Re: [sipx-users] require one to one NAT(port 5060 -5080) mapping

Wed, 03 Feb 2010 14:44:48 -0800 

If it has a filter for SIP it must be turned off (SPF or ALG).
============================
Tony Graziano, Manager
Telephone: 434.984.8430
Fax: 434.984.8431

Email: tgrazi...@myitdepartment.net

LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
Fax: 434.984.8427

Helpdesk Contract Customers:
http://www.myitdepartment.net/gethelp/

----- Original Message -----
From: Winson (Elabram) <winson.k...@elabram.com>
To: Tony Graziano <tgrazi...@myitdepartment.net>
Cc: sipXecs users <sipx-users@list.sipfoundry.org>
Sent: Wed Feb 03 16:46:59 2010
Subject: Re: require one to one NAT(port 5060 -5080) mapping

We are using sonicwall NSA 2400, it always keep said my External port !=
internal port,
How to check my port is be symmetric? isit any log will show?



Tony Graziano wrote:



        On Wed, Feb 3, 2010 at 3:18 PM, Winson (Elabram) 
<winson.k...@elabram.com>
wrote:


                Dear all Expert !
                Hi i stuck in the firewall NAT mapping for my Sipbridge - ISTP .

                I try direct use the modem connected to sipXecs and open the 
port
5060,5080, 30000-31000,16384-16482(ISTP) is wan work.

                after i plug in the firewall, the softphone show me is error 
408,time out.
                Then i check the sipbridge.log it show me:


                Remote Host:202.85.243.87---- Port: 5060----\nREGISTER
sip:sip.pennytel.com SIP/2.0\r\nCall-ID:......
                Remote Host:202.85.243.87---- Port: 5060----\nSIP/2.0 401
Unauthorized\r\nCall-ID: ........
                Remote Host:202.85.243.87---- Port: 5060----\nREGISTER
sip:sip.pennytel.com SIP/2.0\r\nCall-ID:.........
                Remote Host:202.85.243.87---- Port: 5060----\nSIP/2.0 200
OK\r\nCall-ID:........
                .... WARNING External port != internal port your NAT may not be 
symmetric.


                It is because i did'n set the NAT policy from my firewall 
(sonicwall) will
become this problem?



        What firewall are you using? It does not appear you are using a 
symmetrical
port NAT method.

        What is this? In order to connect the media stream (default 30000-31000
udp), the firewall "must" be symmetrical, if it leaves (rtp/media) on port
30123 then it must come back on port 30123, for instance.
_______________________________________________
sipx-users mailing list sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to