Solved

SIP end point will not register over WAN.

Posted on 2008-10-17
27
1,261 Views
Last Modified: 2013-12-21
Hello,


I have a SwitchVox SMB PBX, this system is based on Asterix. I am trying to configure an end point (Polycom 550) to work over the WAN. I can pull my configs from the public FTP server  and everything looks good. The phone will not register and I do not see any thing on the PBX noting why.

At first I thought that it may be a firewall issue, but when I disable my rules I see the firewall dropping the traffic. If I enable the rules, nothing in the firewall. I opened ports 5060 and 10000 - 10500 to the local IP of my pbx. If I open a vpn tunnel and use a soft phone configured for the local IP of the PBX it works. If I try and use the public IP, its a no go. I have tried from two separate remote networks with the same results.

Any ideas or help is much appreciated.
0
Comment
Question by:bhnmi
  • 12
  • 9
  • 3
  • +2
27 Comments
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743001
DID YOU TRY TO REGISTER WITH A PORT DIFFERENT THAN 5060?tRY TO USE 7070 FOR sip REGISTRATION AND LET ME KNOW
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743022
The PBX is not listening on 7070. The SwitchVox is a Turn Key PBX, I don't have granular control over the services and their perspective ports.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743041
I think you should update your firewall in a manner that all incoming packets on port 5060 should be forwarded to your PBX box
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743048
The rules were created and are in place.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743088
can you see packets hitting your firewall from outside zone?
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743113
My firewall only logs dropped packets or connections. If I disable the rule and try and have the end point connect I can see the packets being dropped.

So, I know transport to the WAN interface is working. I have a host of other services that work through the firewall.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743141
you have to check carefully your rules...the problem is there...no in the endpoint or the PBX
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743164
I have checked and re-checked.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743211
can you give your PBX a real IP and try?
0
 
LVL 12

Accepted Solution

by:
bhnmi earned 0 total points
ID: 22743380
Ok, so I reflashed my firewall and loaded a backup config. I recreated my sip rules and it works now. What a POS. I think my firewall is dying.

I had literally added, removed, re-added the sip rules multiple times. What was killing me is that if I disabled the rules, I would see the log entry for the dropped packet. I am thinking that it was not forwarding  the packets correctly to my internal network.

Thanks for the help.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743612
Dear moderator,

The author of that question should not have the privilege to close his question like that...I helped him during one hour and I gave him the right answer...I suggest to review carefully the question and my answers and judge what should be done
Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22743771
You did not give me the right answer. You told me to check the firewall rules not to reflash the device. So quit crying.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22743815
I'm not crying...you should respect the one that help you next time...and you are not giving me points from your wallet
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Author Comment

by:bhnmi
ID: 22743861
You didn't help so I don't know what you need points for. You suggested checking my firewall rules. The issue was something with the firewall its self, not the rules.

If read what I posted you will clearly see I had to reapply firmware to my firewall as it was malfunctioning. You said to make sure 5060 was open to the pbx, or to give the pbx a public address, or to change the listening port.

Seems like crying to me.
0
 
LVL 4

Expert Comment

by:palner
ID: 22746957
I object.

If there's a problem in the firewall, how could it not be because of the rules as michofreiha suggested? michofreiha properly identified the problem quickly and professionally. If we are to believe the author, then they would have the duty to report how michofreiha was incorrect. I would request the following information: make/model of firewall, identification of firewall issue, how the issue was resolved. I would hope that the response would accomplish either:

A) Allow me and other experts-exchange users to identify the firewall / setup that the author has had issues with and/or can resolve the problem in the future.

or

B) Properly show that michofreiha was correct. If a re-flash solved it, that means that most likely the rules were not correctly applied in the first place.

Soapbox... I'm seeing a lot of non-experts use this as cheap "do this for me" service instead of exchange of information (it's experts EXCHANGE after all). And attitude lately is ridiculous. The "quit crying" remark is childish.
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 22755594
"Seems like crying to me." ....users like that should be banned from Experts-Exchange, this is simply disrespectful
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757582
Crying about points is unprofessional. He recommended checking the firewall rules, this is not what I did. In no way what he recommended effected my trouble shooting. I was just replying to him to be nice as I never intended to follow up in his advice.

I my self, decided to re flash my firewall as I could not explain the behavior. As the rules had been added removed and check more the once prior to us opening a thread here.

I have no problem awarding points to those who earn them. And telling someone they are crying when they are is the truth. This guy thinks he deserves points for asking me to check my rules, please.
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757596
I really don't know what makes people think just because someone opened a thread, they stop trying there own ideas.
0
 
LVL 4

Expert Comment

by:palner
ID: 22757646
Option (a) or (b)...

0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757676
One more thing, as most of you experts who are criticizing me should know, re-flashing a firewall is a last step in the processes.
0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22757697
I insist that someone from Expert exchange staff check this question and give us his Judgment.

Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22757882
If I had checked my rule after he said too and I saw it was the wrong port or target IP, then I would have given him the points. I don't care about the points, I can give out as many as needed. I was already suspect that there was something fishy with my firewall and I could go into detail, but I should not have to give a huge back story to justify myself.

I am a participating member of this forum and when I don't get points I think I should, I don't go up in arms about it. Just because you read a persons post, does not mean you know 100% of the situation or history. I put up a thread here for fresh ideas, while I continued to try my own solutions.
0
 
LVL 4

Expert Comment

by:palner
ID: 22758045
Why are you not describing what firewall you are using?

As you should know, depending on the firewall and os version, opening a port may require a flash.

As I see it, you had a problem.... the person worked with you for an hour and eliminated the other possibilities than the firewall. You then closed the question because "you" found the issue. The expert who helped you eliminated the other possible reasons. If nothing else, their assistance should be provided a thank you, instead of your nonprofessional actions. Everyone has a bad day and sometimes you just can't get it. Regardless of if it was simple or an error you made, it appears to me that the expert helped you. Also, you won't even share the details of your issue with others (like firewall info).

0
 
LVL 9

Expert Comment

by:michofreiha
ID: 22758142
+1 on @palner's post...

I agree with you palner, and my only problem with bhnmi is that he closed the question without any thanks message to who helped him during one hour and drop all other possibilities to him..

I don't need his points and I don't need anything from him...Just a Thank you message was enough to me...Anyway let's close this discussion because it seems that he'll never acknowledge that I helped him and i was right

Regards
0
 
LVL 12

Author Comment

by:bhnmi
ID: 22758232
I have a Sonicwall tz-170. I have had issues with it before. Not routing correctly,rules stop functioning (terminal services,https) and locking up. I want to get a new one, (preferably upgrade) but times are tough. I started a thread here looking for ideas other than what I was thinking.

It not that it was a bad day because it really was not. I can not tell you how many times I and another here had checked the firewall rules. I had removed the services, re added them. Added the rules, removed them and re added them. This is not like I just clicked apply and when nothing worked posted here right away and sat back and waited for the solution to pop up in my inbox.

And you keep citing my nonprofessional actions? I closed the thread in the way I felt was correct. I was not the one who started up saying I should not be able to close my own threads. He should have asked me to clarify my results and how I came to them, before crying fowl and asking for moderator review. I would hope that you, as an active member here Palner, could understand that.
0
 

Expert Comment

by:iprtech
ID: 23929690
I know this has been already closed. However, I just want to share my solution which worked.
I was having a same problem.

I also have Sonicwall 170.

1.      The VOIP devices (which is behind the firewall)  makes a connection to the VOIP server using 5060.
2.      However, when it comes back from the server it uses 5060 (but  the internal destination ports changes to a random number). That is why it is being dropped (I think).
3.      Setting the "EXT SIP port" to 5060 forced the connection to stay with 5060 only (in and out both way) . By default only SIP port is set to 5060.

So, my suggestion is this: look for something like "EXT SIP port" in your VOIP device and set it to "5060."


0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
qos voice marking not seeing from ISP 6 61
Analog Phone 2 69
Issues with Hosted 3CX 1 65
How to Setup A Cisco 3560 for VoIP 4 33
Implementing Avaya's One-X portal is pretty painless, until you want to deploy this to the Android and iPhone clients when these clients are outside of your network. The clients will also work within your local network. Here is our experience and so…
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now