[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 128
  • Last Modified:

Shoretel SIP Trunks failing to work after migrating internet/firewall

Hi

Need some guidance on this please.  Have a Small Business edition shoretel setup, running HQ, SG90, SG90BRI, E1k and an ingate siperator.

We've migrated the internet and replaced the firewall (cisco asa 5505) and rebuild the config so essentially the same apart from it has new external IP addresses.  However the SIP trunks failed to come online.  
It transpired that the old firewall had an additional wan IP address allocated to the firewall, and this IP was stored in the gamma portal.  So

We've tried using an additional IP address to the firewall and using the current WAN IP of the firewall to Gamma portal, but no joy.

The config on the ingate appears to be configured to point traffic direct to Gamma.  The old and new firewalls had/has an inbound NAT rule from WAN IP internal ingate e.g: nat (inside,outside) source static a-172.16.10.35 a-*.*.*.*

Ideas?
0
CHI-LTD
Asked:
CHI-LTD
  • 4
  • 3
  • 2
4 Solutions
 
Pete LongConsultantCommented:
>>It transpired that the old firewall had an additional wan IP

SO plug that circuit into Ethernet0/3 - then configure VLAN3 with the same public IP the old one had. (you will need a security plus licence on the 5505)

Then statically nat 172.16.10.35 to that interface

YOU will need to crate an ACL to let the traffic in and out as well. Phones are not really my thing so I don't know the ports


Pete
0
 
CHI-LTDAuthor Commented:
Thats just it, we didnt have anything connected to fe0/3, just had an IP allocated somewhere for the voice to route..  We tried adding new spare IP to the firewall interface (not sure which one) and allowed inbound using: nat (inside,outside) source static a-172.16.10.35 a-*.*.*.*
Is this a valid command to NAT inbound traffic to the Ingate?
0
 
Pete LongConsultantCommented:
SO you have replaced the 5505 with a 5505?

Do they both have the same license (show version)?

Was this public IP of the phones in the same range as your public IP?

>>Is this a valid command to NAT inbound traffic to the Ingate?

Heres how to setup a static NAT
Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall
0
Meet the Family that is Made for Collaboration

The TeamConnect Family product group as part of the Sennheiser for Business Portfolio comprising high-quality, technically well-conceived meeting solutions for business communication – designed for any meeting room and any meeting situation.

 
CHI-LTDAuthor Commented:
correct.
not sure, think the version of the software is newer on the new fwall.
No, the new WAN IPs are completely different, as new ISP.

Thanks for links.
0
 
Pete LongConsultantCommented:
>>not sure, think the version of the software is newer on the new fwall.

Check! - the new one should have a 'sec plus' licence or VLAN3 can only be accessed from the outside (which is not what you want!)

>>No, the new WAN IPs are completely different, as new ISP.

Then you need to get the OTHER END to accept traffic form your new public IP?

P
0
 
masnrockCommented:
One of the biggest things is that you need the new WAN IP(s) to be in the Gamma portal. Some SIP trunk providers will validate based on an IP address. So if you're going to be using new WAN IPs, Gamma needs records reflecting those IPs.

TCP port 5060 is one of the ports that you'll need to open incoming traffic from Gamma for. There should also be a series of UDP ports that you need to open (I would check with Gamma to verify the specific range). From some online research, I've seen people say that Gamma recommends opening UDP ports 6000-40000, which seems to be an excessively large range.
0
 
CHI-LTDAuthor Commented:
Yes thats one thing we changed.  It now looks like it might be port related.
0
 
masnrockCommented:
Have you made the changes on your firewall?
0
 
CHI-LTDAuthor Commented:
Tonight
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now