MikroTik

I have Two Office (A and B ) In each Office there is RB-750GL Router , both Office connected with L2TP VPN , in Each Office I have IP PBX connected to each other with SIP protocol.

Everything is working great , but at the end of the day office ( A ) disconnect the power from all the equipment and devices , next day morning they power up all the devices again , VPN is working fine ( file share , RDP …etc. ) except the SIP connection , if I change the PBX IP address in Office A the SIP connection will work again , then I can change it back after an hour.

I think the Router in the Office( B ) block the SIP traffic generated from The PBX because no replay from the target.
I delete all the firewall rules , and disable the NAT helper for SIP ( it have no work in VPN but I did it as try ) but the problem still the same I have to change the PBX IP address every day morning.
Any help Please.
see the attached image please

Hi,

Before change IP address, please verify connection in connection tracking and check src/dst/reply src/reply dst and check connection state.


Are you natting che SIP traffic between two office or che subnet are routed ?

Maybe you need a NAT bypass rule for your remote sites LAN IP addresses.

I didnt nat it because i use VPN , do i need to nat ???
all traffice working fine except SIP
any way i will try to nat and see what will happen

I didnt nat it because i use VPN , do i need to nat ???
all traffice working fine except SIP
any way i will try to nat and see what will happen

Hi,

If possible not use NAT with VoIP ( Sip ).

Please verify that really your traffic between two PBX is not natted.

Can you post your routing table of the two router and ip/firewall (filter/nat) configuration?

When SIP not work, can you check if an entry exist into connection tracking and src/dst/dst reply/src reply is correct?

I didnt nat it because i use VPN , do i need to nat ???

No, you do not need NAT for your VPN connection. Depending on the configuration, you might need a NAT bypass rule placed at the top of all other NAT rules.

http://wiki.mikrotik.com/wiki/Manual:IP ... NAT_Bypass

this is the routers configrations this is the configration befor
then i add this NAT Bypass rule

site A
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=192.168.50.0/24 dst-address=192.168.40.0/24

site B
/ip firewall nat
add chain=srcnat action=accept place-before=0 \
src-address=192.168.40.0/24 dst-address=192.168.50.0/24

but still the sme result every things is working fine through VPN except SIP , and please dont forget Sip is working if i just change the sip device IP address tell the next power disconnect then i have to change it again

Can you ping from pbx1 pbx2 and from pbx2 pbx1 ?

Please attach also connection tracking of SIP UDP connection when not working

Can you run a Wireshark trace behind the firewalls when the connetions works as well as when it doesn't work ?

but still the sme result every things is working fine through VPN except SIP , and please dont forget Sip is working if i just change the sip device IP address tell the next power disconnect then i have to change it again

It sounds that the session timed out and something in the router pretend the keep alive probe. Do you have any filter rules in input and forward chain?

I didnt nat it because i use VPN , do i need to nat ???

No, you do not need NAT for your VPN connection. Depending on the configuration, you might need a NAT bypass rule placed at the top of all other NAT rules.

http://wiki.mikrotik.com/wiki/Manual:IP ... NAT_Bypass

thank you Mr THG you are genius , it was VPN Nat bypass rule , but the strange thing it didnt work first time even after i restart the router , it work after i change the PBX IP again ( may be because it was already blocked by the firewall ) then i change it back after one hour , next day every thing still fine , thanks alot ( THG )

thank you Mr THG you are genius , it was VPN Nat bypass rule ,

@Hussam
if he was helping you out please fell free to give him a Karma point, this must not paid by yours!

Sorry dear i am new i wasnt know whats karma , sure i will do , thank you