Solved

NO AUDIO ON VOICEFLEX SIP TRUNK WITH ALCATEL OMNI PCX (WATCHGUARD X750e)

Posted on 2010-09-11
17
1,748 Views
Last Modified: 2012-05-10
Hello all - I have an annoying problem with SIP calls. the call goes through but no audio in both directions. Apparently you cant add a stun setting on the omni PCX? Apparently the PABX is passing the local 192.168.1.x address to the SIP provider, however noone seems to know a resolution! Will give 500 points as rtearing my hair out now!

Thanks
0
Comment
Question by:datafocus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
17 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33656019
HI,

Please show the netwrork topology...
0
 
LVL 6

Expert Comment

by:dinkon4u
ID: 33658277
Place/Enable Session Border Controller in between Provider and your PBX.
I know cisco has device for SBC.
HTH
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33659109
Do you get any deny messages in the System Manager->Traffic monitor when this happens; this would help understand if firewall is blocking any traffic.

Few questions:
1. Is NAT configured for PBX.
2. If yes, then what type, dynamic or 1-1.
3. Which policy is configured on firewall.

If feasible for testing configure ANY policy and 1-1 NAT and check if this helps.

Thank you.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 

Author Comment

by:datafocus
ID: 33660292
Hi,
Yes - tried ANY first - calls come up but no Audio. Tried Dynamic & 1 to 1 NAT...
have set logging but nothing seems to get allowed or denied in traffic manager.
Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33660475
If possible put PBX outside the firewall and then check the behavior.

Thank you.
0
 

Author Comment

by:datafocus
ID: 33660808
Hi,
Not really possible. Voiceflex are saying the PABX is advertising its internal IP & this is clearly what the problem is... What I need to know is how to get it to display the external IP.
However, Alcatel doesnt have a STUN setting & Watchguard say this isnt possible?
 
Any one any ideas?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33660958
Sorry dont think this comment is of much help to you but still putting it:

As you said PABX is on private IP; so it must be using firebox external interface IP by default; if you setup 1-1 NAT then it would advertise the 1-1 NAT public IP.

Am not sure if this is an option; but can you open web browser on PABX and go to http://www.whatismyip.com; this would show the public IP of PABX as seen to everyone. OR may be initiate any session from PABX and do packet capture on external interface of firebox and see what the packets have as the source IP for the specific port/protocol/destination.

Thank you.
0
 

Author Comment

by:datafocus
ID: 33661456
The SIP Provider states that it is advertising the PRIVATE ip....
Thanks

policy.PNG
advanced.PNG
0
 

Author Comment

by:datafocus
ID: 33661458
When I change to 1 to 1 NAT it no longer makes or receives calls....
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33661521
Do not configure policy based NAT. Revert to "Use Network NAT Settings".

Current policy only allows outbound traffic from internal host 192.168.1.246 to external host 146.x.x.x.

Assuming you wish to allow all inbound traffic from 146.x.x.x to 217.y.y.202, add 1-1 NAT and add one more ANY service and configure as below:
Enabled and allowed; from 146.x.x.x; to 217.y.y.202

To ensure 1-1 NAT is configured properly, please look at link below:
http://watchguard.custhelp.com/app/answers/detail/a_id/1545/kw/1-1%20NAT/p/214%2C215/sno/1

Finally make sure that 217.y.y.202 IP is not listed under external alias [used for static NAT]:
http://watchguard.custhelp.com/app/answers/detail/a_id/1497/kw/adding%20external%20alias

Thank you.
0
 

Author Comment

by:datafocus
ID: 33663972
202 is the main IP address - i.e. not an alias. Is this what you mean?
0
 

Author Comment

by:datafocus
ID: 33664029
So I have created a separate outbound policy as below... with 1 to 1 NAT
nat-SIPRTP.JPG
0
 

Author Comment

by:datafocus
ID: 33664043
Policy
sip-RTP.JPG
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 33664070
202 is the public IP of firebox external interface; then you cannot use it for 1-1 NAT and also the incoming part of the service would not get configured the way explained above.

I thought you have .202 dedicated only for PBX. If so, then ensure that .202 is not added as alias [to be used in policies using static NAT (what I tried to list in the my earlier post)].

Most of times PAT causes problems with voice protocols hence using 1-1 NAT is preferred but for 1-1 NAT you must have one public IP dedicated only for PBX other than the public IP of your firebox.

Let me know if I got you confused.

Thank you.
0
 

Author Comment

by:datafocus
ID: 33664229
Are you saying I need a spare IP that is not an alias? I dont have any spare.
0
 

Author Closing Comment

by:datafocus
ID: 33664459
Great! Thanks for that. I think it was just the alias thing I hadnt tried... works fine with an aliased IP.

Thanks for your help!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 33668563
Welcome; Happy to be of assistance.

Thank you.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 157
Clarification about access via WAN 6 45
svi stops eigrp advertisement 13 64
VLAN access port question 3 33
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question