Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One way audio on hosted VOIP due to private IP's being transmitted as return address

We have a XG135 (firmware ver: 17.5.3 mr 3) which we have an issue with voip/sip transmission,

currently we have a dedicated port with a rule 'anything from this port to the wan'. In this port we have a dozen or so phones plugged in via a poe switch.

What we assume should happen,
Phone sends packets to host based solution via internal IP (phone), MASQ to public IP (firewall), host receives packets and returns packets to public IP (firewall) which should then be passed to the originating source (phone/ip).
The problem is that the originating WAN-bound packet's internal addresses are being used as the public address for return traffic to use, the result is that no packets from the hosted solution can be returned to the firewall so the phone will dial ok but no audio in one direction.
I have tried with the SIP module loaded and unloaded which did not make any difference. On the face of it it appears to be a NAT issue but i'm lost and at most only expected to set up a QoS policy.
We have also read a few posts regarding similar problems, I don't quite understand why the outbound traffic is passing the internal IP instead off the public IP.
We initially had the rule quite granular where by the port dedicated to the phones was only allowed to communicate via the WAN to a specific IP on specific ports and the ingress rule a reversal of just that.
Could someone please advise if I'm missing something or need to add or change anything?



This thread was automatically locked due to age.
Parents
  • Start with the easy bit, you do not need an incoming firewall rule because all communication is initiated by the phone.

    You would appear to have an issue with your NAT setup on the VoIP rule.

    Please post an expanded copy of the rule and the logviewer lines that show the traffic passing through this rule.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi

    Yes definitely seems like NAT, the rule just has default MASQ to our public IP address.

    please see info below,

     

    PhoneLogs.pdf

    thank you

Reply Children