internal SIP server

Hi all.

Lately we installed an internal SIP server in our organization.
The server placed on a dedicate scope (Vlan) and all other scope can reach the Sip server.
All is working well.

Now, I'm trying  call from my cellphone thru an application Callphone (Xorcom).
When calling from my internal network, all is working as expected.
When calling from outside (disabling WiFi on my phone) it doesn't work.
It seems that the call reach the SIP server but can't communicate back.
Pinging from the server out is working fine.

I suspect it has something to do with the voice protocol, but it's only a guess.

Any help will be most appreciateSlight smile.

Regards,

Goldy.

Parents
  • Do you have a inbound NAT rule and automatic or configured firewall rules so the serverv can be reached from public internet?
    Is the softphone on your mobile configured to a certain hostname to reach the server?
    Is this hostname (FQDN) reachable in your internal DNS and public DNS. Does the external DNS entry point to the IP that is NATed to the SIP server?
    Is the SIP server configured to accept connections from internal & public IP ranges? is there an extra firewall on the server host that might block connections?

    We are using FreePBX as SIP server and I remember there were a lot of settings we had to configure network wise to make it run.

Reply
  • Do you have a inbound NAT rule and automatic or configured firewall rules so the serverv can be reached from public internet?
    Is the softphone on your mobile configured to a certain hostname to reach the server?
    Is this hostname (FQDN) reachable in your internal DNS and public DNS. Does the external DNS entry point to the IP that is NATed to the SIP server?
    Is the SIP server configured to accept connections from internal & public IP ranges? is there an extra firewall on the server host that might block connections?

    We are using FreePBX as SIP server and I remember there were a lot of settings we had to configure network wise to make it run.

Children
  • Hi Chris and thanks.

    Do you have an inbound NAT rule –Yes
    Automatic or configured firewall rules – Automatic?
    Is the softphone on your mobile configured to a certain hostname to reach the server? – Yes.  FQDN
    Is this hostname (FQDN) reachable in your internal DNS and public DNS-yes, but deference IP (Internal IP from inside, and public IP from the world).
    Does the external DNS entry point to the IP that is NATed to the SIP server?-Yes
    Is the SIP server configured to accept connections from internal & public IP ranges? Yes (any).
    Is there an extra firewall on the server host that might block connections? I have tried any-any-any with the FW.  Didn't help.

  • Shalom Goldy - good to see you here again!

    I'm sure you have checked the Firewall and Intrusion Prevention logs, but I thought I'd mention that for others that look here for an answer.

    Is there a firewall on the SIP server that you could disable?  Maybe it only accepts accesses from within its subnet.  If a Full NAT like the following make things work, it could be a firewall on the SIP server.

                Internet IPv4 -> Voip protocols -> External (Address) : from Internal (Address) to SIP Server

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.
    Great to hear from you Slight smile

    1. Like you said, s normally first step test, I have tried to disable all protection in the UTM - Firewall and Intrusion Prevention.
    2. I've been looking at the logs, but i couldn't see anything wrong. (the thing is, i only know the server IP.  I don't know the IP of the Cloud Phone).

    3. The Sip server has no FW.

    4. The guy from the Sip server said he could see that the request arrived to the server.

    Telephony - Sip Server.
    Wan Telephony - External address.

    Thanks. Upside down