Solved

SIP end point will not register over WAN.

Posted on 2008-10-17
27
1,263 Views
Last Modified: 2013-12-21
Hello,


I have a SwitchVox SMB PBX, this system is based on Asterix. I am trying to configure an end point (Polycom 550) to work over the WAN. I can pull my configs from the public FTP server  and everything looks good. The phone will not register and I do not see any thing on the PBX noting why.

At first I thought that it may be a firewall issue, but when I disable my rules I see the firewall dropping the traffic. If I enable the rules, nothing in the firewall. I opened ports 5060 and 10000 - 10500 to the local IP of my pbx. If I open a vpn tunnel and use a soft phone configured for the local IP of the PBX it works. If I try and use the public IP, its a no go. I have tried from two separate remote networks with the same results.

Any ideas or help is much appreciated.
0
Comment
Question by:bhnmi
  • 12
  • 9
  • 3
  • +2
27 Comments
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743001
DID YOU TRY TO REGISTER WITH A PORT DIFFERENT THAN 5060?tRY TO USE 7070 FOR sip REGISTRATION AND LET ME KNOW
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743022
The PBX is not listening on 7070. The SwitchVox is a Turn Key PBX, I don't have granular control over the services and their perspective ports.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743041
I think you should update your firewall in a manner that all incoming packets on port 5060 should be forwarded to your PBX box
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Author Comment

by:bhnmi
ID: 22743048
The rules were created and are in place.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743088
can you see packets hitting your firewall from outside zone?
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743113
My firewall only logs dropped packets or connections. If I disable the rule and try and have the end point connect I can see the packets being dropped.

So, I know transport to the WAN interface is working. I have a host of other services that work through the firewall.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743141
you have to check carefully your rules...the problem is there...no in the endpoint or the PBX
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743164
I have checked and re-checked.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743211
can you give your PBX a real IP and try?
0
 
LVL 12

Accepted Solution

by:
bhnmi earned 0 total points
ID: 22743380
Ok, so I reflashed my firewall and loaded a backup config. I recreated my sip rules and it works now. What a POS. I think my firewall is dying.

I had literally added, removed, re-added the sip rules multiple times. What was killing me is that if I disabled the rules, I would see the log entry for the dropped packet. I am thinking that it was not forwarding  the packets correctly to my internal network.

Thanks for the help.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743612
Dear moderator,

The author of that question should not have the privilege to close his question like that...I helped him during one hour and I gave him the right answer...I suggest to review carefully the question and my answers and judge what should be done
Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743771
You did not give me the right answer. You told me to check the firewall rules not to reflash the device. So quit crying.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743815
I'm not crying...you should respect the one that help you next time...and you are not giving me points from your wallet
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743861
You didn't help so I don't know what you need points for. You suggested checking my firewall rules. The issue was something with the firewall its self, not the rules.

If read what I posted you will clearly see I had to reapply firmware to my firewall as it was malfunctioning. You said to make sure 5060 was open to the pbx, or to give the pbx a public address, or to change the listening port.

Seems like crying to me.
0
 
LVL 4

Expert Comment

by:palner
ID: 22746957
I object.

If there's a problem in the firewall, how could it not be because of the rules as michofreiha suggested? michofreiha properly identified the problem quickly and professionally. If we are to believe the author, then they would have the duty to report how michofreiha was incorrect. I would request the following information: make/model of firewall, identification of firewall issue, how the issue was resolved. I would hope that the response would accomplish either:

A) Allow me and other experts-exchange users to identify the firewall / setup that the author has had issues with and/or can resolve the problem in the future.

or

B) Properly show that michofreiha was correct. If a re-flash solved it, that means that most likely the rules were not correctly applied in the first place.

Soapbox... I'm seeing a lot of non-experts use this as cheap "do this for me" service instead of exchange of information (it's experts EXCHANGE after all). And attitude lately is ridiculous. The "quit crying" remark is childish.
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22755594
"Seems like crying to me." ....users like that should be banned from Experts-Exchange, this is simply disrespectful
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757582
Crying about points is unprofessional. He recommended checking the firewall rules, this is not what I did. In no way what he recommended effected my trouble shooting. I was just replying to him to be nice as I never intended to follow up in his advice.

I my self, decided to re flash my firewall as I could not explain the behavior. As the rules had been added removed and check more the once prior to us opening a thread here.

I have no problem awarding points to those who earn them. And telling someone they are crying when they are is the truth. This guy thinks he deserves points for asking me to check my rules, please.
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757596
I really don't know what makes people think just because someone opened a thread, they stop trying there own ideas.
0
 
LVL 4

Expert Comment

by:palner
ID: 22757646
Option (a) or (b)...

0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757676
One more thing, as most of you experts who are criticizing me should know, re-flashing a firewall is a last step in the processes.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22757697
I insist that someone from Expert exchange staff check this question and give us his Judgment.

Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757882
If I had checked my rule after he said too and I saw it was the wrong port or target IP, then I would have given him the points. I don't care about the points, I can give out as many as needed. I was already suspect that there was something fishy with my firewall and I could go into detail, but I should not have to give a huge back story to justify myself.

I am a participating member of this forum and when I don't get points I think I should, I don't go up in arms about it. Just because you read a persons post, does not mean you know 100% of the situation or history. I put up a thread here for fresh ideas, while I continued to try my own solutions.
0
 
LVL 4

Expert Comment

by:palner
ID: 22758045
Why are you not describing what firewall you are using?

As you should know, depending on the firewall and os version, opening a port may require a flash.

As I see it, you had a problem.... the person worked with you for an hour and eliminated the other possibilities than the firewall. You then closed the question because "you" found the issue. The expert who helped you eliminated the other possible reasons. If nothing else, their assistance should be provided a thank you, instead of your nonprofessional actions. Everyone has a bad day and sometimes you just can't get it. Regardless of if it was simple or an error you made, it appears to me that the expert helped you. Also, you won't even share the details of your issue with others (like firewall info).

0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22758142
+1 on @palner's post...

I agree with you palner, and my only problem with bhnmi is that he closed the question without any thanks message to who helped him during one hour and drop all other possibilities to him..

I don't need his points and I don't need anything from him...Just a Thank you message was enough to me...Anyway let's close this discussion because it seems that he'll never acknowledge that I helped him and i was right

Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22758232
I have a Sonicwall tz-170. I have had issues with it before. Not routing correctly,rules stop functioning (terminal services,https) and locking up. I want to get a new one, (preferably upgrade) but times are tough. I started a thread here looking for ideas other than what I was thinking.

It not that it was a bad day because it really was not. I can not tell you how many times I and another here had checked the firewall rules. I had removed the services, re added them. Added the rules, removed them and re added them. This is not like I just clicked apply and when nothing worked posted here right away and sat back and waited for the solution to pop up in my inbox.

And you keep citing my nonprofessional actions? I closed the thread in the way I felt was correct. I was not the one who started up saying I should not be able to close my own threads. He should have asked me to clarify my results and how I came to them, before crying fowl and asking for moderator review. I would hope that you, as an active member here Palner, could understand that.
0
 

Expert Comment

by:iprtech
ID: 23929690
I know this has been already closed. However, I just want to share my solution which worked.
I was having a same problem.

I also have Sonicwall 170.

1.      The VOIP devices (which is behind the firewall)  makes a connection to the VOIP server using 5060.
2.      However, when it comes back from the server it uses 5060 (but  the internal destination ports changes to a random number). That is why it is being dropped (I think).
3.      Setting the "EXT SIP port" to 5060 forced the connection to stay with 5060 only (in and out both way) . By default only SIP port is set to 5060.

So, my suggestion is this: look for something like "EXT SIP port" in your VOIP device and set it to "5060."


0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
*67 prefix before phone number as caller id block 2 100
SonicWall hosted VoIP Issues 3 100
Cost effective dual wan w/ qos 5 42
Fax Question in ShoreTel 3 19
There are no good configuration guides for HP-H3C router to LYNC on the web. :( Big statement, but we havent been able to find one yet. We did find the following document useful, but the information was not enough to use H3C router for use as a L…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now