AT&T Wifi Calling problems
I have a TZ600 running 188.8.131.52-83n.
Clients connected to the LAN wirelessly via Engenius ECW220 nodes, tied in through Engenius Switches, to the TZ600 and out through a Residential Comcast Modem.
LAN->WAN traffic works fine. Have some Crestron controllers in the LAN that are accessible from the WAN that work fine.
The problem is that the iPhones don't have a reliable connection to AT&T Wifi calling. It's not a Wifi issue - they can hit other sites w/o issue. The Wifi signal is strong, and when testing the client was sitting about 5' from the wifi node, and not moving. There's little to no cell signal in the area, so it's not a strong cell signal that's intruding and causing issues. Private addressing disabled on the iPhones. Cell-Assist disabled on the iPhones.
When they call out, they usually get a connection through AT&T's wifi call server. Sometimes they don't, and 30 sec later it works.
When people try to call them, the phone doesn't ring - goes straight to voice mail.
Texts out from the client to somewhere outside the LAN work. Texts in to the client from somewhere outside the LAN work - mostly - MMS doesn't work.
Wifi Calling uses UDP Ports 4500, UDP 500, TCP 143. All these are set up as a service group, along with some other protocols that show up as an IPSEC NAT (ISAKMP, IKE, etc).
AT&T publishes various IP addresses on their website which are required, but monitoring has revealed that more than what they publish are needed - they've been added to the list of addresses for the rules.
We see two errors logged:
Ether Type: IP(0x800), Src=[3e:0d:a6:c8:f6:d6], Dst=[01:00:5e:28:00:01]
IP Packet Header
IP Type: UDP(0x11), Src=[192.168.0.77], Dst=[184.108.40.206]
UDP Packet Header
Src=, Dst=, Checksum=0x0, Message Length=128 bytes
DROPPED, Drop Code: 206(l2 mcast but dest ip is unicast(#1)), Module Id: 25(network), (Ref.Id: _1828_uyHtRcemgvKpkv) 1:1)
This shouldn't be picked up as a multicast address, 192.168.0.77 is an iPhone on the LAN connected thru one of the Engenius nodes. I suspect this packet is when the iPhone is trying to tell the AT&T wifi calling server that it's available to receive calls. All of the packets get dropped.
Packets FROM 220.127.116.11 to 10.0.0.33 get dropped due to "Policy"
10.0.0.33 is the X1 IP address assigned to it by the Comcast modem. Set it up as a "static IP" in the Comcast modem, and then DMZ'd the Comcast modem to that address, with the internal Comcast firewall disabled.
We've tried numerous versions of Access Rules, and NAT policies. The NAT policies don't get hit. Access rules out for other traffic besides that which is dropped above get hit. Return rules from the WAN back to the LAN never get hit. We've tried setting the allowed addresses up (published by AT&T) as FQDN's - some would resolve, sometimes, sometimes they wouldn't.
I tried multiple DNS resolver settings (18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52) - made no difference. I finally set up multiple Address objects with the IP's that the FQDN's resolved to, and combined them into a Group - the rules use the groups. Still no effect on the issue.
Support tried setting up an IP Helper for a multicast on port 4500 to some random multicast address that's used by the mDNS bonjour helper, and it passed some traffic, but didn't help the issue.
Anyone got any ideas?
Thanks in advance...