Hi .I'm having trouble trying to get one of the Public IP(Alias) to be nat onto voice subnet interface.Here's the diagram below.Network Diagram.
Here's what i configure for the Leased IP Line.
For voice LAN interface Subnet i configure as below.
As for rule. I did it as below.
I have trouble reaching 188.8.131.52 via 4000 to 4008.May i know which settings i did wrong or is there something i left out ?
I've found the issue. The problem indeed came from the tplink router itself.Today i remove the router and plug a laptop straight to the lan port of the firewall under interface A5.I even configured…
Thank you for reaching out to Sophos Community.
Assuming you're able to make a successful connection on 184.108.40.206 with 5060:5071 ports.
To check further with the 4000:4008 port, you may first try to change 'Use Outbound Address' under Masquerading to default MASQ.
If that doesn't help then try disabling Masquarading once.
You may check traffic flow in the console by using the below command.
==> Login to SSH > 4. Device Console
console> tcpdump 'port <port number>
eg: console> tcpdump 'port 4000
Hi ywillie,As per configuration screenshot, Use Outbound Address seems to be incorrect as this rule is for allowing traffic from WAN(XG-A1) to PABX so there is no need for NATing it with IP 220.127.116.11, you can either uncheck "Rewrite source address" of select Rewrite source address as MASQ instead of 18.104.22.168.
Hi. Thx for the reply. connection to 22.214.171.124 with 5060 to 5071 did not worked either even after i did the DNAT rule.I've been checking the logs from Log viewer. By using my home internet connection to remotely reach 126.96.36.199.I crossed checked my home internet src ip :public ip 188.8.131.52 icmp and tcping towards destination ip:184.108.40.206 .Seems to me all relevant ports from 4000 to 4008 and icmp was actually allowed.However this only stops at 220.127.116.11. When i tried to search src ip:172.20.110.11 . There was nothing.There's actually a TPLINK router TL-R600VPN router with ip 172.20.110.10/24 after interface A5 .I do suspect that the router do not have a static route on it. It does not know where's the exit interface.
My home internet using dynamic ip. It's currently recorded as 18.104.22.168.As i did the test. SRC IP:22.214.171.124 to 126.96.36.199 actually passes the traffic.
However.When i reverse the results with only SRC IP:188.8.131.52 .It returned no results.I triedSRC IP:172.20.110.11 which is the pabx IP.It returned no results either.However when i tried SRC IP:172.20.110.10.It returned something.Seems to me that the router is the culprit.It's a TPLINK R600 router.The TPLINK router was used as a SIP dial up device. It has 1 WAN port connected to the SIP Service provider's modem.While the entire LAN network were setup as 172.20.110.0/24 on the TPLINK R600 Router.I figured that if request the vendor to configure the entire network to be 172.20.110.0/24 on the TPLINK R600 router,It'll actually allow traffic across the firewall towards 184.108.40.206 by creating a DNAT Rule.However that's not the case.This is an actual view on the PABX and it's related devices.There's a static routing missing at the TPLINK Router R600 side.Could i get a help on static routing part ?Should i route only 172.20.110.11/24 accross to 220.127.116.11 ?I had another concern would be by doing such a static route, it might even change the path of the MLS causing the SIP traffic to not work properly..
I've found the issue. The problem indeed came from the tplink router itself.Today i remove the router and plug a laptop straight to the lan port of the firewall under interface A5.I even configured the laptop static with an ip 172.20.110.11/24 matching the Pabx system's ip.I downloaded port listener on the laptop and have it listen on port 4001 and other ports each time to test the connection.Everything went through from externally without issue.The public ip had actually successfully nat to the internal ip .The only problem is the tplink router isn't returning the packets back . It's dropping the packets at some point.