VOIP TRUNKS ONE WAYOUTBOUND DIALING & AUDIO

[BizFoneGuy]

I have a BCM that IP Trunks work fine when put directly on internet with an outside IP address. When put behind a Dlink 604 Router, I can only place IP calls not receive them and when I do place the call, the audio is outbound only. Even if the BCM is put in the DMZ of the router, there is still no inbound audio or calls? Port Forwarding was programmed in the router for 7000, 28000-28255 and 51000-51200, with no difference whether the Port Forwarding was programmed or programming deleted. Still one way audio, both behind the Router and in the DMZ of the router? Any ideas? Comments? Solutions?

 

[biv343]

It's a NAT issue. Your DLink router doesn't support cone-NAT, causing the one way speech patch.

Here's a blurb on the subject:

http://www.voip-info.org/wiki-STUN

There are several threads on this subject. I'd recommend a VPN for connecting your remote locations to the BCM.

I would be very leary (or should I say scared) of putting a telephone system on the Internet without a firewall. My personal opinion is that you're just asking for trouble.

 

[BizFoneGuy]

Why does the BCM still offer up only outbound dialing and outbound audio even when the BCM is placed in the DMZ on the router? The article is on STUN and doesn't talk about cone-NAT? Could you explain?

 

[biv343]

Because the ports outbound are correct, meaning the far end is seeing the proper ports. A Full Cone NAT router keeps the ports the same (meaning port 28000 outbound is also port 28000 inbound). In a typical PAT environment, the port will be translated (such as port 80 outbound, port 1600 inbound). The firewall keeps track of that, and for normal data packets it isn't any big deal. Voice on the other hand will result in one way speech path.

From a few paragraphs down in the link I attached:

Various types of NAT (still according to the RFC)

Full Cone: A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a packet to the mapped external address.
Restricted Cone: A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X.
Port Restricted Cone: A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
Symmetric: A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host