Multiple subnets

problem calling across subnets
Here is the situation two vpn routers with a ipsec tunnel

PhoneA–10.1.1.x---->outsideip1-------------outsideip2<-----10.10.10.x–PhoneB

The tunnel is working properly and restricting no traffic at all

When PhoneA calls PhoneB, PhoneB rings and the call won’t go through, the sip debug shows this

e[Kasterisk1*CLI>
Sending to 10.10.10.252: 5061; transport UDP (non-NAT)
Transmitting (no NAT) to 10.10.10.252:5061:UDP
with fd 12
SIP/2.0 200 OK

Via: SIP/2.0/UDP 10.10.10.252:5061;branch=z9hG4bK015c3770;received=10.1.1.200

From: sip:[email protected]:5061;tag=000af4dfac98002c5edd4ae6-0271d578

To: “PhoneA” sip:[email protected];tag=as262dc34a

Call-ID: [email protected]

CSeq: 101 BYE

User-Agent: Asterisk PBX

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY

Contact: sip:[email protected];transport=UDP

Content-Length: 0

Both extensions are set for nat=never and host=dynamic.

inside the sip.conf the following is there
externip=outsideip1
localnet=10.1.1.0/255.255.255.0
localnet=10.10.10.0/255.255.255.0

The trixbox is behind a nat firewall with ports on the outside forwarded to it so it can connect to it’s sip trunks.

When calls are made from phoneB, phoneA rings and when picked up everything works just fine, call is clear etc. This is a sip debug during that

Sending to 10.10.10.252: 5061; transport UDP (non-NAT)
Reliably Transmitting (no NAT) to PhoneBIP:5061:UDP
with fd 12
SIP/2.0 407 Proxy Authentication Required

Via: SIP/2.0/UDP phoneBip:5061;branch=z9hG4bK27098d35;received=InsideRouterIP

From: “15” sip:[email protected];tag=000af4dfac98002d179a965e-77ded511

To: sip:[email protected];tag=as498a6ace

Call-ID: [email protected]

CSeq: 101 INVITE

User-Agent: Asterisk PBX

Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY

Contact: sip:[email protected];transport=UDP

Proxy-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce=“2cf85464”

Content-Length: 0

Any help would be greatly appreciated!!!

OK your best bet is use the public ip to connect

VPN tunnel of SIP is not a good idea…

SIP = UDP needs a good stream

VPN = TCP does not care about the stream TCP will retrans packets in any order

VPN adds overhead to every packet sent…with viop packets I would guess in the 10 ~ 12 % range…
VOIP wants the packets in the RIGHT ORDER
There goes QOS…