Does the phone have any options for sending "keep-alive" messages - it might be in the advanced SIP options. If it does, try setting the interval to about 20 seconds. Is NAT involved? How can you open port 5060 to two different devices on the LAN?

I don't see any setting for keep-alive on the phone.

Right now I have an access rule that allows all access from external to the IPs of the phones on port 5060. I am not doing any port address translation on it.

Anymore ideas?

Thanks

You are running ISA server so NAT is automatically in place unless you tell it otherwise.
ISA is my speciality but I know nothing on IP telephony so we may have to work the processes here.

You state that you have opened port 5060 inbound, I would also be interested in how you have done this to two devices.

Keith, I know nothing about ISA server so a joint effort would make sense. The IP phone registers itelf with the  remote server by sending a registration request to port 5060. If there are no keep-alive messages sent and it is going through NAT then the session is likely to time out after a few minutes (or whatever the session time limit is on the NAT device). Once the session is timed out, then the remote server will be unable to send any SIP messages back to the phone because the NAT device will block them - that would explain why it can receive calls for only a few minutes after first switched on. It should be possible to use port forwarding on port 5060 to overcome this problem but it is generally much better if the session can be kept up by the phone sending keep-alive messages because it also avoids the other common problem that the remote server tries to open a connection to port 5060 on the private LAN address of the subscribers phone instead of using the public WAN address of their firewall. By the way, getting the SIP messages through is only half the problem because the server and phone then have to open UDP connections on mutually agreed ports for the media streams. IP phones and NAT don't mix easily.

Thanks for all the help. I understand why it is not working, I am just trying to figure out if there is a work around for it.

As for the ISA settings, I just have an firewall policy that allows access from the external port to the internal IPs of the two phones. It is not doing any port address translation, just allowing the activity on that port.

According the tech support at Vocalocity the phones will work behind a NATing device. They are jjust saying that the ports need to be open. The way I understand is that if the port is open that should let the traffic through even without doing any sort of PATing.

Below is the options I have under the Advanced SIP settings on the phones.

Anymore help with this would be great. Thanks

----------------------- Advanced SIP Settings ------------------------
Explicit MWI Subscription Enabled
Explicit MWI Subscription Period  
Send MAC Address in REGISTER Message Enabled
Send Line Number in REGISTER Message Enabled
Session Timer  
T1 Timer  
T2 Timer  
Transaction Timer  
Transport Protocol BOTHUDPTCP
Registration Failed Retry Timer  
Registration Timeout Retry Timer  
Registration Renewal Timer  
BLF Subscription Period  

 
-------------------------------- RTP Settings -------------------------------------------
RTP Port  
Basic Codecs(G.711 u-Law, G.711 a-Law, G.729) Enabled
Force RFC2833 Out-of-Band DTMF Enabled
Customized Codec Preference List  
DTMF Method RTPSIP INFOBOTH
Silence Suppression Enabled
Two Call Support Enabled

Not from me though.

Feptias, the ISA server NATs the internal Ip address of the client device to the first address listed on the external ISA nic.

Feptias,

Sorry, I should have been clearer. The phones do have an internal IPs (192.168.84.34 & 192.168.84.35) and are being NATed from the inside out. So they are going out with the first IP address of the external NIC. Sorry when I said there was no NATing, I meant from the outside in.

Thanks again for your help.

Thanks. I assumed something like this was the case from your earlier comment, but I am trying to convince thinksysinc by going through it from basics.

I did also wonder if ISA server could be configured to work in some kind of "non-NAT mode", but I'm at a disadvantage in not being familiar with it. Some hardware firewalls can be configured for NAT or non-NAT operation - in the latter case the device works like a conventional router and any routers upstream of it must know (through their routing tables) to forward packets to it for the range of addresses that are behind it. There is also the possibility of some kind of one-to-one NAT, but that is still NAT as far as SIP is concerned. Perhaps I just have too much patience, tolerance and understanding for my own good!

thinksysinc, my last comment was posted before I saw your last comment.

thinksysinc, please check out pages 4-21 and 4-22 of the Administrators Guide which explains how to configure the phone when it is behind NAT. You have to tell the phone what the IP address on the external NIC is so it can tell the Vocalocity server to use that address. You may also have to set ports and port forwarding, but try the IP address first and report back.

feptias,

Sounds good. I will check it out and let you know. I am working on another issue right now so it will be later today.

Thanks again for all of your help.

ok. By the way, I strongly advise you to unplug the second IP phone (192.168.84.35) and sort this out for just one to start with. It is not possible to forward port 5060 on the external IP address to two different internal devices at the same time, so if you think you have then you are mistaken. Make sure you are forwarding 5060 to the phone that you are testing - don't translate the port numbers, just make 5060 external forward to 5060 internal at IP address 192.168.84.34. You may also need to do some forwarding on the RTP ports. The phone uses port 3000 by default (page 4-56 in the manual). SIP phones generally use UDP for both the SIP and the RTP media so make sure your port forwarding rules are set for UDP. There's no harm having forwarding rules for TCP too, especially for port 5060.

Good luck.