Solved

Remote SIP Extension

Posted on 2010-09-16
3
942 Views
Last Modified: 2013-12-21
I am attempting to setup a remote extension to Asterisk 1.6 PBX.  Here is what I have so far:

My Asterisk Server is behind a Fortigate50B.  The 50B is giving Asterisk an IP of 10.1.1.7 on the LAN side.  Asterisk has a Virtual IP of 65.255.160.7 on the WAN. (1 to 1 NAT)  Ports 5060 and 10001-20000 forwarding  to all the right places.  In my sip.conf I have:

externip=65.255.160.7
localnet=10.1.1.0/255.255.255.0

[3007]
deny=0.0.0.0/0.0.0.0
secret=#####
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
type=friend
nat=yes
port=5060
qualify=yes
callgroup=
pickupgroup=
dial=SIP/3007
mailbox=3007@default
permit=0.0.0.0/0.0.0.0
callerid=device <3007>
callcounter=yes
faxdetect=no

At my remote site I'm using x-lite to test.  I have a LinksysE3000 with ports 5060 and 10001-20000 forwarding  to my computer with x-lite.  I also have SIP ALG enabled.  x-lite settings:

User ID:3007
Domain:65.255.160.7
Authorization name:3007
Register with Domain is Checked

I can ping 65.255.160.7 and telnet in on port 5060.

My x-lite softphone will not register, so what have I missed?
0
Comment
Question by:Marinertek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
nauliv earned 250 total points
ID: 33698122
Let's troubleshoot from different angles:

* Do you get any feedback on the asterisk console ? At the shell prompt, type:
~> asterisk -cvvvvv
and check what's going on when launching x-lite

* Did you forward port TCP or UDP ? You want UDP in there.

* On your asterisk box, iptables firewall might be enabled.
Try this at the shell prompt, and let's see what we got.
~> iptables -L -n

* Let's see if the packets make it to the asterisk box. at the shell prompt type:
~> tcpdump -i eth0 -nn port 5060
(assuming your ethernet card is on eth0; check with ifconfig command)
then start your xlite client. you should see the packets coming in.

* Assuming everything looks good, let's try a simpler user config:

[3007]
type=friend
secret=********
nat=yes
context=from-internal

Good Luck!
0
 
LVL 17

Assisted Solution

by:ccomley
ccomley earned 250 total points
ID: 33698841
SIP and NAT are natural enemies.

I see you have a SIP ALG active. Are you sure the ALG in question works? (Some of them don't, sadly!!)

If you have the option, try turning the ALG off and using a STUN server instead!

What do the session log files show on (a) the phone (b) the PBX when the phone triesto register?

If you have Wireshark or similar, try "sniffing" the packets that pass during the attempt to register. You should be able to see if the ALG has correctly translated the IP addresses in the SIP payload or not.

The bad news is,. if you're having troulbe registering you're probably going to have trouble making calls even when you are registered. :(
0
 
LVL 5

Author Comment

by:Marinertek
ID: 33719619
I'm going to accept Multiple solutions on this one.  Thank you all for the help and it turns out everything I did was correct.  The Fortigate50B needed a graceful reboot, and then everything work and it should.  This was very strange because Fortigate devices use a running config.  Its new firmware so you never know.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Zaptel people (www.zaptel.com) got kind of annoyed with the fact that they were getting bombarded with searches for the zaptel driver system for Asterisk (not to mention they own the trademark on zaptel). So, they kindly requested that Digium ch…
So you think no one can listen in on your VOIP conversations, eh? Well... if you haven't setup Secure Real Time Transport (SRTP), your voice communications can be hacked into by just about anyone! First, let's talk about the intended audience for…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question