On Sat, Aug 22, 2009 at 11:00 AM, Picher, Michael<mpic...@cmctechgroup.com> wrote: > Good recap of your install Dennis. Glad you worked through your problems! > > > > As you have discovered, product selection makes a big difference in how > smoothly your installation goes… > > > > Based on the descriptions of nat here: > http://en.wikipedia.org/wiki/Network_address_translation I would tend to > agree with you that the system requires One-to-One NAT (Full Cone) with > Static outbound Ports (see previous posts re:pfSense / m0n0wall).
It will ALWAYS work with full cone and static outbound ports. The more refined answer is that it depends upon the ITSP. If ITSP is checking if the remote port matches the SDP then you must allocate the ports statically and map internal port to external port. i.e. you need full cone with static outbound ports and one to one mapping of internal to external ports. You cannot, in that case, tolerate any randomization of ports from the NAT. The packet would be rejected by the ITSP. If you ITSP is doing NAT compensation and does not care about remote port matching the SDP port, you dont need to have anything but a symmetric NAT. Further, if your firewall allows inbound traffic on ports that have sent outbound traffic, you should not need to open up the RTP port range either. Only the signaling port 5080 would need to be opened up. This would be the case for many low cost ITSPs such as les.net and voip.ms. These are pretty simple to configure. SipXbridge does do NAT compensation for both media and signaling (i.e. it will send packets first to the remote address before packets are received in order to open up the pinhole). The wiki will be updated. Ranga > > > > Ranga, Ok to change the Wiki regarding this? > > > > Thanks, > > Mike > > > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Dennis Wallen > Sent: Saturday, August 22, 2009 1:04 AM > To: sipx-users@list.sipfoundry.org > Subject: Re: [sipx-users] Experiences with SipX,Grandstream GXW4104 FXO > gateway, Snom 320 phones,a couple of firewalls, and remote worker setup. > > > > An update on the Grandstream GXW4104 gateway dial plan issue: the recently > released firmware version 1.2.1.5 correctly dials now. As quoted from the > release notes "Fixed using To-header to get PSTN dial number". > > > > ________________________________ > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Dennis Wallen > Sent: Friday, August 21, 2009 4:25 PM > To: sipx-users@list.sipfoundry.org > Subject: [sipx-users] Experiences with SipX, Grandstream GXW4104 FXO > gateway,Snom 320 phones, a couple of firewalls, and remote worker setup. > > Over the past few weeks I’ve been considering SipX as a replacement for our > existing phone system. My greatest interest is in the remote worker > configuration to help support “virtual office” functionality. I don’t > really have any questions, but thought I’d share my experience in case it’s > helpful to someone else. > > > > I initially had difficulty getting the remote worker feature to operate for > two reasons. The first problem had to do with my firewall due to my > confusion when reading some SipX documentation regarding symmetric NAT. > Here is a quote from “SIP Trunking with sipXecs”. “SipXbridge assumes > symmetric NAT port mapping. That means an internal port must be mapped to an > identical external port and vice versa. Without such a mapping some sipx > components will not work. Not all NATs will lend themselves to such > mapping.” The use of the term does not match the definition of “Symmetric > NAT”. I didn’t realize what the problem was until I looked in a log file > and found a warning entry that suggested that the internal and external port > mapping were different and that there may be problems (I can’t remember the > exact message). I replaced my SonicWall TZ190 with a simple WRTG54GS2 > Linksys wireless router and that problem cleared up. > > > > The second problem ended up being with my Snom 320 phones. One of the Snoms > was at another location on the other side of a 3Com OfficeConnect firewall. > I made no configuration changes to that firewall. I noticed in the Snom log > that SipX was adding the proper information to traverse NAT. The Snom would > register and I could place and receive calls, but there was no audio. I > noticed that the Snom was trying to open a connection directly to the > PRIVATE IP address the SipX server even though SipX had provided the proper > IP in the SDP payload of the SIP INVITE message. I reported the problem to > Snom and they opened a bug ticket number of SCPP-1007 on August 6th. > > > > To continue testing I used the X-Lite softphone from CounterPath. Remote > worker functionality seems to be working now. > > > > My next experience was setting up the Grandstream GXW4104 FXO gateway. The > setup was fairly simple. The biggest issue I had was that it kept trying to > dial the “9” prefix. I’m still not certain if the issue is with the gateway > or with SipX. SipX claims that it’s not sending the prefix in the rule, but > I see it in the SIP message. I ended up configuring the Grandstream to > “eat” the 9 to work around the problem. > > > > The final issue I had was trying to get call forking to work. I wanted my > extension and cell phone to ring together. The Grandstream gateway was > treating the call as answered immediately after dialing even though I hadn’t > answered the phone. Someone on a Grandstream forum suggested I could enable > Polarity Reversal to get the desired behavior. That also requires that > feature from the phone company. I haven’t tried that yet. > > > > My biggest observation is that SipX does not work when it is behind a > firewall that has symmetric NAT. What the docs are calling symmetric is > more of a one-to-one mapping. Someone please correct me if I am wrong. The > remote worker can be behind symmetric NAT and that worked just fine. > > > > I hope some of my experiences are helpful to someone. > > _______________________________________________ > sipx-users mailing list sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- M. Ranganathan _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
