Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP extension over Internet

Status
Not open for further replies.
rroman0316

rroman0316

IS-IT--Management
Jan 3, 2013
27
MX
Good afternoon to all,

Excuse perhaps my easy question, but I just can't seem to find some information.

Does anybody have a list of ports that need to be forwarded in order for a SIP extension to work properly with the IPO behind a firewall?

The issue is to use a SIP extension over the Internet. The problem is that the client simply won't budge when told to use a VPN connection and wants to use it with the IPO behind a Sonicwall router. Client doesn't have a static public IP so the Sonicwall is necessary in order to use dyndns addresses.

Before implementing the solution I've been trying to do this in our office. The difference is I have a Fortinet 60B but can't get it to work.



I know about security issues of doing this, but the client has been warned and won't budge. Also I've heard many negative comments on Sonicwalls in this matter.


Thanks for the help in advance.
 
Sort by date Sort by votes
I do know that sip needs port 5060, if I understand this correctly

acss sme acis sme acss cm 5.2.1 acss cm and cmm
 
Upvote 0 Downvote
SIP clients like the IPO can register with the SIP provider and use STUN to determine its public IP address, that way the SIP provider knows where to send the return packages.
You can simply forward port 5060 and the RTP ports (different for each provider and that info should be provided by them) to the IPO and voila you are cooking.

Joe W.

FHandw, ACSS (SME), ACIS (SME)



Interrupt the silence only if you improve it by saying something, otherwise be quiet and everybody will be grateful.
 
Upvote 0 Downvote
smokinjoe2938:

Yes, I've done the forward on port 5060, 5061 both udp and tcp with no success. My guess is more ports are used?

Westi:

Hold on, I'm trying to connect a SIP extension to an IP Office. I think I was misunderstood.
 
Upvote 0 Downvote
Sorry, I misunderstood
I think that only works if you put the IPO on the public IP and even then it might not work.
Did never hear anything other than that. Better way is to create a VPN with hardware and register it that way.
Or if your firewall can do all the NAT then it might work but you have to then forward all ports to the IPO. Never heard that anyone is doing it that way but that doesn't mean it won't work.

Get the SIP phone working internally first and then go outside the network so that you can be sure it is not a setting screwing it up but has to do with routing the packages.

Look in the IPO for the RTP port range in the system programming (LAN - VoIP) and forward these ports as well but I doubt that the IPO can do NAT for an extension

Joe W.

FHandw, ACSS (SME), ACIS (SME)



Interrupt the silence only if you improve it by saying something, otherwise be quiet and everybody will be grateful.
 
Upvote 0 Downvote
Oh! ok, I will get the list of ports that I need from the IP Office configuration then. That'll help. Thanks Westi!
 
Upvote 0 Downvote
To add to MY confusion the Flare for IP Office works fine for our ISA VPN but IP Office Video Softphone wont register.
 
Upvote 0 Downvote
Archangel58, i have the exact same issue.
Flare works flawlessly but the IPO softphone does not.


BAZINGA!

I'm not insane, my mother had me tested!

 
Upvote 0 Downvote
Well,

I have had little success in this, I've forwarded ports 5060 and the RPT port range defined on the IPO interface.

Has anybody got this to work? What router brand/model did you make it work with?

I appreciate comments! thank you!
 
Upvote 0 Downvote
If this is a SIP station, you'll need a 3rd party license. You may also need to forward ports on both ends as your device may not support NAT traversal. Does device work when connected to same subnet as IPO?
 
Upvote 0 Downvote
Yes the device works locally. I am guessing I am stuck at the router...

I have traced this with Wireshark but all I see is the SIP app making requests to the resolved address. No answer. It always results in a "Request Timeout", meaning I can't even reach the IPO.

What exactly do you mean "both ends"? for instance, talking about a SIP client on a smartphone connected via 3G.

Thanks in advance.
 
Upvote 0 Downvote
Here's something interesting:

So, for testing purposes I managed to get ahold of an IP Office with a static real IP attached to its WAN interface. I configured it and I am able to successfully have the phones find the remote IP Office and register to it. Calls ring to and from phones on site and phones outsided registered via the WAN but no audio is heard during the call. Not even one-way audio, simply no audio.


I thought this was only a problem with NAT but, as far as I know, there is no firewall / NAT between that IP Office and the Internet...

Another thing: I tried to fool around with the CODEC settings for the extension but here is a wierd behavior: even thought the "auto-create user/extn" options are all disabled (for both LAN and WAN interfaces) it keeps creating a new extensios that are not configurable. I keep deleting them and even creating users for those extensions but the IPO keeps creating new ones and it has become a cat and mouse game.

By the way, this happens using SIP extensions and H323 extensions (both softphones and hardware phones such as 1408).

Any comments on this are appreciated.
Thanks in advance
 
Upvote 0 Downvote
The handsets are still behind NAT though, that's why there is no audio :)



"No problem monkey socks
 
Upvote 0 Downvote
amriddle01:

Really?

But, I thought that should've been automatic because, for instance, how do other commercial VoIP apps (skype and such) work? hmmm... So I need to tell my router to allow incoming and outgoing traffic? That could be possible but, how would it work with a SIP extension on a mobile phone over 3G?

Thank you for your reply.
 
Upvote 0 Downvote
Skype is specifically designed (at huge expense) to traverse NAT, it's a stumbling protocol also which means it will change the ports it uses to try and find a way through...it isn't SIP. In contrast SIP extns on IPO are designed to be used locally not via NAT traversal, that's why it doesn't work :)



"No problem monkey socks
 
Upvote 0 Downvote
Unless for example we could use VPN for instance? That I've tested and it works, it just that we have a client that doesn't want to use VPN, that's why. Ooook! Thanks for your help! Very much appreciated.
 
Upvote 0 Downvote
Tell this client to stop wining and use a VPN.

BAZINGA!

I'm not insane, my mother had me tested!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

claudiotele
  • Question
Sip Trunk over TLS not working
Replies
7
Views
470
Mo. Abdullah
Mo. Abdullah
john3voltas
  • Locked
  • Question
R10 SIP extension password
Replies
1
Views
336
densho0
densho0
Imran555
  • Locked
  • Question
Incoming caller ID with SIP server IP over SIP Trunks 1
Replies
1
Views
862
ipohead
ipohead
rsv23
  • Locked
  • Question
SIP Trunk Routing
Replies
3
Views
412
rsv23
rsv23
R
  • Question
cannot find a suitable SIP URI to dial out | SIP Error
Replies
6
Views
443
MikeeOK
MikeeOK

Part and Inventory Search

Sponsor

Back
Top