Solved

phone connection to inside asterisk through my pix 515e

Posted on 2011-03-25
14
1,596 Views
Last Modified: 2012-05-11
hi all,

i am having a problem ip phone system (asterisk)
the problem is that someone from outsite connecting to or asterisk voip system, from inside i can ear them bout he can't here me, so it is working only one way
is there a special thing about config?
I did open a static rule with port 5060, bout i dont know how to make static rule on the on port range 10000 to 20000, it will take only one port at the time.

here is my config:
PIX Version 8.0(3)
!
hostname xxxxxxxxxxx
domain-name x.x
enable password xxxxxxxxxxxxxxxxx encrypted
names
name 192.168.2.29 PBX description ASTERISK
name 192.168.2.106 Mabe
name x.x.x.189 Outside_Interface
name x.x.x.190 OutSide_IP
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address Outside_Interface 255.255.255.192
 ospf cost 10
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.2.4 255.255.255.0
 ospf cost 10
!
interface Ethernet2
 shutdown
 nameif dmz
 security-level 4
 ip address 192.168.1.1 255.255.255.0
 ospf cost 10
!
passwd xxxxxxxxxxxx encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server Mabe
 name-server 192.168.2.80
 domain-name x.x
dns server-group xxxx
 name-server 208.85.113.10
 name-server 208.71.9.130
object-group service Asterisk udp
 port-object range sip 65535
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit udp any host OutSide_IP object-group Asterisk
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
logging from-address
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit host x.x.x.0 outside
asdm image flash:/asdm-603.bin
asdm location PBX 255.255.255.255 inside
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0
nat (dmz) 1 192.168.1.0 255.255.255.0
static (inside,outside) udp OutSide_IP sip PBX sip netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.x.129 1
route outside OutSide_IP 255.255.255.255 x.x.x.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server Cleard protocol radius
aaa-server Cleard host 192.168.2.107
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint
 no client-types
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment self
 crl configure
crypto ca certificate chain ASDM_TrustPoint2
 certificate 31
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  quit
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
ntp server 192.168.2.107 source inside prefer
ssl encryption rc4-sha1 3des-sha1 des-sha1
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Cleard
tunnel-group DefaultRAGroup ipsec-attributes
 trust-point ASDM_TrustPoint2
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 1280
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect dns preset_dns_map
!
service-policy global_policy global
smtp-server 192.168.2.83
prompt hostname context
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


Thanks
cleard
0
Comment
Question by:cleard
  • 8
  • 5
14 Comments
 
LVL 16

Expert Comment

by:memo_tnt
Comment Utility
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
The thing is that if you do PAT, you have to create a static for every port (all 10.000 of them :-~  ). That is because you can't use a port range in a static statement. If you do a one to one NAT (if you have an extra  public address, and by the looks of the subnet you have) you can define the port range in the access list rule.

If you don't want to use a dedicated public address there should be a way in asterisk to limit the number of ports that specific phone (connection) uses. I have it set up for one of my offices, one of the emplyees works from home with a voip phone and that phone can only connect over 30 possible ports. Don't ask me how that is done, the asterisk guy did that for me. But that is also an option.
0
 

Author Comment

by:cleard
Comment Utility
hi sage,

this doc is made for •pix software release 6.3.1 bout i have release 8.0
here is my log:

x.x.x.154 PBX  Teardown UDP connection 45596 for outside:x.x.x.154/0 to inside:PBX/5060 duration 0:01:03 bytes 0
 Pre-allocate SIP SIGNALLING UDP secondary channel for inside:PBX/5060 to outside:x.x.x.154 from 401 message
0
 

Author Comment

by:cleard
Comment Utility
erniebeek,
yes i can use one dedicaded ip for that, what should change.
here is my config:
PIX Version 8.0(3)
!
hostname CleardPix
domain-name cleard.local
enable password xxxxxxxxxxxxxx encrypted
names
name 192.168.2.29 PBX description ASTERISK
name 192.168.2.106 Mabe
name x.x.x.189 Outside_Interface
name x.x.x.190 OutSide_IP
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address Outside_Interface 255.255.255.192
 ospf cost 10
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.2.4 255.255.255.0
 ospf cost 10
!
interface Ethernet2
 shutdown
 nameif dmz
 security-level 4
 ip address 192.168.1.1 255.255.255.0
 ospf cost 10
!
passwd x encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.2.107
 name-server 192.168.2.80
 domain-name x.x
dns server-group PreToPost
 name-server 208.85.113.10
 name-server 208.71.9.130
object-group service Asterisk udp
 port-object range sip 65535
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit udp any host OutSide_IP range sip 65000
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
logging from-address x@x
logging recipient-address x@x.x level errors
logging ftp-bufferwrap
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit host x.x.x.0 outside
asdm image flash:/asdm-603.bin
asdm location PBX 255.255.255.255 inside
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0
nat (dmz) 1 192.168.1.0 255.255.255.0
static (inside,outside) OutSide_IP PBX netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 x.x.x.129 1
route outside OutSide_IP 255.255.255.255 x.x.x.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server Cleard protocol radius
aaa-server Cleard host 192.168.2.107
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 fqdn CleardPix
 subject-name CN=xxxxxxxxxxx
 no client-types
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment self
 no client-types
 crl configure
crypto ca certificate chain ASDM_TrustPoint2
 certificate 31
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  quit
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
ntp server 192.168.2.107 source inside prefer
ssl encryption rc4-sha1 3des-sha1 des-sha1
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Cleard
tunnel-group DefaultRAGroup ipsec-attributes
 trust-point ASDM_TrustPoint2
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 1280
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect dns preset_dns_map
!
service-policy global_policy global
smtp-server 192.168.2.83
prompt hostname context
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
0
 

Author Comment

by:cleard
Comment Utility
erniebeek,

Can you explain one to one nat or point me to the right place? I should not use static?

Thanks for your help
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Well the setup looks good.

Just get rid of: access-list outside_access_in extended permit ip any any . That's a tricky one.
Also access-group inside_access_in in interface inside isn't really necessary (as you permit everything).
This was just a bit of cleaning up, now for the sip: remove inspect sip and see what happens. The PIX is trying to 'help' with that inspect but that doesn't  always give the right results.

Oh and a short explanation for the statics.
When you do: static (inside,outside) udp OutSide_IP sip PBX sip netmask 255.255.255.255 you forward one port from you public address to a port on one of your private addresses. This way you can forward different ports from one public address to several internal addresses (PAT).
When you do: static (inside,outside) OutSide_IP PBX netmask 255.255.255.255 you hook up the public address exclusively to one internal address (one to one NAT).
That's the difference. You use the static statement for both types only the syntax and the result are somewhat different.
0
 

Author Comment

by:cleard
Comment Utility
erniebeek,
Thanks for the reply.

Did remove
access-list outside_access_in extended permit ip any any
and
access-group inside_access_in in interface inside
unable to remove inspect sip
in did no inspect sip and it is not removing
it seems to be in a default group
is there a way to remove it from that group?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:cleard
Comment Utility
erniebeek,

I tried it without removing inspec sip did not work
I just get one way in working exp: voice in bout voice out not working
so from outside inside is working bout inside outside is not working.
is the route ok?
route outside 0.0.0.0 0.0.0.0 173.246.64.129 1
route outside OutSide_IP 255.255.255.255 173.246.64.129 1
x.x.x.129 is the geteway external gateway of the pix
here is my config:
PIX Version 8.0(3)
!
hostname x
domain-name x.x
enable password xxxxxxxxxxxxxxx encrypted
names
name 192.168.2.29 PBX description ASTERISK
name 192.168.2.106 Mabe
name x.x.x.189 Outside_Interface
name x.x.x.190 OutSide_IP
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address Outside_Interface 255.255.255.192
 ospf cost 10
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.2.4 255.255.255.0
 ospf cost 10
!
interface Ethernet2
 shutdown
 nameif dmz
 security-level 4
 ip address 192.168.1.1 255.255.255.0
 ospf cost 10
!
passwd xxxxxxxxxxxxx encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.2.107
 name-server 192.168.2.80
 domain-name cleard.local
dns server-group PreToPost
 name-server 208.85.113.10
 name-server 208.71.9.130
object-group service Asterisk udp
 port-object range sip 65535
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit udp any host OutSide_IP range sip 65000
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
logging ftp-bufferwrap
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit host x.x.x.0 outside
asdm image flash:/asdm-603.bin
asdm location PBX 255.255.255.255 inside
asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0
nat (dmz) 1 192.168.1.0 255.255.255.0
static (inside,outside) OutSide_IP PBX netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.129 1
route outside OutSide_IP 255.255.255.255 x.x.x.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server Cleard protocol radius
aaa-server Cleard host 192.168.2.107
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 fqdn xxxxxxxx
 no client-types
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment self
 no client-types
 crl configure
crypto ca certificate chain ASDM_TrustPoint2
 certificate 31
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  quit
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
no crypto isakmp nat-traversal
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
ntp server 192.168.2.107 source inside prefer
ssl encryption rc4-sha1 3des-sha1 des-sha1
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group Cleard
tunnel-group DefaultRAGroup ipsec-attributes
 trust-point ASDM_TrustPoint2
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 1280
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect dns preset_dns_map
!
service-policy global_policy global
smtp-server 192.168.2.83
prompt hostname context
Cryptochecksum:xxxxxxxxxxxxxxxxxxxxxx


0
 

Author Comment

by:cleard
Comment Utility
erniebeek,

Here is my pix log:
x.x.x.154 Pre-allocate SIP SIGNALLING UDP secondary channel for inside:PBX/5060 to outside:209.217.98.154 from 401 message

x.x.x.154 PBX  Teardown UDP connection 3107 for outside :x.x.x.154/0 to inside:PBX/5060 duration 0:01:02 bytes 0
0
 

Author Comment

by:cleard
Comment Utility
erniebeek,

also getting this log message:
x.x.x.154 Pre-allocate SIP Via UDP secondary channel for outside:x.x.x.145/5060 to outside:x.x.x.154 from REGISTER message

I guess this one is a hard one ;-{
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Well, I got it to work so we should be able to get it working with you to :)

First, remove: route outside OutSide_IP 255.255.255.255 x.x.x.129 (not good).

To remove the inspect:
conf t
policy-map global_policy
class inspection_default
no  inspect sip


Then let's see if that helps.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
Comment Utility
Just remembered something else:

Check the sip.conf on the asterisk server to see if externip and localnet are defined, you need to set those otherwise you get those strange logs.

So externip should be the public address of the sip server
externip = x.x.x.190
and localnet the internal ip range the server is in:
localnet = 192.168.2.0/24
0
 

Author Closing Comment

by:cleard
Comment Utility
It was the config of the asterisk, this line externip = x.x.x.190
The phone guy did not know about this one.

Thanks for your time erniebeek, Your or the best ;-)
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Glad I could help and that memory serves me well ;)

Thx for the points.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now