Solved

Multiple SIP handsets on a LAN connecting to Asterisk Server

Posted on 2011-03-23
16
646 Views
Last Modified: 2012-05-11
We have 5 x SNOM 300 Handsets connnected on a LAN to a hosted Asterisk FreePBX and are having problems getting any of them to register with the Asterisk box.

I had assumed that this was because they were all using port 5060, so I set a forward up for port 5061 on the gateway and changed one of the handsets to use port 5061 to test it but this still didnt connect. There is no firewall enabled.

In the trace on the phone it suggests it is also using port 52306 in the negotiating which I guess will not work as there is no port forwarding for this port, and not sure there should be?

Do we need to use individual ports and port forwarding? The stun server settings seem to be working as the IP address each phone is sending is the correct one.

0
Comment
Question by:andrew_2706
  • 7
  • 4
  • 3
  • +1
16 Comments
 
LVL 32

Expert Comment

by:DrDamnit
ID: 35197590
Your first step is not to change ports, it is actually to look at the CLI, and see if registrations are being attempted.

Have you logged into the CLI for the FreePBX box and looked at that?
0
 

Author Comment

by:andrew_2706
ID: 35198017
Sorry but I don't know how perform a sip trace on the FreePBX in order to see if a registration attempt is been made.
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 35198051
cli is
sip show peers

if nat=yes ,, change it to no
then try

0
 
LVL 11

Expert Comment

by:jfaubiontx
ID: 35198105
You said the Asterisk server is hosted. Is it behind a firewall and not seeing the registrations? At the site all phones using port 5060 is the inteneded config. They request their registration by sending the packet to the server on port 5060. The router at the site will assign a return port (in the case you show it is port 52306) which the router uses to know which phone to send the return packet to. Do you have command line access to the Asterisk server? If not, do you have the rights to install the Asterisk CLI module for FreePBX? Let me know which and I'll send the instructions to watch the registration attempt on Asterisk.  
0
 

Author Comment

by:andrew_2706
ID: 35198188
Sorry probably should of said, phones did work at another location without any changes to firewall, now change of location and a different firewall and they don't work. They will make outgoing calls but not inbound and don't show as registered on pbx, there is no firewall on pbx.
I can see a tab on the pbx for Asterisk CLI.
0
 
LVL 11

Expert Comment

by:jfaubiontx
ID: 35198235
Does the extension have a permit entery that is onlt allowing the pervious address?
0
 

Author Comment

by:andrew_2706
ID: 35198322
Sorry not sure what you mean
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 32

Expert Comment

by:DrDamnit
ID: 35198499
First look into the NAT checkbox in FreePBX for the extension. If Checked, uncheck. If unchecked, check.

If that doesn't do it, bottom line, we need CLI access to figure out what's going on.

If you have root access to the box, then please use the following procedure to create a log file of the Asterisk CLI:

1. Open the CLI using this:

       asterisk -rvvvvvv | tee /var/log/asterisk.log

This puts the a debug log into the file /var/log/asterisk.log

2. Reproduce the problem.
3. Make calls
4. Exit the CLI after you get the error.
5. Post the log here (as "code" or as an attachment).

If not, please install the CLI module as stated by jfaubiontx.
0
 

Author Comment

by:andrew_2706
ID: 35198792
CLI module is installed, anyone know the commands please?
0
 
LVL 32

Expert Comment

by:DrDamnit
ID: 35198936
SIP SHOW PEERS would be the first one to check.

Other than than, please see if you can throw the CLI output to a log, and reproduce the problem so you can post it here for us to look at.
0
 
LVL 11

Expert Comment

by:jfaubiontx
ID: 35199276
Let me back up a bit here. To clarify, you have a hosted Asterisk/FreePBX server that has a static public IP address without a NAT router. The phones were working at a previous remote site. You have moved the phones to a new site where they no longer register with the Asterisk/FreePBX server. You also mentioned that a STUN server was being used. To be clear we are assuming the IP address for the Asterisk/FreePBX server has not changed, the STUN server has not changed, and that the IP address of the router at the remote location has changed. If any of this is not correct, please let me know. To further clarify, a STUN server is used by the remote phone to identify it's public IP address for connecting to the Asterisk/FreePBX server. These are used to help with traversing a NAT router. We find these are often unnecessary when dealing with Asterisk unless both are behind a NAT firewall.

In the snom phone, you should set the account to the extension number being assigned to the phone, next put the public IP address of the Asterisk/FreePBX server in the registrar field on the snom. The port should remain at 5060 unless the Asterisk/FreePBX has been changed to use a different port. Enter the password for the account. The phone should then register to the Asterisk/FreePBX server. If not, I would go to FreePBX->Extensions and then to the extension your working with. Make sure the Deny field is set to 0.0.0.0/0.0.0.0 and the permit field is set to 0.0.0.0/0.0.0.0. At least initially. Once registered you could configure the permit field for the remote router address (if static) or the range of IP addresses the router could get (if dynamically allocated) ad this would help to further secure the Asterisk/FreePBX system but that's another issue. Since the Asterisk/FreePBX is not behind a firewall, changing the NAT setting won't make a lo of difference and really won't affect registration as much as it would the RTP or audio path.

Since you're using a hosted Asterisk/FreePBX, you may not have access to the command line of the server. If not, go to the FreePBX->Tools->Asterisk CLI. In the command box enter "sip show peers" without the quotes. See if the list has the extension your working with has an IP address listed and if so is it the IP address on the remote router? Unfortunately the Asterisk CLI module will not allow you to enable and watch a SIP debug. So you will either need to get access to the command line or enlist the help of the hosted provider to have them debug the connection. If you do get access to the command line, enter "asterisk -vvvr" (that is three lower case V). Once in enter "sip set debug ip <ip_addr>" where <ip_addr> is the WAN IP address of the remote router. Look for the SIP 2.0 messages. If your not seeing any messages at all, then you could have a routing or firewall issue such that the packets are not getting to the server or the wrong IP addresses entered. If you're getting SIP 2.0/401 Unauthorized messages check to make sure your secrets match. If ou have SIP 2.0/404 then make sure you have the right account or extension entered in the snom. If your getting something else capture it and paste it here for further review.
0
 

Author Comment

by:andrew_2706
ID: 35205267
Thanks for that it's got me confused, but in a good way!

I've run sip set debug and although I don't see a lot of registration attempts when I do it's showing as 401 Unauthorized. And that's why I'm confused as the authorization name and password has not changed on the handsets, I've even tried to re enter the password but registration still fails!!
0
 

Accepted Solution

by:
andrew_2706 earned 0 total points
ID: 35205823
Problem solved, it SIP ALG turned on in the firewall which could only be seen and changed using telnet.
0
 
LVL 11

Expert Comment

by:jfaubiontx
ID: 35208361
Thanks for sending us on a wild goose chase. You told us there was no firewall enabled and now you claim the fix was in the firewall and that we wasted our time to attempt to answer your question. I am so frustrated my people that don't provide the correct information and then with our help find the answer "on their own" and want their points refunded. Sorry for the rant but if I'm not getting anything else for my efforts, you can at least hear my side of it.
0
 

Author Closing Comment

by:andrew_2706
ID: 35239061
Problem found to be firewall at new site
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my office we had 10 Cisco 7940G IP phones that were useless as they were showing PROTOCOL APPLICATION INVALID when started. I searched through Google and worked for a week continuously on those phones, and finally got them working. This is a di…
Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now