Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 73596 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External VOIP Phones connecting back to Office - No Audio

Dread

Morning All!

Just installed a new Panasonic NS700 phone system at the Office. It's working perfectly here onsite but I have a handset at home that is connecting to the external IP I have setup for the PABX, downloading all its settings etc I can log in and out (ie change my extension number), dial internally and externally ... but I get no audio traffic to or from the remote handset.

Now, I've setup the NAT rules for the Ports needed to be forwarded and it auto-created the Firewall Rules on my SG230. I know the remote handset is hitting the Firewall and being routed correctly to the PABX onsite because its logging in and out of the PABX, dialling and making internal calls to extensions at the Office and external calls to mobile phones etc and I can connect to the PABX's Web Console from any remote PC ... just no audio to or from the remote phone after a call is made!

Network is setup similar to (extremely brief description here):

SG230: 10.0.10.250 (vLAN 10)
Internet Connection is: 1x ADSL and 1x EoC that I have setup as Load Balanced on the SG230. I have a block of extra 4 IP's on each. I have allocated External IP address No 3 on the EoC connection to point to the Internal PABX

NS700 PABX: 10.0.30.250 (vLAN 30)
DSP Card 1: 10.0.30.251

DSP Card 2: 10.0.30.252

All my internal VOIP Phones are on vLAN 30 and getting an address off one of my Windows Servers (vLAN 10) DHCP Pools for vLAN 30

Dell 6248 is my 'Core Layer 3 Switch' with IP Helper and all my inter vLAN routing - all my vLANs are working fine across the network with no issues. Trunk Port on Switch to SG230 is untagged vLAN 10 and Tagged for ALL my other vLANs (including vLAN 30) to give them all a path to the SG230. I have put ALL the vLANS onto the SG230 pointing back to the Internal Interface ... all my internet traffic across all my vLANs is working fine.

The only issue I have is this damned audio to and from these new remote voip handsets!

I have two RTP NAT Rules, supplied by the PABX installer

1. Ports 16000:16511 to DSP1 (UDP)

2. Ports 16512:17023 to DSP2 (UDP)


I have defined both as Service Definitions on the SG230, ticked auto-create firewall rules and everything else I can think of - with no luck so far.


Any tips, pointers, advice or suggestions appreciated :)



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    I'd scour through the NAT settings on your PBX. The only reason I say this is because any SIP system I've worked with has needed these changes in order to have audio passed to external extensions. The IP's I gave in my example above obviously do not apply but there might be an equivalent option(s) for your Panasonic system and maybe even the handset as well. Much like Asterisk. You have specified the NAT - Fixed Global IP Address in the Panasonic web console?

    This might be the equivalent of asterisks "externip" option:

    Indicates the IP address that will be used as the source IP address for all SIP messages when NAT is specified.

     

    Where as my post above is about the "localnet" option

    Hosts falling within the network ranges specified by the localnet option will be excluded from any NATing efforts by Asterisk. As a result, the source IP address within the SIP requests/responses will use the internal IP address of the network interface associated with bindaddr .

  • 0 in reply to Dread

    Yeah, it looks like there's no escape from having to use tcpdump.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    LOL, missed that bit. Absolutely nothing at all popping in the IP logs. I just made a call to the handset at my place - nada in the IP Log and nothing dropped in the Firewall logs. 

    This is starting to drive me a little nuts! One tiny little thing somewhere is screwing it ... 

  • 0 in reply to Dread

    Actually, if you read #1 closely, you'll see that I was more interested in the Intrusion Prevention log... [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Cheers for the reply Bob, apologies for the delayed reply - it was a Public Holiday here yesterday and I've only just got back in the office!

    The Firewall logs aren't showing anything at all. I sit there watching the Live Firewall logs when calls are being made and I am not seeing anything being actively dropped/blocked.

  • 0 in reply to Dread

    What do you learn from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to rsenio

    Its a Panasonic NS700.

    I had the Phone Tech out today and we spent a few more hours on it ... its definitely the SG230 thats screwing it up. Wireshark shows that outside packets from the remote handset are hitting the right External IP and the Port Forwarding is working as intended and I can see return packets trying to go back out but they are getting lost going back through the SG230 and never arriving back at the Remote Handset.

    The Phone system (10.0.30.250/24 default gateway 10.0.30.254) and its two DSP Cards (10.0.30.251 and 252) are on my vLAN30 subnet. My Dell 6248 is my Layer 3 switch doing all inter vlan routing. It is the Default Gateway for vLAN 30 (10.0.30.254) and the Default Gateway for ALL my vLANs. The Default Route 0.0.0.0 on the 6248 points to the SG230 (10.0.10.250) on Port 48 of the 6248.

    The SG230 has Static Routes back to Interface Internal (10.0.10.250) for each vLAN. I have setup each vLAN on the SG230 as a Network Definition and bound them to the Internal Interface. This is how the network has been running for 2 years now without an issue. I setup the new vLAN 30 last week identically to all my other vLANs as per the above.

    I setup the DNAT Rules and new Network Definitions as supplied by the PABX techs and they confirmed the settings are all correct in regards to Port Forwarding. Plugging a Remote Phone Handset (at three different places now) see's the handset connect to the PABX via the Internet ... just not getting that audio between them going ... occasionally I get voice going one way, only very occasionally and at random. I can get a dial tone after pressing 0 for a Line. I can log in/out of the phone (its a feature so your extension follows you form handset to handset) etc. Watching the Live Firewall log want making a call to or from the remote handset - I am not seeing any dropped packets at all.

    Making it a little more complicated - I have TWO Internet connections going. An ADSL Connection (plus a block of 8 Public IP's) and an Ethernet over Copper (10/10) (plus a block of 4 Public IP's). These two connections are setup as 'Uplink Balancing' on the SG230.

    I have tried making two Multipath Rules: 1. for the Port 16000:16511 Definition going to ANY to go out via the EoC link and 2. for the Port 16512:17023 Definition going out to ANY via the EoC link - but with the same results, no audio most times, random times one way audio, no visible dropped packets on the Firewall.

    And I have just tried creating 3 SNAT rules: A rule from the NS700, the DSP1 and DSP2 IP's using ANY service going to ANY, change the source to EOC IP (same as the incoming port forwards are set to) and ticked auto create firewall rule. Again - STILL no audio most times, random times one way audio.

    I'm just out of ideas at this stage. 

  • 0 in reply to Ol Deda

    If your PBX is an Asterisk flavor it probably has the option localnet=192.168.25.0/255.255.255.0 specified somewhere in one of your SIP config files (sip_general_additional.conf?)

    You'll need to add another line for your VPN subnet (added to sip_general_custom.conf?) and restart your PBX.

  • 0 in reply to Dread

    "Nat Traversal" is a menu, in the phone configuration.  The PBX will not work with two internet intrefaces anyway...

  • 0 in reply to Ol Deda

    I don't think I have come across a setting re NAT on the PABX ??

Unfiltered HTML