I am working on putting together a dual WAN, "high availability" topology with a pair of 3140's. This will be to support our hosted IP phones, leveraging the SIP proxy functionality. I am using VRRP on my LAN interfaces to facilitate failover for the voice LAN. We have used the SIP proxy functionality on the 3140 for single box, single WAN, and dual WAN builds, but this is the first time we've tried to grow the built to leverage two 3140's.
In my lab, I have successfully achieved IP failover from one box to the other using track statements on my primary 3140's VRRP instance to decrement the VRRP priority. Everything was working swimmingly until I actually went to connect a phone.
I found that with VRRP enabled, the Adtran will not intercept and proxy the SIP traffic. I confirmed this by rebooting the phone several times, watching "debug sip stack messages" and IP policy-sessions. It's as if the Adtran completely ignores SIP traffic sent to the VRRP VIP. As soon as I tear down the VRRP instance and place the default gateway IP on the interface (like I would in a single box build), everything works fine.
Below is my interface config with VRRP:
interface gigabit-eth 0/1.20
description VOIP LAN
vlan-id 20
ip address 10.10.20.252 255.255.255.0
no ip proxy-arp
ip access-policy VOIP-Private
vrrp 1 ip 10.10.20.254
vrrp 1 priority 110
vrrp 1 track HA_FAILOVER decrement 30
media-gateway ip primary
no shutdown
When my phone attempts to register, I see SIP traffic hitting the VRRP VIP on the firewall, but "debug sip stack messages" captures no messages. All I see is:
Policy class "VOIP-Private":
udp (60) -> self
10.10.20.1 5060 10.10.20.254 5060
As soon as I modify the config to a standard, single box interface IP config, the Adtran intercepts and proxies SIP traffic as normal.
interface gigabit-eth 0/1.20
description VOIP LAN
vlan-id 20
ip address 10.10.20.254 255.255.255.0
no ip proxy-arp
ip access-policy VOIP-Private
media-gateway ip primary
no shutdown
Policy class "VOIP-Private":
udp (60) -> self
10.10.20.1 5060 10.10.20.254 5060
udp (39) -> Public-WAN2
192.168.2.252 5060 <my sip server> 5060
Again, this is impacting only SIP traffic. All other standard NAT traffic works great. Does Adtran not support SIP proxy with VRRP?
I can post a more full config if necessary, but my build is fairly cookie cutter based on Adtran's published stateful SIP proxy, dual WAN failover, and VRRP guides.
Thanks!
