One way audio on SIP trunks

[300Blackout]

I have a new 3300. Trying to get sIP trunks working. When I call out the person outside the Mitel can hear me but I can here them. Also when they outside caller disconnect the call the call isn't disconnecting on Mitel. I have ports udp 5060 open along with udp 20000 to 30000 between sip provider and 3300. The 3300 is behind a zyxel USG 50 and I'm not using Mitel border gateway . Sip provider says the calls look good to them. Any help appreciated.

 

[Lundah]

Is ALG enabled on the firewall? Turn it off.

Also double check your UDP port numbers for the RTP stream, I don't have the documentation in front of me but 20000-30000 doesn't sound right. Considering you're also having issues with disconnects, which should be signaled via SDP packets on 5060 and not RTP, there may be issues with NAT translation as well (which is why a border gateway is usually recommended).

 

[Lundah]

Looks like you'll want to open up UDP 50000-50511 for the RTP streams. Also, the documentation I'm looking at (Engineering Guidelines for the latest release of MiVoice Business) says this about SIP aware firewalls:

"SIP AWARE FIREWALL
To secure voice communications between public Internet and devices on the private LAN the
traffic needs to traverse corporate firewalls. Session Initiation Protocol (SIP) is typically not
supported by general purpose firewalls. Conducting voice communication sessions is a complex
task for a firewall to handle. Supporting media streams transported over separate ports
negotiated during the call setup further adds to the complexity. Transparent SIP traversal
through firewalls and NATs requires specific handling of these issues.
In general, media streams are dynamically opened on a call-by-call basis using ports within a
well-defined range. As part of SIP communication sessions RTP protocol is used to carry the
voice stream. Traditional firewalls statically open certain protocols and ports in advance. This
approach creates a security exposure when port access is not controlled by the session
signalling. Instead, a firewall that understands SIP can open up the ports for the right protocols
just when the SIP traffic needs it.
The 3300 ICP supports integration with SIP Firewalls. Mitel recommends that a SIP aware
Firewall be configured as the Outbound Proxy through the Network Elements form. Then the
SIP Peer Profiles can reference the Outbound Proxy Server and route all signalling via the
Firewall.

 

[300Blackout]

Thanks for the help. SIP ALG is off. I don't understand the SIP ALG feature any way because every SIP service requires it turned off. I understand the Mitel Border Gateway however that would mean I would have to put the MBG at the edge which means 2 firewalls and the IT Staff doesn't want that. Plus another point of failure. If it not at the edge doesn't that means it must be in the DMZ which will bring the Zyxel firewall back in the picture. I will work on the UDP 50000 to 50511 ports. I don't understand why Mitel puts non-proxy PEER Profiles in 3300 if they highly suggest a MBG. Just frustrating for customer to have to spend $3000 on a MBG to get 12 sip trunks.

 

[Billz66]

make sure that your handsets can route to the sip trunk provider - dont forget RTP streams direct from the handset to the SIP provider

If I never did anything I'd never done before , I'd never do anything.....