I have come across a strange problem with our VPN and BCM 50 (Nortel/Avaya) phone system.
As you can tell by my other questions I have been doing some work on setting a VPN up from one location to another and it's all working well. With one exception.
We have an IP phone that is connected at the remote location, straight to a router which has a VPN tunnel to our main practice. The phone works mostly, but every few calls it turns into a one way call. As in, the caller (from the remote phone) can't hear the receiver- but the receiver can hear the caller.
This is fixed by setting the VPN tunnel to be the default route for all traffic.
The problem with fixing it that way is that all traffic then goes through the tunnel which slows internet access etc. down considerably.
The router is set to send the following over the VPN:
192.168.1.0/24
192.168.2.0/24
192.168.4.0/24
The IP of the remote location is:
192.168.3.0/24
The remote router (where the phone is) is a Draytek 2830n, and the local router (at the main practice) is a Draytek 2820.
We are using an IPSec tunnel with AES encryption <- as a result of a previous answer pointing to the incompatibility in the hardware encryption.
Any advice would be appreciated!
Network Topology
IP Phone
Draytek Vigor 2830n
IPSec VPN <
Draytek Vigor 2820
Nortel 2550 Switch
BCM Phone System
It's important to note that although the switch is managed externally (By British Telecom), I don't believe this issue is caused by the switch config. Mainly because it works fine when I set the VPN to be the default route.
Routing Table (Remote Site)
Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via PUBLIC IP WAN2
S~ 192.168.1.0/ 255.255.255.0 via REMOTE IP VPN-1
S~ 192.168.2.0/ 255.255.255.0 via REMOTE IP VPN-1
C~ 192.168.3.0/ 255.255.255.0 directly connected LAN2
S~ 192.168.4.0/ 255.255.255.0 via REMOTE IP VPN-1
C PUBLIC IP/ 255.255.255.224 directly connected WAN2
Routing Table (Main Practice)
Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via BT GATEWAY IP, WAN2
S PUBLIC IP/ 255.255.255.255 via PUBLIC IP, WAN2
* BT GATEWAY IP/ 255.255.255.255 via EXTERNAL IP, WAN2
C~ 192.168.1.0/ 255.255.255.0 is directly connected, LAN
S~ 192.168.2.0/ 255.255.255.0 via REMOTE USER IP, VPN
S~ 192.168.3.0/ 255.255.255.0 via REMOTE IP (BRANCH), VPN
S~ 192.168.4.0/ 255.255.255.0 via REMOTE USER IP, VPN
Update
I've narrowed it down to an IP/DHCP problem. Any phone with an IP address above 1.212 doesn't work from the remote branch. Any phone that has an IP address that is given out by the Windows DHCP scope that I maintain (1.1 - 1.150) works fine. The only other DHCP server is the BCM itself which has a scope of 1.210 - 1.240. I can't work out why a VPN tunnel'd phone wouldnt correctly communicate with the BCM.
If I make a call to an external number (Mobile for example) it works fine. If a caller calls our reception and then they transfer the call to the remote branch, we can't hear the colleague transferring the call (explaining who's calling etc.) but once the call is transferred it works fine. As in we can hear the mobile caller and vica-versa.
My gut here is that this is either a routing issue or maybe a QoS issue. In my experience, one-way audio is almost always a routing issue. Let's be certain of the only devices involved (at L3): Phone <-> Router <-IPSEC-> Router <-> Phone. There may or may not be switches between the phones and the routers. Now... on these assumptions, can you post the CLI output of the routing table from each router? Please remove any public IPs if you do.
Make sure routing works correctly; set up a notebook in the same network as the ip phone for testing (it's easier).
Furthermore, can't you set the default route just on the IP phone? I didn't have really the time to dive into your routing setup, but it looks OK on the first glance. I'd say something might be set up wrongly on the phone.
Oh and make sure that you disable any SIP ALG's on all devices in between. From my experience, they cause more problems than they solve (sometimes "helping" when there's not even a NAT in play!).
VoIP uses RTP which doesn't work properly with asymmetric routing. Make sure your setup is symmetric routing.