Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Remote SIP Extension

Posted on 2010-09-16
3
Medium Priority
?
953 Views
Last Modified: 2013-12-21
I am attempting to setup a remote extension to Asterisk 1.6 PBX.  Here is what I have so far:

My Asterisk Server is behind a Fortigate50B.  The 50B is giving Asterisk an IP of 10.1.1.7 on the LAN side.  Asterisk has a Virtual IP of 65.255.160.7 on the WAN. (1 to 1 NAT)  Ports 5060 and 10001-20000 forwarding  to all the right places.  In my sip.conf I have:

externip=65.255.160.7
localnet=10.1.1.0/255.255.255.0

[3007]
deny=0.0.0.0/0.0.0.0
secret=#####
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
type=friend
nat=yes
port=5060
qualify=yes
callgroup=
pickupgroup=
dial=SIP/3007
mailbox=3007@default
permit=0.0.0.0/0.0.0.0
callerid=device <3007>
callcounter=yes
faxdetect=no

At my remote site I'm using x-lite to test.  I have a LinksysE3000 with ports 5060 and 10001-20000 forwarding  to my computer with x-lite.  I also have SIP ALG enabled.  x-lite settings:

User ID:3007
Domain:65.255.160.7
Authorization name:3007
Register with Domain is Checked

I can ping 65.255.160.7 and telnet in on port 5060.

My x-lite softphone will not register, so what have I missed?
0
Comment
Question by:Marinertek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
nauliv earned 1000 total points
ID: 33698122
Let's troubleshoot from different angles:

* Do you get any feedback on the asterisk console ? At the shell prompt, type:
~> asterisk -cvvvvv
and check what's going on when launching x-lite

* Did you forward port TCP or UDP ? You want UDP in there.

* On your asterisk box, iptables firewall might be enabled.
Try this at the shell prompt, and let's see what we got.
~> iptables -L -n

* Let's see if the packets make it to the asterisk box. at the shell prompt type:
~> tcpdump -i eth0 -nn port 5060
(assuming your ethernet card is on eth0; check with ifconfig command)
then start your xlite client. you should see the packets coming in.

* Assuming everything looks good, let's try a simpler user config:

[3007]
type=friend
secret=********
nat=yes
context=from-internal

Good Luck!
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 1000 total points
ID: 33698841
SIP and NAT are natural enemies.

I see you have a SIP ALG active. Are you sure the ALG in question works? (Some of them don't, sadly!!)

If you have the option, try turning the ALG off and using a STUN server instead!

What do the session log files show on (a) the phone (b) the PBX when the phone triesto register?

If you have Wireshark or similar, try "sniffing" the packets that pass during the attempt to register. You should be able to see if the ALG has correctly translated the IP addresses in the SIP payload or not.

The bad news is,. if you're having troulbe registering you're probably going to have trouble making calls even when you are registered. :(
0
 
LVL 5

Author Comment

by:Marinertek
ID: 33719619
I'm going to accept Multiple solutions on this one.  Thank you all for the help and it turns out everything I did was correct.  The Fortigate50B needed a graceful reboot, and then everything work and it should.  This was very strange because Fortigate devices use a running config.  Its new firmware so you never know.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question