Sip Inbound only works on-way with Firewall

Discussion in 'General' started by tumbleweed, Mar 22, 2011.

  1. tumbleweed

    Joined:
    Jun 18, 2010
    Messages:
    79
    Likes Received:
    0
    Hi guys

    Previously with the Firewall (Sonicwall OS Enhanced) connected, Sip inbound was not even getting through, but since adding necessary NAT on the Firewall inbound is working but only one-way. Outbound IAX2 works fine.
    Firewall rules opened to all on the LAN and WAN.

    Sonicwall support are saying the Firewall is forwarding the packets ok, so it must be a problem with the server. Note, when I remove the Firewall inbound works fine.

    I am not convinced it´s the server causing this problem, but maybe when I connect the Firewall something may need changing on the extensions?

    Thanks
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    They are actually forwarding the rtp packets AFTER changeing the port, this is why it is not working, some newer software have a "sip helper" thingy. however IMHO it is not very helpful, my solution is to replace them.

    dicko
     
  3. tumbleweed

    Joined:
    Jun 18, 2010
    Messages:
    79
    Likes Received:
    0
    Thanks for the comment dico, but could you elobrate please? The sonicwall has an IP Helper section.

    I am waiting to do another live test as when I checked the firewall rules I realised that that UDP ports 10000 - 20000 (RTP) were not amongst the ports forwarded to the Asterisk server. Could this be the problem?

    Thanks
     
  4. tumbleweed

    Joined:
    Jun 18, 2010
    Messages:
    79
    Likes Received:
    0
    Got this working now. A frustrating week of Googling and early morning starts!!

    For anybody having VoiP problems using a Sonicwall Firewall the following is required.

    Allow following UDP ports:
    5060-5064
    4569 if using IAX2
    10000-20000 (for RTP)

    Under VOIP section:
    - Enable consistent NAT
    - Enable SIP Transformations
    - Permit non-SIP packets on signaling port
    - Enable SIP Back-to-Back User Agent (B2BUA) support

    Also set up a NAT Policy from the WAN Primary IP (Firewall) to the VoiP Server IP and finally set up Firewall rules for inbound/outbound as desired.
     
  5. gabi_cavaller

    Joined:
    Apr 11, 2011
    Messages:
    9
    Likes Received:
    0
    Hi Tumbleweed,

    This is similar to what I have, could you possibly post some screengrabs on here?

    I have created the UDP ports as suggested.

    Configured the voip section.

    Created a NAT policy with those services attached.

    Any help really appreciated.

    Thank you in advanced,

    What SIP provider are you using? :)

    G.
     
  6. tumbleweed

    Joined:
    Jun 18, 2010
    Messages:
    79
    Likes Received:
    0
    Hi G, Sorry for the delay in replying.

    Are you still having problems?

    After my last post I had a very strange problem. 3 extensions would not work on inbound, one of the extensions and phone I deleted/reset to default and reconfigured to no avail, also compared with other phones and same.
    Problem was fixed after I upgraded the Sonicwall to the latest Firmware, which Sonicwall website stated many improvements to VoiP :)
     

Share This Page