Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One way audio on hosted VOIP due to private IP's being transmitted as return address

We have a XG135 (firmware ver: 17.5.3 mr 3) which we have an issue with voip/sip transmission,

currently we have a dedicated port with a rule 'anything from this port to the wan'. In this port we have a dozen or so phones plugged in via a poe switch.

What we assume should happen,
Phone sends packets to host based solution via internal IP (phone), MASQ to public IP (firewall), host receives packets and returns packets to public IP (firewall) which should then be passed to the originating source (phone/ip).
The problem is that the originating WAN-bound packet's internal addresses are being used as the public address for return traffic to use, the result is that no packets from the hosted solution can be returned to the firewall so the phone will dial ok but no audio in one direction.
I have tried with the SIP module loaded and unloaded which did not make any difference. On the face of it it appears to be a NAT issue but i'm lost and at most only expected to set up a QoS policy.
We have also read a few posts regarding similar problems, I don't quite understand why the outbound traffic is passing the internal IP instead off the public IP.
We initially had the rule quite granular where by the port dedicated to the phones was only allowed to communicate via the WAN to a specific IP on specific ports and the ingress rule a reversal of just that.
Could someone please advise if I'm missing something or need to add or change anything?



This thread was automatically locked due to age.
Parents
  • I know this topic is old, but I wanted to add that the only way I was able to resolve this was to make our Cisco equipment change the private IP to the public IP. The XG would not work even with lengthy calls to support and several Cisco engineers from our MSP.

  • I was able to find the cause.  In my case, I was switching from SIP to hosted VoIP (using SIP).  I found out AT&T blocks all SIP traffic except their own (when you have AT&T SIP enabled).   It just a check off button for them, but after several weeks and legal forms, we got them to un-block non-ATT SIP and everything started working.

     

    HTH this helps someone else.

Reply
  • I was able to find the cause.  In my case, I was switching from SIP to hosted VoIP (using SIP).  I found out AT&T blocks all SIP traffic except their own (when you have AT&T SIP enabled).   It just a check off button for them, but after several weeks and legal forms, we got them to un-block non-ATT SIP and everything started working.

     

    HTH this helps someone else.

Children
No Data