@kevinl wrote:
What you've proposed definitely sounds possible, but us IT folk know that little details sometimes trip us up 🙂 Do you mind if we start with the essentials? I suspect a routing issue.
From the IP phone's port
- are you able to ping/traceroute the Fortigate in the UK?
- are you able to ping/traceroute the PBX?
The Fortigate needs to have routes back to your IP phone. The other community members have emphasized the importance of ensuring the phone's VLAN subnet is incorporated into the routing on the Meraki side as well.
The traceroute should show your traffic being routed over the site to site VPN, instead of going out through the direct Internet egress (I assume you have split tunnel where local Internet access goes out through Dubai).
Lastly, a packet capture from the Dashboard, capturing SIP traffic on the MX, may help aid in troubleshooting. Apply a wireshark filter to capture just the phone's traffic and you'll be able to see where the SIP session is failing to establish.
PS: Final solution: lobby Meraki really hard to quickly release a new-generation MC phone that works worldwide. 😄 😄 😄
Hi, Many thanks for your reply.
I am able to to trace root to UK from Dubai but only to Private network not public, any public traffic goes over local ISP, so it is split tunnel VPN.
Phone is currently on data VLAN for proof of concept purpose, ones its working - I'll move it away from data vlan.
If i add public IP of PBX to "Non-Meraki VPN peers" private subnet - it looks like routing to PBX from Dubai changes but its stoops onMeraki. Do i need to add PBX public IP to Fortigate suite of VPN as well to allow routing trough VPN (i am going to try this)?