I am trying to setup port-forwarding on NetScreen 5GT so that I can register softphone over the Internet to Asterisk PBX which is running inside company office LAN.
Asterisk has IP address of 192.168.1.100.
Up to now, I cannot connect to Asterisk from outside network.
I configured three things below:
1. Added Custom services for UDP 5060 (I have tried several patterns of TCP 5060 only, both TCP&UDP 5060, and TCP/UDP5060 + UDP 10000-20000)
2. I added VIP on 'Untrust' interface using Custom services called "AsteriskUDP".
3. Also added policy to allow traffic from 'Untrust' to 'Trust' for the above service.
The relevant portion is copied and pasted in the following:
set service "AsteriskUDP" protocol udp src-port 0-65535 dst-port 5060-5060
set alg sip app-screen unknown-message route permit
set alg sip app-screen unknown-message nat permit
set alg sip app-screen protect deny dst-ip 192.168.1.100/24
set vip multi-port
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set interface untrust vip untrust 5060 "AsteriskUDP" 192.168.1.100
set policy id 16 from "Untrust" to "Trust" "Any" "VIP(untrust)" "AsteriskUDP" nat dst ip
192.168.1.100 permit log
set policy id 16
With this configuration, I was trying to connect Softphone to Asterisk, but the network does not seem to go through. I used portal site of 'www.cman.jp'
to check if the port-forwarding is active or not. But UDP cannot be confirmed with this service. Even TCP 5060 does not go through when I put TCP 5060 port-forwarding setup on 5GT separately.
On Asterisk, I enabled "TCPENABLE" statement to allow for registration using TCP packets.
But the situation does not change.
Please let me know if some configuration is missing or other things must be done.
Thanks in advance.