Pepvpn Issues and Questions


#1

I’m running a pepvpn between a Balance Core (Main Office) and a Balance 20 (Remote Office).

I used incontrol to set it up and it is working right now for the most part.

  1. The balance 20 is behind another firewall. I set the balance 20 to be in the dmz and for the most part its fine but on voip calls. When I call from the remote network the person I called can not hear me. But when they call me its fine.

  2. As I mentioned the 20 is behind a firewall. In the vpn settings for the Core it shows the private ip of the 20 that it’s getting from the other firewall rather than the public ip. Could that be why the 1 way audio?

  3. Using the layer 2 routing it looks like I can setup the remote network to just be in my own subnet so they all have the same 10.0.0.x ips. Does that need setup on both sides? Meaning, do I need to set that bridging up on both sides? Would the remote router still have a seperate ip? The kb just shows how to do it but doesnt mention doing it on both sides or if I need to do something to the remote side to enable this.

  4. Should both devices be in the same group on incontrol or should they be seperate? I understand the different orgs but not the point of the different groups.

Thanks


#2
  • Do you mean there is 1-way audio if the call initiated from remote office? However, there is 2 ways audio if the call initiated from main office?
  • Please share how the SIP phones in main and remote office connected to the SIP server. Please provide a graphical network diagram.
  • Which VPN settings you are referring to? Please provide a screenshot on this.
  • Please provide a graphical network diagram with IP addresses. This allows me to understand further on how “the Core it shows the private ip of the 20 that it’s getting from the other firewall rather than the public ip.”.

Yes, you need to configure Layer 2 PepVPN on both Balance One Core and Balance 20. Please find the network diagram below for better understanding between Layer 3 and Layer 2 PepVPN.


This is based on your requirement. Normally if you need to push identical settings to both units, then is recommended to put them in a same group.


#3

Yes that is the issue.
My setup is like this currently




#4

Yes that is the issue.
My setup is like this currently




#5

Based on the provided diagram, all IP phones at the remote office are connected under DMZ zone. Do correct me if I am wrong.

  1. Balance 20 has 1 WAN link only?

  2. Have you enable Expert Mode on Balance 20? Please find the screenshot for better understanding.


  1. Please provide screenshot of the Internal Firewall settings (Network > Access Rules > Internal Network Firewall Rules) of Balance One Core and Balance 20.

  2. IP phones at the remote office are pointing 10.0.50.100 as SIP server?

Believe you are choosing Point-To-Point when you configured PepVPN via InControl2. If so, WAN IP of Balance One Core and Balance 20 will be used to establish the PepVPN tunnel. Look like 192.168.1.23 is Balance 20’s WAN IP. Hence, Balance One Core is pointing Balance 20 with IP 192.168.1.23.

Anyway, this will not cause the issue for VOIP.