Question : Samsung Officeserv 7200 VOIP phones have no speech

Hi there.

We have had a new Samsung Officeserv 7200 system installed recently and it is working fine internally. But we have 1 person who works from home and need this person to have a VOIP phone that connects in through the external NATed IP address.

Our firewall is a Watchguard e10x Edge. All the correct ports (6000-1, 5000, 6100, 9000-1, 5003 etc, and there may be some missing i have not advised) as advised by Samsung are forwarding the MCP.

Also there is a rule that port forward 30000-30064 to the MGI card.

When we connect the external VOIP phone it connects to the VOIP system fine, we can call an internal extension in the office fine and we can also receive calls. The only problem is that we have no voice! its a dead line when you answer the phone.

now we know that all ports to the MCP card are working just fine as it is connecting and you can dial out and receive calls. its just he voice bit so must be something to do with the MGI card connection.

what i did to test if the firewall rules for 30000 to 30064 was working was too open the sys log on the firewall. then from an external PC did a "telnet 33.33.33.33 30000" all the way to 30064. Every one of these ports that i telnet on where permitted on the firewall. so this proves that all ports for the mgi card are correctly forwarding.

for the record we have 1 external IP address and the MGI and MCP card each have their own internal private IP address. On the firewall there is 2 policies which port forward all the specific ports to the correct internal IP address of each card.

Please can anyone help us getting the voice part working on our environment.
best,
michael

Answer : Samsung Officeserv 7200 VOIP phones have no speech

Michael,

Crossing the firewall can introduce all sorts of issues including changed port numbers, blocked dynamic incoming ports, and most importantly the IP address mismatch inside and outside. As I understand you took care of the ports in your office, you need to do the same in the remote home-office because all SOHO broadband modems to modify the ports if single IP is shared.

If it does not solve the issue, you need to solve the IP address translation issue. When you make a call to the remote IP phone, the calling phone's private IP address (10.x.x.x or 192.168.x.x or 172.16.x.x) get's translated to your modem's external IP address assigned by the broadband service provider, let's say 33.33.33.33. The home office phone is also using a private IP address (10.x.x.x or 192.168.x.x or 172.16.x.x). Now the issue> The SIP invite or H323 setup message etc contains the IP address of the phone in theVOIP protocol message. This IP address is private IP address (10.x.x.x or 192.168.x.x or 172.16.x.x) which cannot be routed over the internet! See if your IP PBX supports STUN protocol. STUN helps overcome this private IP address issue, and instead it uses your external IP address 33.33.33.33 in the voip protocol messages.

Safest method is to setup a permanent VPN connection between your office and the remote home-office. This will provide a tunnel between two locations and they will behave as if they are in the same LAN. This eliminates all firewall issues, because there won't be any NAT/PAT, both offices will be in the same subnet as if there is no internet in between.

If you setup a permanent VPN, make sure you enable Split Tunnel on the remote home-office. This will allow the home-office PC to exit to the internet fromits local broadband router. Without split tunnelling, remote home-office PC has to cross the VPN tunnel and browse internet from the office broadband connection.

Hope this helps.