asked on
Questions about Asterisk behind NAT
The Asterisk/FreePBX server is in our data center behind our firewall. It's on a 10.10.40.0/24 network. Our telephones are at a remote site that has an IPSEC tunnel to the data center. These devices are on a 10.1.40.0/24 network.
Calls between the phones at the remote sites work. Calls from our remote site to an extension on our Asterisk server (Directory for example) do not work; calls via our SIP trunk provider configured on the Asterisk server also do not work - there is no audio.
I'm sure this is a beginner NAT issue; I'm looking for guidance on how to resolve.
Calls between the phones at the remote sites work. Calls from our remote site to an extension on our Asterisk server (Directory for example) do not work; calls via our SIP trunk provider configured on the Asterisk server also do not work - there is no audio.
I'm sure this is a beginner NAT issue; I'm looking for guidance on how to resolve.
Voice Over IPIP Telephony
Last Comment
Phonebuff
ASKER
Thanks for the response.
The phones are configured to connect to the Asterisk server on its LAN IP address (10.10.40.250) -- not on a WAN address. The phones are behind a router on the private network VLAN (10.1.40.0/24) at our satellite office.
Do they need to be configured for NAT? Based on what you wrote, I would assume not.
The phones are configured to connect to the Asterisk server on its LAN IP address (10.10.40.250) -- not on a WAN address. The phones are behind a router on the private network VLAN (10.1.40.0/24) at our satellite office.
Do they need to be configured for NAT? Based on what you wrote, I would assume not.
I'm assuming that even though your phones are behind a router, the site-to-site VPN is providing the routing between the PBX subnet and the phones subnet (e.g. Asterisk never actually has to use the external WAN IP address of the remote site where the phones are).
So I'd say if your PBX can communicate with the phones via their local 10.1.40.0/24 ip address, then NAT should be set to "no". Otherwise set it to "yes".
More information is here:
http://www.voip-info.org/wiki/view/Asterisk+sip+nat
So I'd say if your PBX can communicate with the phones via their local 10.1.40.0/24 ip address, then NAT should be set to "no". Otherwise set it to "yes".
More information is here:
http://www.voip-info.org/wiki/view/Asterisk+sip+nat
ASKER
NAT is set to no.
Any other ideas as to why things aren't working?
Any other ideas as to why things aren't working?
I'm still leaning in the direction of a firewall issue related to your RTP port range. You're sure that the endpoints can communicate with your PBX on the RTP port range 10000-20000?
ASKER
I'm told the VLAN's at the two locations are "wide open".
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
More likely this is a firewall issue...
The Asterisk server uses port UDP 5060-5061 for regular SIP traffic, but the audio for each session is sent via a randomly selected RTP port, which by default is in the range of UDP 10000-20000. These ports must be opened in your firewall, forwarded through your NAT etc. accordingly. If you need to use a different range you can configure the RTP port range in /etc/asterisk/rtp.conf.
Also, if you're Asterisk server is behind a NAT you should make sure your external IP address or hostname is specified in Asterisk using the "externhost", "externip" and "localnet", directives in your sip.conf. It's easier to configure this if you're using FreePBX as your GUI, you can simply go into Settings->Asterisk SIP Settings section and configure the NAT settings in there.
Finally, your endpoints themselves (In freepbx under Applications->Extensions),