Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

pfSense, NEC SV8100 and DT700 IP Phone

Posted on 2013-05-20
6
Medium Priority
?
3,372 Views
Last Modified: 2013-05-27
Hey Guys,

I'm a little stumped right now.  We recently had a new NEC SV8100 installed along with all the internal hard phones, internal SIP clients (UC Desktop Suite) and external DT700's.

Everything is working except.  Every 30minutes the external DT700's lose their connection, jump to a network busy message and then reconnect after they finish their reboot.

It appears to be linked to the keep-alive timeout period of the DT700's but I cannot seem to locate the right setting to resolve the issue.

On my pfSense firewall, I have the outbound NAT set to static port mapping.  I have the inbound rules in place for UDP (5080 - 5081 &  10020 - 10083).  I had originally set the Firewall Optimizations Options to Conservative under System -> Advanced -> Firewall and NAT, but "Normal" seems to work the same way.  I changed it when I read on the pfSense forums that you should change the keep-alive time on the SIP configuration.

With that in mind I jumped on my SV8100 and set the H.323/SIP Phone KeepAlive Setup options:

84-15-02 [KeepAlive Message Interval] = 1
84-15-03 [KeepAlive Message Timeout] = 10
84-15-04 [KeepAlive Timeout] = 5

And applied them.  Unfortunately, these did not seem to help the problem.  So then I figured, well let me configure my traffic shaping to prioritize VoIP packets.  Again no dice.

What am I missing.  I've been searching high and low for answers.  But I feel that I'm starting to get muddled under a bunch of settings that after changing them, I may end up finding the answer but not knowing how the issue was resolved.  As, it stands, the keep alive settings are currently as specified and the traffic shaping is still enabled.  The only other setting that I have changed on the NEC SV8100 is 10-12-06 NAPT Router - Enabled.

Thanks for any assistance.

-saige-
0
Comment
Question by:it_saige
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39183993
Check your PBX regarding VoIP behind NAT. if that's supported and if you need to change anything in the configuration in order for it to work.

Make sure that you setup your PBX's NIC Gateway IP address to point to Pfsense's LAN IP  in order for traffic to be routed successfully.

and one last thing keep your Pfsense Firewall/NAT (Firewall Optimization Options) setting to Conservative.

Some PBXes don't even support static NATting, I tried the same thing with Snom ONE PBX and wasn't able to use Pfsense, Untangle or any other firewall's static NAT with it. the only option it would work is direct connection.

hope you get it working though.
0
 
LVL 34

Author Comment

by:it_saige
ID: 39184121
Thanks for your response.  We did check all of the settings with regards to VoIP behind NAT.  And based upon those we made the changes to pfSense for it to work in the state that is now.  The settings changes involved:

1.  Firewall Optimization Option setting to Conservative.
2.  Manual outbound NAT with static port enabled.  (Since we have 5 IP's, we used one of the virtual unassinged ones in the CARP).
3.  Inbound NAT Rules for UDP (5080 - 5081 &  10020 - 10083) translated to the IP of the PBX.

With those settings out of the box, everything connects, it's just that the external IP Phones (DT700's) would all fall off with a Network Busy message and basically restart/reinitialize.  When they did, they would connect fine for about 30 minutes and then do it again.

However, after posting my question we did some further searching and found a setting on the PBX that might be the key:

In the DT700 Basic Setup - 84-23-02 [Subscribe Expiry Time] = 3600.  Last night we changed this setting to 180 and so far it does not look like we have had any further drops.  We will now more later today.

-saige-
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39184227
Glad you went that far. hope things stay stable.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 34

Accepted Solution

by:
it_saige earned 0 total points
ID: 39187236
Well a day later, it does appear that the resolution to this problem was the setting on the SV8100.

Again that setting is in the DT700 Basic Setup:

84-23-02 [Subscribe Expiry Time] = 180.  By default it is 3600.  Changing it to 180 has alleviated the issue.

-saige-
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39188219
Great, so you may close the question since you have solved it then.
0
 
LVL 34

Author Closing Comment

by:it_saige
ID: 39198772
We were able to identify the solution internally.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question