wan access of Asterisk

I want to implement below configuration with asterisk

I have installed an asterisk IP PBX internally with IP 192.168.1.212/24
I have a router Cisco RV 042 with local  IP 192.168.1.1/24 installed with a WAN static IP   XXX.XXX.XXX.123

Now i want use SIP Dial  from outside company with zoiper.


Please help me to implement this scenario.

Thanks in advance.
Razi AbbasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
Forward the UDP port 5060 to 192.168.1.212 to allow SIP traffic.

Forward the UDP ports 10000 to 20000 to 192.168.1.212 to allow RTP traffic.

This assumes you used the default ports.

You may also need UDP port 4569 for IAX2 and UDP 5036 for IAX.

HTH,
Dan
Razi AbbasAuthor Commented:
Dan Craciun@not working
Razi AbbasAuthor Commented:
dear Dan , please help me i am attaching snapshot of screen .
Capture-1.JPG
Capture-2.JPG

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Dan CraciunIT ConsultantCommented:
Looks like you need to forward port 210 to the local server.

From your screenshots it's not clear what the local port is. It may be the standard 5060, the same as the external port (210) or another random port.
Razi AbbasAuthor Commented:
i have been for forward 5060 to local server . 210 is not a port this an External IP ending with 210.
Dan CraciunIT ConsultantCommented:
OK, did not look closely. I thought it's something like x.x.x.x:210

What happens when you try to connect to the server from outside? What are the error messages?
Razi AbbasAuthor Commented:
port setting are attached.
Razi AbbasAuthor Commented:
Zoiper soft phone saying "request time out (408)"
Razi AbbasAuthor Commented:
port forwarding setting  at cisco rv042 attached
port setting over freepbx attached
Capture-3.JPG
forwarding-.JPG
Dan CraciunIT ConsultantCommented:
The port forwards seem OK.

Try connecting with the soft phone from inside your network, to eliminate possible server issues.

What I mean is install the soft phone on one of the computers having an internal address (192.168.1.x) and then connecting directly to 192.168.1.212.

If it works, then you can continue troubleshooting the connection, look for firewalls, ACLs, etc.

It if does not work from the internal network, then the problem is with the Asterisk server.
Razi AbbasAuthor Commented:
thanks dan. from internal it's working very well. issue is only from WAN side access.
Mohammed HamadaSenior IT ConsultantCommented:
I honestly don't recommend using external SIP connectivity with Asterisk at all. I have heard horrible stories about companies losing tens of thousands and sometimes hundreds of thousands of dollars due with Asterisk. as you know Asterisk is an open source PBX and it's easy to hack if you don't have a very good and tight VoIP security settings on your firewall.

If you insist on implementing the external connectivity of your PBX then I would suggest that you also implement an IDS/IPS system with a strict password and login policy. so if a user fail to login 3 time with the correct password the IP of the user gets blocked for 1 month at least.

Also Port forwarding for VoIP calls is not recommended. it might work sometimes pretty well but mostly you'd still have issue with establishing a media channel between both user ends

Try configuring the firewall to directly forward all traffic to the PBX without port forwarding and see if this would get things to work properly?

If you don't want to direct the traffic to the PBX directly then try to telnet the public IP on port 5060 from another Internet connection e.g. (Your Home) and see if telnet works?

Also on Zoiper client, make sure that you're using UDP in network settings and disable TLS if it's enabled.
Try disabling STUN server on Zoiper too.

Enable the debug log on Zoiper client and if the login fails send the debug logs with your next comment.
PhonebuffCommented:
Did you set up Asterisk for external services ?  

Generic open port mapping for SIP / RTP is a bad Idea !!  You should look at something like the PIAF Traveling Man, or port knocker at the very least for this -

SIP.CONF - or depending on Distro one of the files that get included has the setting you need --

externip = IP_Address or a hostname

http://www.voip-info.org/wiki/view/Asterisk+config+sip.conf
Razi AbbasAuthor Commented:
Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IP Telephony

From novice to tech pro — start learning today.