Solved

Remote SIP Extension

Posted on 2010-09-16
3
928 Views
Last Modified: 2013-12-21
I am attempting to setup a remote extension to Asterisk 1.6 PBX.  Here is what I have so far:

My Asterisk Server is behind a Fortigate50B.  The 50B is giving Asterisk an IP of 10.1.1.7 on the LAN side.  Asterisk has a Virtual IP of 65.255.160.7 on the WAN. (1 to 1 NAT)  Ports 5060 and 10001-20000 forwarding  to all the right places.  In my sip.conf I have:

externip=65.255.160.7
localnet=10.1.1.0/255.255.255.0

[3007]
deny=0.0.0.0/0.0.0.0
secret=#####
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
type=friend
nat=yes
port=5060
qualify=yes
callgroup=
pickupgroup=
dial=SIP/3007
mailbox=3007@default
permit=0.0.0.0/0.0.0.0
callerid=device <3007>
callcounter=yes
faxdetect=no

At my remote site I'm using x-lite to test.  I have a LinksysE3000 with ports 5060 and 10001-20000 forwarding  to my computer with x-lite.  I also have SIP ALG enabled.  x-lite settings:

User ID:3007
Domain:65.255.160.7
Authorization name:3007
Register with Domain is Checked

I can ping 65.255.160.7 and telnet in on port 5060.

My x-lite softphone will not register, so what have I missed?
0
Comment
Question by:Marinertek
3 Comments
 
LVL 7

Accepted Solution

by:
nauliv earned 250 total points
ID: 33698122
Let's troubleshoot from different angles:

* Do you get any feedback on the asterisk console ? At the shell prompt, type:
~> asterisk -cvvvvv
and check what's going on when launching x-lite

* Did you forward port TCP or UDP ? You want UDP in there.

* On your asterisk box, iptables firewall might be enabled.
Try this at the shell prompt, and let's see what we got.
~> iptables -L -n

* Let's see if the packets make it to the asterisk box. at the shell prompt type:
~> tcpdump -i eth0 -nn port 5060
(assuming your ethernet card is on eth0; check with ifconfig command)
then start your xlite client. you should see the packets coming in.

* Assuming everything looks good, let's try a simpler user config:

[3007]
type=friend
secret=********
nat=yes
context=from-internal

Good Luck!
0
 
LVL 16

Assisted Solution

by:ccomley
ccomley earned 250 total points
ID: 33698841
SIP and NAT are natural enemies.

I see you have a SIP ALG active. Are you sure the ALG in question works? (Some of them don't, sadly!!)

If you have the option, try turning the ALG off and using a STUN server instead!

What do the session log files show on (a) the phone (b) the PBX when the phone triesto register?

If you have Wireshark or similar, try "sniffing" the packets that pass during the attempt to register. You should be able to see if the ALG has correctly translated the IP addresses in the SIP payload or not.

The bad news is,. if you're having troulbe registering you're probably going to have trouble making calls even when you are registered. :(
0
 
LVL 5

Author Comment

by:Marinertek
ID: 33719619
I'm going to accept Multiple solutions on this one.  Thank you all for the help and it turns out everything I did was correct.  The Fortigate50B needed a graceful reboot, and then everything work and it should.  This was very strange because Fortigate devices use a running config.  Its new firmware so you never know.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question