This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External VOIP Phones connecting back to Office - No Audio

Morning All!

Just installed a new Panasonic NS700 phone system at the Office. It's working perfectly here onsite but I have a handset at home that is connecting to the external IP I have setup for the PABX, downloading all its settings etc I can log in and out (ie change my extension number), dial internally and externally ... but I get no audio traffic to or from the remote handset.

Now, I've setup the NAT rules for the Ports needed to be forwarded and it auto-created the Firewall Rules on my SG230. I know the remote handset is hitting the Firewall and being routed correctly to the PABX onsite because its logging in and out of the PABX, dialling and making internal calls to extensions at the Office and external calls to mobile phones etc and I can connect to the PABX's Web Console from any remote PC ... just no audio to or from the remote phone after a call is made!

Network is setup similar to (extremely brief description here):

SG230: 10.0.10.250 (vLAN 10)
Internet Connection is: 1x ADSL and 1x EoC that I have setup as Load Balanced on the SG230. I have a block of extra 4 IP's on each. I have allocated External IP address No 3 on the EoC connection to point to the Internal PABX

NS700 PABX: 10.0.30.250 (vLAN 30)
DSP Card 1: 10.0.30.251

DSP Card 2: 10.0.30.252

All my internal VOIP Phones are on vLAN 30 and getting an address off one of my Windows Servers (vLAN 10) DHCP Pools for vLAN 30

Dell 6248 is my 'Core Layer 3 Switch' with IP Helper and all my inter vLAN routing - all my vLANs are working fine across the network with no issues. Trunk Port on Switch to SG230 is untagged vLAN 10 and Tagged for ALL my other vLANs (including vLAN 30) to give them all a path to the SG230. I have put ALL the vLANS onto the SG230 pointing back to the Internal Interface ... all my internet traffic across all my vLANs is working fine.

The only issue I have is this damned audio to and from these new remote voip handsets!

I have two RTP NAT Rules, supplied by the PABX installer

1. Ports 16000:16511 to DSP1 (UDP)

2. Ports 16512:17023 to DSP2 (UDP)


I have defined both as Service Definitions on the SG230, ticked auto-create firewall rules and everything else I can think of - with no luck so far.


Any tips, pointers, advice or suggestions appreciated :)



This thread was automatically locked due to age.
  • You have to look for audio ports too, and the configuration of NAT Traversal in the phone. I had this problem 5 years ago with 3CX Server.

    The server also have a rule to allow external or outside phones.

    I deletet those rules in my firewall, because i dont use it anymore, but if i find any backup i will write it down

  • The NS700 PABX already has those handsets and extensions setup as external in its internal config. Its network settings are manual and the IP, Subnet and Gateway all match the required subnet settings and point to the Layer 3 switch that handles all internal routing. I'm on the Web Interface now from home - so I know my NAT/Port Forwards are OK and hitting the PABX OK ... this is starting to drive me a little nuts ;) It SHOULD be working from what I can see!

    Hrmmm ....

    Internally its vLAN 30 ... from the PABX I can ping the gateway (the Layer 3 switch) on its vLAN 30 interface - 10.0.30.254. From the PABX I can ping the internal interface of the SG230 - 10.0.10.250. From the PABX I can even ping the switch at a remote site connected to the SG230 by a RED15w on vLAN50 - 10.0.50.1

    I've setup the two RTP NAT rules:

    DNAT: Any - 16000:16511 - 3rd IP on 2nd Internet Connection = Destination: PABX Card 1 (autocreate firewall rule)

    DNAT: Any - 16511:17023 - 3rd IP on 2nd Internet Connection = Destination: PABX Card 2 (autocreate firewall rule)

    I tried creating two SNAT Rules:

    SNAT: PABX Card 1 - 16000:16511 - Any (autocreate firewall rule)
    SNAT: PABX Card 2 - 6511:17023 - Any (autocreate firewall rule)

    Didn't make any difference.

    Then I had a thought about the two Internet connections that are load balanced - maybe I need to add a Multipath rule since the External IP I have allocated to the PABX is on Connection 2. So I created:

    VOIP Rule: vLAN 30 - Any - Any - Connection 2   (vLAN 30 is defined as the 10.0.30.0/24 network on the SG230 - I have setup the Static Route (vlan30 - Interface Internal) and 30.0.10.in-addr.arpa - to my internal Windows DC's that are running as DNS Servers) this is the exact same setup I have for ALL of my internal vLANS I run - which are working have been working fine like this for years.

    Open to any ideas, suggestions, pointers, slaps across the back of the head!

  • check for RTP ports (audio ports) of the PBX
    I know that the phone registers because 5060 port is konfigured in NAT, but you have to check for audio ports in PBX Manual
     

  • The Info I was given was:

    UDP ports range 16000-16511     forwarded to the Panasonic DSP1 card IP 10.0.30.251

    UDP ports range 16512-17023     forwarded to the Panasonic DSP2 card IP 10.0.30.252

    UDP port 2727                                   forwarded to the Panasonic NS700 LAN IP 10.0.30.250

    UDP port 9300                                   forwarded to the Panasonic NS700 LAN IP 10.0.30.250

    UDP port 14060 redirected to port 5060 forwarded to the Panasonic NS700 LAN IP 10.0.30.250

    TCP port 35300 redirected to port 80 forwarded to the Panasonic NS700 LAN IP 10.0.30.250




    These are the exact DNAT rules I setup on the SG230 and ticked auto-create firewall rules as well.

  • What about "nat treversal" under webinterface of the phone?

  • I don't think I have come across a setting re NAT on the PABX ??

  • "Nat Traversal" is a menu, in the phone configuration.  The PBX will not work with two internet intrefaces anyway...

  • If your PBX is an Asterisk flavor it probably has the option localnet=192.168.25.0/255.255.255.0 specified somewhere in one of your SIP config files (sip_general_additional.conf?)

    You'll need to add another line for your VPN subnet (added to sip_general_custom.conf?) and restart your PBX.

  • Its a Panasonic NS700.

    I had the Phone Tech out today and we spent a few more hours on it ... its definitely the SG230 thats screwing it up. Wireshark shows that outside packets from the remote handset are hitting the right External IP and the Port Forwarding is working as intended and I can see return packets trying to go back out but they are getting lost going back through the SG230 and never arriving back at the Remote Handset.

    The Phone system (10.0.30.250/24 default gateway 10.0.30.254) and its two DSP Cards (10.0.30.251 and 252) are on my vLAN30 subnet. My Dell 6248 is my Layer 3 switch doing all inter vlan routing. It is the Default Gateway for vLAN 30 (10.0.30.254) and the Default Gateway for ALL my vLANs. The Default Route 0.0.0.0 on the 6248 points to the SG230 (10.0.10.250) on Port 48 of the 6248.

    The SG230 has Static Routes back to Interface Internal (10.0.10.250) for each vLAN. I have setup each vLAN on the SG230 as a Network Definition and bound them to the Internal Interface. This is how the network has been running for 2 years now without an issue. I setup the new vLAN 30 last week identically to all my other vLANs as per the above.

    I setup the DNAT Rules and new Network Definitions as supplied by the PABX techs and they confirmed the settings are all correct in regards to Port Forwarding. Plugging a Remote Phone Handset (at three different places now) see's the handset connect to the PABX via the Internet ... just not getting that audio between them going ... occasionally I get voice going one way, only very occasionally and at random. I can get a dial tone after pressing 0 for a Line. I can log in/out of the phone (its a feature so your extension follows you form handset to handset) etc. Watching the Live Firewall log want making a call to or from the remote handset - I am not seeing any dropped packets at all.

    Making it a little more complicated - I have TWO Internet connections going. An ADSL Connection (plus a block of 8 Public IP's) and an Ethernet over Copper (10/10) (plus a block of 4 Public IP's). These two connections are setup as 'Uplink Balancing' on the SG230.

    I have tried making two Multipath Rules: 1. for the Port 16000:16511 Definition going to ANY to go out via the EoC link and 2. for the Port 16512:17023 Definition going out to ANY via the EoC link - but with the same results, no audio most times, random times one way audio, no visible dropped packets on the Firewall.

    And I have just tried creating 3 SNAT rules: A rule from the NS700, the DSP1 and DSP2 IP's using ANY service going to ANY, change the source to EOC IP (same as the incoming port forwards are set to) and ticked auto create firewall rule. Again - STILL no audio most times, random times one way audio.

    I'm just out of ideas at this stage. 

  • What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA