IP Routes for Asterisk PBX

Dear all,

the problem that I am experiencing might be a pretty simple for you. I have a local network, which consists of an ADSL modem (Allied Data CopperJet 1612), a DSL/Cable Firewall (Netgear Prosafe/Firewall FR3285) and a Netgear Gigabit switch. Also, I have purchased a range of dedicated IPs (8 IP Addresses).

In a local server, I have installed Asterisk PBX. All internal SIP phones work smoothly and call eachother without any problems. However, it is impossible to receive incoming calls from the service providers, which are declared in the system. I suppose that we have to create a route, which will get over the ADSL modem, the firewall and connect to the server.

How can I create such an route?

Thank you in advance.
LazaroWolfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Have you configured your firewall to allow inbound traffic as needed?
0
LazaroWolfAuthor Commented:
Thanks for your reply. Unfortunately, Allied Data Copperjet & Netgear Firewall include two separate firewalls, which have to appropriately be configured. Hence, this issue becomes extremely complicated. From which firewall should I start..? Any particular advice? Thank you.
0
giltjrCommented:
You need to do both.  You need to figure out which protocols (TCP vs. UDP) and ports (example H.232 uses 1720 and 1721) you are going to be using.

Then on each firewall you need to allow the protocol and ports to/from your Asterisk server.  The IP addresses you use for the Asterisk server will depend on where you are doing your NAT.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

nociSoftware EngineerCommented:
besides these ports, the protocols also negitiate other ports to transport the data, which optionaly need natting & opening up ..., you might need a modem/firewall  with sip proxy functionality.
0
LazaroWolfAuthor Commented:
Well, there is no extra financing to additional equipment, so we have to deal with the situation as is. Could you help on which ports should I direct to that particular Asterisk server? Thanks!
0
giltjrCommented:
If you are doing SIP over the Intenet you need to verify how Asterisk uses it.

SIP uses TCP and/or UDP port 5060, so you can start by forwarding these to the Asterisk server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nociSoftware EngineerCommented:
And SIP uses RTP to transmit/receive sound etc.
The RTP ports are negotiated using SIP.
It's the RTP that makes it difficult, not SIP.
So you need something that create dynamic NAT rules for RTP.
0
giltjrCommented:
He could setup the one PC to be a "DMZ" PC and all inbound connection requests go to it.
0
nociSoftware EngineerCommented:
isn't RTP allowed to go from one end point to the other directly without passing the chain of SIP handling? So traffic from Phone P dials through asterisk server A to target T, SIP follows that line, but RTP goes from P to T directly?
0
nociSoftware EngineerCommented:
Solution of giltjr is incomplete. RTP doesn't need to go the same path as SIP per se...
0
VenabiliCommented:
Yeah but it gets the asker started on the solution pretty nicely and without the asker it is as good as it can go - I wondered between delete and accept but still think that is a good enough solution... Although reading this again - it should be a split I suspect.

Can you object so the mods can restart it properly?
0
nociSoftware EngineerCommented:
See above comments.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IP Telephony

From novice to tech pro — start learning today.