[mhillerbrand]

Some time ago I set up an Asterisk server in the DMZ of a WRT54G router (w/Sveasoft). I use Teliax for both in and outbound connection to PSTN. I used SPA 3000; Xlite, etc., behind the same router without problem. Just bought a new Polycom301 (from Voxilla Store), set it up and it tested OK behind the same server as the * server. Took the Polycom and Xlite to my remote office (behind another WRT54G with Sveasoft) and can only get inbound ring, but no connection on answer. Outbound doesn't work either. "Sip show peers" shows XLite and Polycom registered, but the NAT column on the CLI output has "N", even with NAT=yes in sip.conf. I will only have one SIP phone at this office (the Polycom). Does anyone have an idea for a quick fix to get the phone working? I had the idea of putting the Polycom in the DMZ of the remote office router, but wasn't sure if it would work or how exactly to do it. Maybe something easier? Thanks everybody! Mike.

[joshbaptiste]

hmm seems like an rtp issue if your getting one way audio, try forwarding the udp port range that is defined in rtp.conf to your * server.

[mhillerbrand]

Thanks, Josh: Per your suggestion, I did the port forwarding on the WRT54G router that is along side the Asterisk Server, using the ip address of the server in the router settings and the range (10000-20000) from rtp.conf. Unfortunately, it didn't help. Should I be doing any port frowarding on the router on the other side--the one in front of the SIP phone? Thanks, Mike!!!

[isepic]

Quote:

Originally Posted by mhillerbrand

Thanks, Josh: Per your suggestion, I did the port forwarding on the WRT54G router that is along side the Asterisk Server, using the ip address of the server in the router settings and the range (10000-20000) from rtp.conf. Unfortunately, it didn't help. Should I be doing any port frowarding on the router on the other side--the one in front of the SIP phone? Thanks, Mike!!!

just curious, do you have nat=1 / nat=yes on both asterisk extension and the phone?

using SIP accross NAT = not so great, using NAT on both sides won't work at all (so far as I know, go the same prob as you)...

I just use asterisk via IAX2 (it goes through nat just fine) and have my sip devices all behind the FW - use IAXY device for phones outside of my local network (goes through nat just fine becuase it uses iax instead of sip)

Hope this helps.

[mberlant]

My Asterisk is in the DMZ of its associated NAT router. In addition, in sip.conf I have set externip=myservername.com and have a cron job that reloads sip.conf once every 10 minutes, so that the IP address is updated automatically whenever my ISP changes it on me.

With these settings in place I have no problems at all with client ATAs sitting behind individual NAT routers at their various locations around the world (as well as behind the same NAT router). I have Sipuras, Grandstreams, X-Lites and X-Pros, SJPhones and other Asterisks subscribed to my Asterisk from behind Linksys, D-Link, Netgear, Buffalo and Amtel routers of their own, all without problem.

[mhillerbrand]

Thanks mberlant!

I implemented the following suggestion/posting from the Polycom forum (same as yours) and it works great with the exception that sometimes when calls are sent from the * server to the Sip Phone, it doesn't ring, but still works for calls from SIP to the PSTN through *. Maybe the cron job is the solution? Also, should I be setting up a separate port for each SIP device or can everything be sent through 5060 w/o problems? Thanks everybody!! Mike.

===============
'm in the process of setting up remote phones too. I have SPA841 working, I haven't tried a Polycom yet. My research says you need the following in your sip.conf file:
externip= <external ip address of * box or router>
localnet=192.168.1.24/255.255.255.0 <internal IP address of * box>
===============

[mhillerbrand]

Hey Mberlant:

Just after my last post, I noticed your post in the general forum (http://voxilla.com/forum-viewtopic-t...ight-dead.html) explaining potential multiple SIP registrations problems (it was helpful-thanks!), which I am wondering if it is related to my problem/question above about ports. On the Asterisk server side is there anything that needs to be done to avoid this problem other than the standard sip.conf stuff? Mike.

[MillsapsPE]

Quote:

Originally Posted by mhillerbrand

Thanks mberlant!

I implemented the following suggestion/posting from the Polycom forum (same as yours) and it works great with the exception that sometimes when calls are sent from the * server to the Sip Phone, it doesn't ring, but still works for calls from SIP to the PSTN through *. Maybe the cron job is the solution? Also, should I be setting up a separate port for each SIP device or can everything be sent through 5060 w/o problems? Thanks everybody!! Mike.

Have you been able to narrow down the situations which calls ring and which ones don't? I know I have experienced this and also read it here somewhere that when calling from one Polycom to another, the Polycom won't ring unless the caller is in your directory.

[mhillerbrand]

I have been trying all day to figure it out. It seems intermittent. I have been testing by dialing my Teliax DID (this is a business phone system) and sometimes it rings through to the SIP phone (located on another network) and sometimes not. It consistently works for outbound. If I "reboot" the Polycom, it seems to work again. I am wondering if there is some kind of conflict with my SPA3000 at my home office, or the need to register with a CRON job per Mberlant's suggestion, or other? It seems like what is happening is the opposite of the NAT transversal issue of getting a call signal, but no sound (I get sound, but no signal). I am also seeing the following error message (possibly related??) in my CLI> output:

Aug 9 20:08:54 WARNING[5780]: chan_sip.c:1046 retrans_pkt: Maximum retries exceeded on call 365403d245c6ebdb06a69aa723f34d5a@208.139.204.228 for seqno 102 (Critical Response)

Thanks everybody! Mike.

[mberlant]

A few things. First, I neglected to feed you the crontab line. This will save you working it up yourself. So you know, every time sip.conf is reloaded it goes out and resolves the FQDN in externip= to its current IP address. Since I never know when my ISP is going to reset my PPPoE and give me a new address I have it checking and reloading every 10 minutes.

01,11,21,31,41,51 * * * * /usr/sbin/asterisk -r -x 'sip reload'

As to your port concerns - don't be. All of your SIP clients behind a router (just like any other kind of client) sends a session request that specifies the destination IP address and port number (www.google.com:80, sip.myasterisk.net:5060, etc.) and identifies the LAN return address of the originator (192.168.1.50:80, 192.168.1.66:5066, etc.). Your router, as it passes the request out to the public internet, replaces the private IP address in the "return address" field with the router's public IP address and then looks at the port number that the originator is listening on. If this port number is available at the moment on the public interface most routers will allow that port number's use. If the port number is already occupied in another session the router will assign a different port number for replies to be accepted on. Needless to say, the router keeps track of all of these temporary dynamic routings.

It is by this scheme that you can have 20 screens open with Google on 7 different computers and none of these 20 conversations, despite having identical originating and destination public IP addresses, will end up with "crossed wires". Likewise, this is how you can have 5 different ATAs or SIP phones behind the same router, all registered with the same Asterisk server, and they will not interfere with each other.

I've said it before, but it bears repeating - I have never needed to manually forward any ports through any NAT router in order to support any SIP client(s). This has been with many different router makes and models, and the only constraint that I must have avoided is that none of these routers is Symmetric NAT, which will interfere with STUN's operation. While most of these routers have been under my control at locations owned by myself or my clients, many of these routers were absolutely inaccessible to me (airports, hotels, cafes, corporate networks, retail store networks, etc.).

The situation in my own home is this: Asterisk in the DMZ behind a Linksys WRT54GS. I have 37 service registrations to about 20 different service providers running through the Asterisk. In addition, I have 28 extensions currently in operation (9 are behind the same NAT router and 19 are elsewhere around the world). All 28 extensions, both internal and external, register with the Asterisk via the Asterisk's Dynamic DNS FQDN.

This is what works for me.