SIP Sending Wrong WAN IP

[FocusTechnology]

Hi All,

I have a problem with Gamma SIP which I see is quite common.

IP 9.0 SP12 sip all set up, incoming calls perfect.

Outgoing rejected, trace shows the LAN2 IP being sent instead of the WAN IP.

STUN keeps using the LAN2 IP and changing the NAT type to blocking.

I have made changes where I know how or have read to try but nothing is stopping this from happening.

Any suggestions please?

 

[joe2938]

Lan 2 is the wan IP

 

[FocusTechnology]

Sorry my bad, there is a firewall between the IPO and the Net.

IPO Wan2 IP is 192.168.10.250, GW is 192.168.10.254 then the firewall with the public WAN IP.

 

[karlzre]

disable sip alg in FW ?

ACIS - ACSS

 

[TheSmash]

You need to chose to either use STUN, or trust your configuration and not use STUN.

Firstly, is the firewall SIP aware? If yes, then you could try using the SIP transformations options to re-write the IP's in the SIP packets. I find that firewalls can be a bit hit and miss with this so avoid it. Plus it can cause issues with One-X Mobile traffic.

Secondly, you can use STUN, which if I'm honest I'm not a fan of and should only be used in a "I've no idea how to set the IP Office up or the Firewall and hope for the best" scenario. Or a, if all else fails, try using STUN.

Thirdly, and my preferred route - Disable SIP transformations on the Firewall. Make sure your outbound NAT for traffic from the IPO to Gamma is using the correct Public IP. Set your SIP trunk transport Tab to Use Network Topology Lan1/Lan2 (delete where appropriate). On Lan1/Lan2 Network Topology TAB, clear the contents of the STUN server field, Set the firewall to Unknown or Static Port Block, Binding refresh to 60, Public IP Address - set to the correct NAT'ed IP that the firewall is using for outbound traffic from the IPO, and set your ports, 5060/5061 where appropriate.

You should find that if you examine the OPTIONS packets that the IPO is re-writing the FROM and CONTACT with the public IP Address you entered in the LAN1/LAN2 Network Topology. This should then survive the NAT'ing of the firewall and Gamma will give you the big thumbs up.

If you have set up your port forwarding and NAT correctly then this should all work.

Good luck

ACSS (SME)

 

[FocusTechnology]

That isnt working either, still getting the LAN 2 internal IP instead of the WAN IP.
12:22:57 1687553mS SIP Rx: UDP 88.215.51.225:5060 -> 192.168.10.250:5060
SIP/2.0 403 Forbidden-Source Endpoint Lookup Failed

 

[TheSmash]

Ah, just re-read your original message.

In 9.0 the SIP stack is knackered and doesn't behave correctly, hence your issues.

Any chance you can upgrade to 9.1?

Alternatively, I've had mixed results trying to use STUN to resolve the one I was battling with. In the end, we swapped the 9.0 IP500v1 chassis with an IP500v2 on 9.1 and the problem went away.

ACSS (SME)

 

[FocusTechnology]

Hmm problem is that 9.1 is not an available upgrade now

 

[joe2938]

of course it is, what do you mean not available right now?

 

[FocusTechnology]

I have been told by our suppliers that you can now only go to 10.x and not 9.1.

 

[IPGuru]

IIRC V9.0.12 is the latest release of V9.0 & various Sip issues had been resolved, earlier V9.0 releases were the ones that had the problems.
If you do need to Upgrade what is the problem with upgrading to V10.1?





Do things on the cheap & it will cost you dear