Problems making calls from extension to extension

Discussion in '3CX Phone System - General' started by JST, Dec 7, 2017.

Thread Status:
Not open for further replies.
  1. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    In the past few months, we encountered audio problems using an IPSec vpn to connect to our phone system. As such, we decided to connect our phones directly. While this has improved the audio quality for trunk based calls, we are suddenly facing problems with making calls from one extension to another. Some connections don't ring when being called by another extension and others fail with "No Media".

    We also introduced secure SIP to improve security. So, we might also have a configuration problem caused by that. Furthermore, we have encountered problems with the 3CX client on Windows and Android.

    Any help is appreciated!
     
  2. pact

    pact New Member

    Joined:
    Dec 16, 2009
    Messages:
    163
    Likes Received:
    30
    You'll likely need to enable 'PBX Delivers Audio' on each extension, as it sounds like your handsets are attempting to route the local RTP traffic to each phone directly but having trouble do so.

    Go to the Extension -> Options -> and enable PBX Delivers Audio.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    accentlogic likes this.
  3. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    Thank you for getting back to me!

    I will definitely try that option and report back. However, I am confused by your statement that the phones attempt to connect to each other directly. They are all on the same network and show under the same external IP in 3CX. Shouldn't there be an option to turn this behavior off in the phone setup itself? Both handsets are Yealink.

    As part of this thread, I am also trying to understand what the best practice for hosted solutions are. Does it make sense to connect phones directly or would we be better off using a VPN solution of some sort? What is the most commonly used way?

    Here is some more information on our landscape:

    - 3CX is used to serve a Home Office and Home using two trunks to separate between business and home usage
    - 3CX is hosted as part of a hosted solution used by my business
    - The home office is connected to the business network using an IPSec vpn connection
    - Home is using a Cisco Meraki appliance
    - Business is using Sophos
    - 3CX endpoints are two Yealink phones (T22P and W60P with two handsets) and, a soon to be retired, Cisco 7975G on my phone (that phone has become very unreliable since we have moved away from the VPN), Android mobile devices and a Windows 3CX client that can't do much in combination with the Cisco 7975G

    My main "customers" are my wife who is giving me an earful for putting a lot of "expensive" hardware into place and not accomplishing reliable service with it, my son trying to communicate with his grandparents in Germany and, me, making business calls.

    Was it a bad idea to move away from the VPN solution? I mean we mostly encountered QoS issues there. For example, voice communication would degrade if other traffic sharing the same VPN (business email, business applications) would go up. I have already added DSC markings to the VOIP traffic over the VPN, but it seems that QoS over IPSec doesn't work too well (or at all?).

    So, the simple idea was to move the phone and email out of the VPN to limit VPN traffic to business application traffic only. But now it seems that I have opened a whole new can of worms by doing so.

    Is anybody facing a similar scenario and willing to share their solution? Thank you!
     
  4. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    226
    Since you don't use an SBC, and all remote handsets are behind the same (remote) router, 3CX sees each set as publicIP: port, which means each set must have a unique local port for a unique identification by the PBX, they can't all use 5060

    Even so, the router at the remote end may, (and it can depend on the router being used), have problems keeping the voice packets straight if you don't use PBX delivers audio. The result will be "no audio" at times.

    You can sometimes get by with a couple of sets at a remote location and not use an SBC (or VPN), but for more than that, an SBC is the best route to go as it does allow voice, set to set.
     
  5. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    If your routers supports NAT properly, each of the phones in remote location may use port 5060 as local SIP port, still the PBX will see them registering from the same public address (of the router), but different ports. If you need to use different local SIP ports on different devices, then router is not supporting full-cone NAT or has SIP ALG enabled.

    If you experience problems with router I would recommend using high-performance and cost-effective routers like MikroTik. They work properly and you can make various kind of tunnels, even Layer2 EoIP tunnel with IPsec, which allows you to use remote phones like being in the same LAN segment as PBX (3CX is able to discover remote phones). The price of MikroTik routers starts from $20.-
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    This is great feedback!

    Based on the feedback and my observations on the network, I have decided to go back to the IPSec VPN between the Cisco Meraki MX and the Sophos UTM. Basically, it seems that I gave up too early on overcoming the QoS issues.

    I didn't fully understand the port implications of using remote extensions and, after reviewing it, I also opted against the SBC solution because adding another point of failure to our home phone system seems like a step in the wrong direction.

    After reverting everything back I am left with the following issues:

    1. Cisco 79xx phone has issues with QoS and seem to loose the bandwidth fight against email and home office applications. In theory, this should be fixable using QoS, but my current attempts have failed. I guess I will need to do some network traffic monitoring to fully understand how QoS is handled over IPSec.

    2. It seems impossible to get Secure SIP to work on Cisco 79xx phones...

    3. Yealink T22P works great on SIP, but has no audio issue on Secure SIP. Not sure what the reason could be since it works just fine for the Yealink W60P with two handsets. Might try a factory reset and open up a separate thread.

    4. Perfectly working Yealink W60P with two handsets. Secure SIP and clear audio!

    Now, the downside is that the Cisco is my office phone and the Yealink W60P is used by the family in the kitchen and upstairs.
     
  7. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    I ended up replacing the Cisco 7975G with a Yealink T46S. I haven't tested secure SIP on that phone yet, but I can make internal and external calls just fine.

    Only issue with that phone is the custom speed dial. Have opened a new thread for that one!

    Thank you for all the feedback!

    sip.bg, I will continue my efforts on the QoS configuration. I also agree with you on secure SIP and RTP not being critical as long as I can use the IPSec VPN. I only got started on that when we started looking into making our extensions external, but that caused more trouble and so we abandoned that.

    At the moment, I am quite sure that I got the configuration on the Cisco Meraki correctly, but I am less sure on the Sophos side due to the IPSec connection being used. I think I will need to open a thread on their forum to get that worked out.
     
Thread Status:
Not open for further replies.