Question

Asterisk VoIP server (SIP) behind ISA 2006 (NAT) server

Asked by: gregorybe

Im running an AsteriskNOW server on my internal network (192.168.30.12) and an ISA 2006 server that provides the internet for the internal clients and servers (ISA internal: 192.168.30.10).

Now I want to make it possible for external users (VoIP phones) to connect to my internal Asterisk server using SIP.

Situation:

AsteriskNOW SIP server ---- NAT ISA server > Internet < Cisco NAT router ---- Linksys Voip Phone

I already published the following firewall rules:

1)
name: Asterisk SIP
Action: Allow
Traffic: Protocol: SIP
From: Anywhere
To: 192.168.30.12 ( * request appears to come from original client)
Networks: All networks

2)
name: Asterisk RTP
Action: Allow
Traffic: Protocol: RTP
From: Anywhere
To: 192.168.30.12 ( * request appears to come from original client)
Networks: External

Protocol information:
name: SIP
Parameters:

Primary connections:
- 5060-5082 - TCP - Inbound
- 5060-5082 - UDP - Recieve Send

Secondary connections:
- 5060-5082 - TCP - Outbound
- 5060-5082 - UDP - Send Receive

The IP Phone can register itself with Asterisk but when I trie calling the voicemail number (or another SIP phone)  on the asterisk there is no sound.

When I log traffic with ISA, this appears several times when dialing the voicemail number:
Original Client IP      <Internet IP of ip phone>
Client IP      <Internet IP of ip phone>
Destination IP                           192.168.30.12
Protocol                             RTP
Transport                           UDP
Source Network                     External
Destination Network            Internal
Action                                    Failed Connection Attempt
Rule                                     Asterisk RTP
Log Time                          15/03/2008 13:36
Source Port                        16388
Destination Port               9824
Processing Time                    0
Bytes Sent      0
Bytes Received      0
Result Code      0x80070034 ERROR_DUP_NAME
                                                                                                            


In the Cisco router of the external client that tries to connect, the following Nat Translation is visible when dialing the voice mail number.

Protocol            udp
Inside global            <Internet IP of ip phone>:16399  
Inside local             190.168.1.40:16388
Outside local         <external ISA>:9824
Outside global           <external ISA>:9824

So what does the ERROR_DUP_NAME error means and how can I solve my problem?

Thanks in advance

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-03-15 at 09:43:39ID23244135
Topics

MS Forefront-ISA

,

Voice Over IP

,

Asterisk Open Source Telephony

Participating Experts
3
Points
0
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Asterisk + Braintel
    has anybody configured Asterisk specifically with braintel (a Pakistani voip provider), if not. here is the scenerio. two SIP numbers configured in the Asterisk, if I call on one number, asterisk route the call to another SIP. thanks
  2. asterisk / sip / nat
    I have a pix firewall and an asterisk computer behind it. I have 2 grandstream telephones outside of the pix and behind linksys firewalls. We can dial each other, but we can not hear each other. How do I setup this up to hear each other. Also I have to use qualify=2000 to...
  3. Asterisk (Voip Server) hosting
    Hello guys, Does anyone has an Asterisk server hosted off-site ? Like in those data centers that do web hosting in dedicated servers ? Is there a hosting company that has a special plan to host voip services like this, or usually is hosted in those dedicated servers like ...
  4. Asterisk: converting from sip to IAX2
    How do i beging to setup my asterisk server and phones to work with IAX2 instead of sip
  5. Nokia E51, VoIP, Asterisk
    Hi, Outbound calls are working perfect on VoIP. However, incoming calls do not work. When an incoming call from a outside line are made to the VOIP number. The callers phone ring. The nokia E51 receiver of the call, shows the incoming call on the display, however when a ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: grbladesPosted on 2008-03-15 at 10:19:33ID: 21133467

When using Asterisk you will need to make sure the following ports are redirected to the asterisk server.

SIP - UDP 5060
RTP - UDP 10000-20000

Then within asterisk itself you need to define the l'localip' and either the 'externip' or 'externhost' within sip.conf. This is so that when asterisk detects a call coming from the internet it uses the external IP address within the SIP packets.

 

by: gregorybePosted on 2008-03-15 at 10:41:15ID: 21133554

Sorry, forgot to mention what ports the Asterisk RTP protocol contains

name: RTP
Parameters:

Primay connections:
- 8000-10000 - UDP - Recieve Send
Secondary connections:
- 8000-10000 - UDP - Send Receive

And here is my RTP.CONF
rtpstart=8000
rtpend=10000

And here my SIP.CONF
context=default
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
externip=<external ISA>
nat=yes
localnet=192.168.30.0/255.255.255.0

 

by: grbladesPosted on 2008-03-15 at 15:27:52ID: 21134561

That asterisk config looks fine. So on the ASA you will just need UDP ports 5060 and 8000-10000 forwarded.

Sorry I dont know the ISA but at least you know the asterisk config is ok.

 

by: gregorybePosted on 2008-03-16 at 03:04:41ID: 21136352

Like you can see in my previous posts, these ports are already forwarded:

RTP
Primary connections:
- 8000-10000 - UDP - Recieve Send
Secondary connections:
- 8000-10000 - UDP - Send Receive

SIP
Primary connections:
- 5060-5082 - TCP - Inbound
- 5060-5082 - UDP - Recieve Send

Secondary connections:
- 5060-5082 - TCP - Outbound
- 5060-5082 - UDP - Send Receive


But on the ISA Server the error 0x80070034 ERROR_DUP_NAME occurs with the RTP rule in the logs.

 

by: grbladesPosted on 2008-03-16 at 03:30:08ID: 21136417

Do you have the ISA configured so that it is told you are using the SIP and RTP protocols?
If it is then it may be using some packet inspection and manipulation which is causing the problem.
You might want to forward the ports as generic UDP.

 

by: gregorybePosted on 2008-03-16 at 23:13:17ID: 21140083

No I haven't, I created the protocols manually, so no applied filters

 

by: DrDamnitPosted on 2008-03-17 at 03:03:51ID: 21140866

1. I use Linux for firewalling, and haven't used ISA in quite a while, but if you can, try eliminating all the secondary connections.

HRESULT_FROM_WIN32(ERROR_DUP_NAME)
The call failed because the filter previously called AllowFutureConnect to allow a connection to the same IP address and port.

http://msdn2.microsoft.com/en-us/library/ms828025.aspx

2. Asterisk doesn't like being behind a NAT / Firewall. The easiest way to accomplish what you need is to put the box in a DMZ.

 

by: DrDamnitPosted on 2008-03-29 at 21:55:52ID: 21239656

Did you ever get this resolved?

 

by: gregorybePosted on 2008-03-31 at 02:55:18ID: 21244177

I solved the problem by asking for another public IP.

 

by: Computer101Posted on 2008-05-09 at 17:56:26ID: 21537417

PAQed with points refunded (450)

Computer101
EE Admin

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...