There is a "Timeout SIP" in the config. What is it set to? If it is
less than the the qualify interval, which I believe is 60 seconds, then
the PIX will close the inbound hole for qualify traffic. We've got lots
of phones at several remote sites all running behind PIX's and all being
NAT'd to the same IP (per location) and everything works perfect if
qualify is on. If we disable qualify, then the "SIP inbound hole" gets
closed per the "Timeout SIP" and calls don't go through until the phone
re-registers and the hole opens again (they can still call out).
Bill Gibbs wrote:
As a follow up those commands helped with the outbound calls but inbound
still had issues. Asterisk would still show the peer UNREACHABLE.
Turning off qualify has fixed the problem!
Bill
------------------------------------------------------------------------
*From:* Bill D'Anjou [mailto:[EMAIL PROTECTED]
*Sent:* Wednesday, August 23, 2006 12:47 PM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Cc:* Bill Gibbs
*Subject:* RE: [asterisk-users] Cisco PIX firewall and nat=yes
You might need:
fixup protocol sip 5060
fixup protocol sip udp 5060
in the PIX.... if these commands aren't supported you might need newer code.
Bill
-----Original Message-----
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Bill
Gibbs
*Sent:* Wednesday, August 23, 2006 8:53 AM
*To:* Asterisk Users Mailing List - Non-Commercial Discussion
*Subject:* [asterisk-users] Cisco PIX firewall and nat=yes
I have a Polycom 501 that works great from behind simple firewalls,
like Dlink, etc however behind a Cisco PIX Firewall I see the
register messages for the extensions on the Asterisk CLI but when I
do a sip show peers I see:
702/702 x.x.x.x D N 54297 UNREACHABLE
701/701 x.x.x.x D N 54297 UNREACHABLE
700/700 x.x.x.x D N 54297 UNREACHABLE
But I see stuff like
n Registered SIP '702' at x.x.x.x port 54297 expires 60
I have a single phone with multiple extensions in the example above.
As a test I changed that phone to a single extension (700), I see
the Registered line but it still says UNREACHABLE.
I know the Asterisk config is good because every device (soft, hard
phone) works and I know the NAT works because I’ve tested that out.
So…I’m thinking it has something to do with the PIX. Any ideas?
Bill
------------------------------------------------------------------------
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
--
Network stuff you didn't know....
http://www.networkoblivion.com
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
