strange enough, when I'm using SIP softphone when on dialup VPN session, it works fine (minus the video part though as I have not tested it). This is proven working on Windows platform but it turns to be different when using SIP phone in Linux/Ubuntu platform which has similar problem (one way audio).

 

Hopefully, someone here can help us on this. 🙂

 

Regards,

 

Alex

Hi,

 

What is the type of dial up VPN?

Policy or route based?

Is the client given a IP address after the connection?

 

Thanks.

Hardeep

I'm using policy based VPN as from what I understood from Shrew dialup VPN guide. Yes, the client getting the IP assigned after connected.

Regards,

Alex

Hi,

This looks like ALG session failure.
After the control session, data session is open for each side.
Both these sessions are independent of each other and I have seen situations in the past when one session works and the other side does not.

Things to look for:
1. any error message on either phone client/server
2. Is there any address translation required for communication between client and server?
3. Try enabling/disabling the ALG (mostly it is SIP), unset ALG SIP enable. Be careful that this ALG is not used anywhere else.


Hope this helps.

Regards.
Hardeep

Hi,

 

I had disable the ALG SIP and it does help a little. When making SIP call, both party can hear each other but when making call using H.323, I still got 'one way' audio. I think SIP call is way to go given that most of our staff will access the VPN network either via wireless/3G or broadband where the bandwidth varies.

 

Regards,

 

Alex

 

Hi Alex,

 

You mean H323 unsuccessful even after disabling ALG for H323?

 

Thanks.

Hardeep

Hi,

 

Yeah! You're right! 🙂

 

Alex

Hi,

 

May be the traffic needs to be handled by ALG for address translations on the data channel, else it could be something specific to the setup.

Can you share the network diagram showing the firewall, client,. call servers, proxies, IP addresses?

Also, check if there are any errors in ALG counters for H323.

get alg h323 counter.

 

 

Regards.

Hardeep

Hi,

 

After did some investigation, I found out some of my policies interfered the dialup vpn traffic (which caused the one-way adio issue) and had revised it accordingly. With this reply, I attached an overview of our network design just for your attention.

 

regards,

 

Alex