SIP Traffic over VPN

Edrick

So I'm trying to determine the best way to set this up, I've got two TZ300 firewalls and a FreePBX Appliance at the main site, this is for a residential setup.

We've got about 8 phones at the remote site and then the phone server hosted at the main house. There's a site to site VPN created between the TZ300s.

Recently they've started to complain that when calls are made to the outside world the remote party is complaining that the audio is choppy. This setup worked fine for about a year and a half then something happened and now there is call quality issues.

Is there a way to see how much traffic is actually traversing over the VPN? I'm wondering if it's a bandwidth issue as the site where the Phone Server is located has limited upstream bandwidth. They are also accessing some other resources over this VPN connection. So I'd like to first see what the actual usage over the VPN is.

My second thought would be to implement some type of bandwidth control so that the SIP traffic takes priority over the VPN connection. The main site doesn't seem to have call quality issues and it's only the remote home.

Any ideas?

Edrick

Anyone with ideas that I could use on the SonicWall end to troubleshoot? Again the calls are only having issues traversing over the VPN, but I'm curious if it's a VPN throughput issue IE if the issue is that say reviewing cameras remotely is sucking up the bandwidth.

According to the trouble info, the issue happens when they call outbound to a remote party. The remote party says they can't hear them and get choppy audio

KaranM

Hi @Edrick ,

Please accept our apologies for the delay in response.

Asper the description, I too think that this indeed seems to be issues with bandwidth. However, troubleshooting this type of issue can be tricky. If you ask me the best possible way to resolve bandwidth issues, I would place my bet on getting higher bandwidth plans from ISP. Having said that, I can understand that this might not be possible in all scenarios. Please find below a list of steps that might help you:

• Take a back up, export your settings back up on both the sites.
• Create access rules specific for your Phone server on both sites under LAN>VPN and vice-versa.
• Try disabling DPI inspection on these rules. This will disable DPI security checks only for these rules and might help with latency or bandwidth.
•  In case you are still facing issues, try the following :https://www.sonicwall.com/support/knowledge-base/bandwidth-management-over-site-to-site-vpn/170505922916978/.
• The article above shows an example of BWM for all traffic, in your case you would apply the BWM object on the access rules created for the phone server.

Note: If this is a business-critical setup, please schedule a downtime for these tests. BWM also depends on the bandwidth provided by ISP. If the issue continues after this, please contact SonicWall Support for further assistance.

Thank You

Nevyaditha

Hi @Edrick ,

For the Quality issues for VOIP traffic over VPN, I would suggest you please check the below options on the sonicwall:

Navigate to Manage | VPN | Advanced ensure Enable Fragmented Packet Handling is checked while Ignore DF Bit is unchecked. Ensure Enable NAT Traversal is also checked.

Navigate to Manage | VPN | Settings and Configure the VPN policy for the VoIP traffic. Under the Advanced tab, check the option for Disable IPSec Anti-Replay

Also Please ensure all VoIP Traffic flows over a single WAN Interface if you have multiple WAN connections available on the Network.

I hope this information helps you.

Regards,

Nevyaditha P