×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Stumped on SIP Trunk

Stumped on SIP Trunk

Stumped on SIP Trunk

(OP)
I am trying to add a SIP line for the first time. The IPO is 8.1 and the line should be going through LAN2. The provider is Nextiva. I used the Nextiva guide for the IPO programming and have looked at a number of threads here on tek-tips. Firewall/NAT Type is Blocking Firewall. I'm not sure I did STUN right. I tried using the IPO's LAN1 and LAN 2 IP addresses and one suggested in another thread. In the Netgear firewall I have opened ports 5060-5090, and based on other threads, I also opened 3478 and 49152-53246.

The line does not register. In Monitor, filtered with all of the boxes of the SIP tab checked, I don't see Manager even trying to register the SIP line. Everything I see related to SIP relates to a user's softphone. I searched for the ITSP Domain Name in the Monitor log and don't see that either.

Can anyone point me toward what I should look for? I have tried so many things my head is spinning.

RE: Stumped on SIP Trunk

first do you have SIP registrar enable on the system/LAN/VOIP tab? Disable Auto-create Ext. Second do you have SIP trunk licenses? Third change the default port from 5060 to something else and chenge the RTP ports to the new range 46750-50750 to take the management ports out.
Mike

RE: Stumped on SIP Trunk

System - LAN1 or LAN2 - VoIP - SIP Trunks Enable Check box

RE: Stumped on SIP Trunk

Which LAN is the firewall pointing the ports to?

RE: Stumped on SIP Trunk

(OP)
SIP registrar enable is checked, along with SIP Trunks enable. Yes I have licensing. Third, If I change the Default and RTP ports in LAN2, do I need to update the firewall to whatever ports I use?

RE: Stumped on SIP Trunk

yes you will need to update the firewall so that it will forward those ports. Also change the monitor trace on the SIP tab to verbose.

RE: Stumped on SIP Trunk

(OP)
Teletechman - Netgear walked me through the firewall setup. We created an Inbound Services rule that always allows SIP-UDP traffic to the LAN2 IP address. I could change the service to just SIP, or UDP, or SIP-TCP...

There is also a Security/Services entry that specifies type: UDP, ports 5060-5090. That also could be changed to TCP.

RE: Stumped on SIP Trunk

(OP)
OK in LAN2 I changed the default port to 5070 and the RTP to 46750-50750. On the firewall 5070 is already open and I added the RTP ports. Rebooted firewall and IPO. Line still does not register. Still no action in Monitor either - does that mean anything or is it a distraction for now??

RE: Stumped on SIP Trunk

How are you registering? is it via a user name and password or is there a SBC session border control onsite? Are you registering to a public address?

RE: Stumped on SIP Trunk

how is your LAN2 VOIP tab configured? and the Network topology tab?

RE: Stumped on SIP Trunk

You did enable SIP trunks?

RE: Stumped on SIP Trunk

(OP)
Registering via User Name and Password provided by Nextiva.
SIP Trunks are enabled.

LAN2 VoIP:
H.323 Gatekeeper is not enabled. SIP Trunks are enabled. SIP Registrar is enabled. Auto-create extension and SIP Remote Extension not enabled.
I'm going to try to attach pictures for the rest.

RE: Stumped on SIP Trunk

Try putting your public IP in the field, and the port you are going to use (normally 5060) in the Public Port fiels. Is that STUN address correct? If not, ping stun1.l.google.com (that's stunONE dot ELL dot google) and put that IP in instead (I don't recall if 8.1 can ping by name if you have a valid DNS)

RE: Stumped on SIP Trunk

(OP)
TTT, thanks for the STUN address tip, that brought up a different address. So I entered it, and entered the public IP address and the port. Then I ran STUN and it reverted the Public IP and UDP port back to zeros. I saved and rebooted Manager. SIP line still not registered.

I'm going to check in with the provider. I saw a previous post that had bad info from them.

RE: Stumped on SIP Trunk

Not sure how long you left it for but you may need a few minutes before the SIP trunk registers, unlike other trunks.

RE: Stumped on SIP Trunk

(OP)
Discovered that we can't reach/ping the SIP server. Until we get that solved in the firewall, we're stuck. I'll post an update or more likely, questions about the next problem. smile

RE: Stumped on SIP Trunk

Do you have IP routes in the IP Office? Also do you have DNS set up for the SIP, you might have to use just IP Addresses on some releases. Can you ping anything out of the IP Office try 8.8.8.8
Mike

RE: Stumped on SIP Trunk

(OP)
I have 2 IP routes:
192.168.0.0 / 255.255.255.0 / 192.168.2.1 / LAN1 - this is for remote IP phones which are working fine. The Gateway is the private IP address of the Netgear firewall.

0.0.0.0 / 0.0.0.0 / 70.58.151.xxx / LAN2 - this is for the SIP trunk. The IP address is the static public facing IP address provided by my ISP for the netgear router.

I got some help from Netgear over the weekend. They say the attempt to ping the Nexitva server is getting out, but Nextiva is not responding. I have left a msg. with Nextiva.

RE: Stumped on SIP Trunk

So does this mean you have a 70.58.151.xxx IP on the actual LAN2 port on the IPO?

| ACSS SME |

RE: Stumped on SIP Trunk

(OP)
Yes, LAN2 on the IPO is set to 70.58.151.xxx

RE: Stumped on SIP Trunk

In that case then the network topology tab will not be used by you, so on the transport tab on the SIP trunk use network topology will be set to None.

Can you confirm the public IP is not actually internet capable and just allows communication to the relevant SIP trunk/provider?

Also if you have a public IP address on the LAN2 port on the IPO, you do not need any ports etc opening as the public IP stops the requirement for that.

| ACSS SME |

RE: Stumped on SIP Trunk

(OP)
My earlier statement that I can't ping the Nextiva server is incorrect. The IP address I was trying to use won't respond to requests. Nextiva gave me a different IP Address and here we go:

The LAN2 port can ping the static public facing IP address provided by my ISP for the netgear router (regarding IP Route in thread above), but it can't ping the Nextiva data center.

I cannot ping 8.8.8.8 from LAN 2. I had different DNS servers entered from what Netgear has, so I change the IPO to match Netgear. No change.

The firewall can ping the data center. I'm thinking I have something wrong in IPO?

I'm going to paste another screen shot. In System Status I'm seeing 2 LAN2 routes. The first one corresponds with the LAN2 tab in Manager, the other corresponds (I think) with the results from running STUN. Does this tell us anything?

RE: Stumped on SIP Trunk

(OP)
Pepp77, I changed the transport tab as you suggested. Did a reboot, still no dice. I have a message in to the firewall folks about the public IP address. Thanks for everybody's continued help!

RE: Stumped on SIP Trunk

(OP)
I had a guy who knows much more than I look at the IPO and the Netgear. I can't tell you what he all did. Changed the SIP line to look for LAN1, did away with the static IP, changed the firewall to do a one-to-one NAT. Nextiva had to delete and re-enter the phone number. Finally, it all worked. My biggest take-away is that I will hire this guy from the start next time. Thank you all for your help.

RE: Stumped on SIP Trunk

The way I learned was to watch over the shoulder of another tech while he did a couple for us and then to have him available for the next few to make sure I did it correctly. At least you have something to look at to see where you made the mistake.
Mike

RE: Stumped on SIP Trunk

It is perfectly fine, and generally a good idea, to pay someone who knows what they are doing to configure SIP trunks for you at least the very first time. You can watch what they do and learn quite a lot. Most techs are willing to show you some pitfalls and pointers if you ask. The only problem is every SIP provider is different. The good news as you continue to do SIP trunks you become more comfortable and start knowing where to look when certain things aren't working.

The truth is just an excuse for lack of imagination.

RE: Stumped on SIP Trunk

if you got a non internet facing public ip address on LAN 2 depending on what subnet mask range you get given from the SIP provider/ISP. you will have to configure the ip route as follows.

70.58.151.XXX / 255.255.255.xxx / 70.58.151.xxx / LAN2 and use the default gateway address the ISP provided.

Then program the sip trunk to use LAN 2 network topology.

Then in under LAN 2 network topology

Stun - Nothing
Firewall type - Static port block or Unknown ( depends on what type firewall some work with one and some work with the other)
binding time 60 seconds
public ip address - 70.58.151.xxx ( The usable ip address you have selected)

public port 5060

No need to use STUN

If all else fails plug a laptop in the sip port on the firewall, statically assign the laptop to the same ip address in the ip route and then see if you can ping the sip server of your requirement.

Thank you

ACSS

Just another day in the life of ME

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close