Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 963
  • Last Modified:

Remote SIP Extension

I am attempting to setup a remote extension to Asterisk 1.6 PBX.  Here is what I have so far:

My Asterisk Server is behind a Fortigate50B.  The 50B is giving Asterisk an IP of 10.1.1.7 on the LAN side.  Asterisk has a Virtual IP of 65.255.160.7 on the WAN. (1 to 1 NAT)  Ports 5060 and 10001-20000 forwarding  to all the right places.  In my sip.conf I have:

externip=65.255.160.7
localnet=10.1.1.0/255.255.255.0

[3007]
deny=0.0.0.0/0.0.0.0
secret=#####
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
type=friend
nat=yes
port=5060
qualify=yes
callgroup=
pickupgroup=
dial=SIP/3007
mailbox=3007@default
permit=0.0.0.0/0.0.0.0
callerid=device <3007>
callcounter=yes
faxdetect=no

At my remote site I'm using x-lite to test.  I have a LinksysE3000 with ports 5060 and 10001-20000 forwarding  to my computer with x-lite.  I also have SIP ALG enabled.  x-lite settings:

User ID:3007
Domain:65.255.160.7
Authorization name:3007
Register with Domain is Checked

I can ping 65.255.160.7 and telnet in on port 5060.

My x-lite softphone will not register, so what have I missed?
0
Marinertek
Asked:
Marinertek
2 Solutions
 
naulivCommented:
Let's troubleshoot from different angles:

* Do you get any feedback on the asterisk console ? At the shell prompt, type:
~> asterisk -cvvvvv
and check what's going on when launching x-lite

* Did you forward port TCP or UDP ? You want UDP in there.

* On your asterisk box, iptables firewall might be enabled.
Try this at the shell prompt, and let's see what we got.
~> iptables -L -n

* Let's see if the packets make it to the asterisk box. at the shell prompt type:
~> tcpdump -i eth0 -nn port 5060
(assuming your ethernet card is on eth0; check with ifconfig command)
then start your xlite client. you should see the packets coming in.

* Assuming everything looks good, let's try a simpler user config:

[3007]
type=friend
secret=********
nat=yes
context=from-internal

Good Luck!
0
 
ccomleyCommented:
SIP and NAT are natural enemies.

I see you have a SIP ALG active. Are you sure the ALG in question works? (Some of them don't, sadly!!)

If you have the option, try turning the ALG off and using a STUN server instead!

What do the session log files show on (a) the phone (b) the PBX when the phone triesto register?

If you have Wireshark or similar, try "sniffing" the packets that pass during the attempt to register. You should be able to see if the ALG has correctly translated the IP addresses in the SIP payload or not.

The bad news is,. if you're having troulbe registering you're probably going to have trouble making calls even when you are registered. :(
0
 
MarinertekAuthor Commented:
I'm going to accept Multiple solutions on this one.  Thank you all for the help and it turns out everything I did was correct.  The Fortigate50B needed a graceful reboot, and then everything work and it should.  This was very strange because Fortigate devices use a running config.  Its new firmware so you never know.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now