We help IT Professionals succeed at work.

Asterisk and remote phone - calls drop due to no SIP ACK received

I have a remote extension (yealink handset) that is dropping outbound calls after 35 seconds. I have diagnosed through logging that the asterisk server is not receiving the proper ACK, and the reason for that is that the asterisk server is looking for the reply from 192.168.1.4, which is the local subnet of the remote phone. Obviously the asterisk server will never receive a reply from that address. What changes do I need to make so that the asterisk server is looking for replies from the WAN IP of the remote network? NAT is setup properly on both ends. For reference, this is CompletePBX from Xorcom that we're dealing with and a copy of the asterisk log error is below.

[2018-08-16 09:27:08] WARNING[5720] chan_sip.c: Retransmission timeout reached on transmission 405286438@192.168.1.4 for seqno 2 (Critical Response)
Comment
Watch Question

David Johnson, CDSimple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
my suggestion is to use a vpn either point to point or site2site
Ron MalmsteadInformation Services Manager
CERTIFIED EXPERT

Commented:
I agree with David Johnson's suggestion...because it's the easiest and most standard method,..and also because the alternative would be to expose the client machine to the internet using port forwarding (assuming their client router can do that)  or giving their machine a public IP address. (not recommended).

....Otherwise you could use STUN.

Explanation here : https://www.thirdlane.com/blog/nat-stun-turn-and-ice
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I would suggest using an SBC... but a better question is what does the network the PBX resides on look like? Is it 192.168.1.x as well?
Thank you all for the suggestions. Since it was just one remote phone, we wanted to avoid the VPN solution if possible, even though that is certainly the best way. The phone in question was a yealink handset, and after a firmware upgrade I was able to turn on rport, which passed the external IP to the phone system, and the problem was resolved. We filtered connections on the host side to only allow the single IP from the remote location. Web management is disabled on the remote handset and no anonymous logins or calls can be made, so I think we'll be ok. Thanks again for the suggestions.
In your peer configuration there is a nat setting.
If a peer is configured with nat=yes, it causes Asterisk to ignore the address information in the SIP and SDP headers from this peer, and reply to the sender’s IP address and port.
nat=yes is working for asterisk version 10 or older. From asterisk 11 , nat=yes is depricated. Use nat=force_rport,comedia