Setting up a Teleworker over VPN tunnel, Ideas for best path to troubleshoot


I am asking for a second set of eyes to point me in the right in order to troubleshoot.

I am setting up a teleworker for my company. The idea is the Remote Site has a Cisco RV120W router to VPN Tunnel back to our main office router Cisco ASA5505. It sets up easy enough. We are using elastix/FreePBX (v2.8). All the other Teleworker functions (other than phone) work as expected, such as file access, SQL, RDP, Print Spooling, etc.

All our phones are Cisco SPA509G.

At the main office I can ping and HTTP onto the remote phone.

At the remote site I can ping and HTTP onto phone server.

At the phone server (at a Linux prompt) I can ping the remote phone (between 18 to 20 ms).

The “Phone Status” of the remote phone shows:

SIP Messages Sent: ##### (large number)
SIP Bytes Sent: ###### (large number)
SIP Messages Recv: 0
SIP Bytes Recv: 0

So it is obvious that SIP isn’t getting from the Phone Server to the Phone.

I’ve used the Main Office Router’s Trace Packet function to test SIP from Phone Server IP to Remote Phone IP and it passes correctly.

My questions about best practice of troubleshooting this:
Because I can ping the phone from the phone server does that mean I can count on the phone server not needing any additional information to route SIP?

Because the Main Office Router (ASA5505) was set to no filter for this subnet (Remote Site via VPN Tunnel) does that mean I can count on SIP being allowed out from the Main Office?

I am used to helping others (in different forums) rather than asking for help. If this isn’t the correct forumn, let me know.

Thanks in advance.

Do a SIP debug at the Asterisk console.

Also make sure you have the vlan network defined in the localnet in FreePBX sip settings

Greetings SkykingOH,

Thanks for the second set of eyes. It has been a while since I’ve needed to use use the SIP Debug. Yeah - I’ve been real lucky.

For anyone else with the same issue, watch out for SIP ALG on some routers. In our case we set up a VPN tunnel, with no filters. We didn’t want either side to “inspect” SIP, etc. We turned off SIP ALG at the remote site and the SIP packets made it to the phone server and back to the phone.

We are now troubleshooting with Cisco an issue that appears to cause unintended translation of packets source IP information. That is causing the remote site’s phone to hear the main office but the main office can not hear the remote office.