Either you create the tunnel on pfsense or ... The cisco routers are also on your private network, in which case add a gateway and route on pfsense to use the cisco routers to connect those 2 sites.
No filters in pfsense should be needed in a vpn setting. ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: Picher, Michael <mpic...@cmctechgroup.com> To: Rhon <c4rdi...@gmail.com>; Tony Graziano <tgrazi...@myitdepartment.net>; sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> Sent: Wed May 19 05:40:23 2010 Subject: RE: [sipx-users] No Voice/IVR on Site-to-Site I guess I don't understand your tunnel outside of the pfSense box. Unless this diagram is inaccurate. If you'd like to send be a visio or an true picture how this is configured I might be able to help. Mike From: sipx-users-boun...@list.sipfoundry.org [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Rhon Sent: Tuesday, May 18, 2010 4:17 PM To: Tony Graziano; sipx-users@list.sipfoundry.org Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site Hi Everyone, Here's a summary of what I did so far but still unable to resolve the problems.. My network looks like this: SITE A SIPX --> PFSENSE --> CISCO --> |||| VIA GRE TUNNEL |||| <-- CISCO <-- PFSENSE <-- SIPX SITEB I use Cisco IPSEC GRE Tunnel for this purpose. I set the pfsense to Manual Outbound NAT rule generation (Advanced Outbound NAT (AON)) My NAT rules: WAN 172.16.3.0/24 * * * * * YES (VLAN SUBNET) WAN 172.16.1.0/24 * * * * * YES (PFSENSE/CISCO SUBNET) Create 3 firewall rules in pfSense (FOR WAN/VLAN): * Action: Pass * Interface: WAN * Protocol: UDP * Source: any * Destination: WAN address * Destination port range: 5080 * Action: Pass * Interface: WAN * Protocol: TCP/UDP * Source: any * Destination: WAN address * Destination port range: 5060 * Action: Pass * Interface: WAN * Protocol: TCP/UDP * Source: any * Destination: WAN address * Destination port range: 30000 - 31000 I can connect via IPSEC GRE Tunnel and can route on each sites. I can ring the phones but if you pickup you can't hear any voice but the call remained connected. Tried to call IVR but no audio either. My questions are: 1. Could this be a firewall problem? Any other ports to open in order to establish the voice? 2. Is it required to pass gre protocol even if I have GRE tunnel established? 3. I can establish a call using xlite on each site but not on a hard phone. I also made an ACL in cisco to open 5060(UDP/TCP) but it's no use. I will greatly appreciate any inputs here. Thank you in advance. On Tue, May 18, 2010 at 3:42 PM, Rhon <c4rdi...@gmail.com> wrote: Hello Tony, Here's my x-lite registration to sipx: "Rhon"<sip:2...@domain.com <mailto:sip%3a...@domain.com> > <sip:2...@172.16.3.138:49328;rinstance=49bedde5bd36ec5d;x-sipX-nonat> My setup passed the configuration test mentioned in the wiki. And are working in my simulated setup. Thanks On Tue, May 18, 2010 at 2:47 PM, Tony Graziano <tgrazi...@myitdepartment.net> wrote: I would suspect dns. If your xlite is registering via hostname instead of domain name, its a dead giveaway. ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: Rhon <c4rdi...@gmail.com> To: Tony Graziano <tgrazi...@myitdepartment.net>; sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> Sent: Tue May 18 08:40:17 2010 Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site Hello Tony, Thank you for your reply. I already have those settings set and are able to call site-to-site via x-lite at the moment. For the sake of testing I allowed everything to PASS on the firewall but that don't help either. I followed your recommendation in allowing GRE protocol to any destination but still failed. Any clue what's happening? Thanks in advance. Rhon On Tue, May 18, 2010 at 2:30 PM, Tony Graziano <tgrazi...@myitdepartment.net > wrote: > Again, since your connection is site-to-site and your vpn via ipsec is > there, you need to ensure the ipsec is passing/allowing all tcp AND UDP > traffic between the two. > > Don't confuse things with bringing up pfsense since its not really > involved > here (I don't think). > > Re-read my post listing your five steps. Filow that. It will work. > ============================ > Tony Graziano, Manager > Telephone: 434.984.8430 > Fax: 434.984.8431 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > ----- Original Message ----- > From: sipx-users-boun...@list.sipfoundry.org > <sipx-users-boun...@list.sipfoundry.org> > To: Picher, Michael <mpic...@cmctechgroup.com>; > sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> > Sent: Tue May 18 08:09:29 2010 > Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site > > Hello Michael, > > Thank you for your reply. > > On Tue, May 18, 2010 at 12:38 PM, Picher, Michael > <mpic...@cmctechgroup.com>wrote: > > > I guess it depends on what is creating that tunnel and where NAT lives. > > > Cisco is creating the GRE tunnel. From Cisco it goes to PfSense FW. I > made > NAT set to: > > *Automatic outbound NAT rule generation (IPsec passthrough)* > > I think NAT is not necessary since traffic is passing thru the GRE Tunnel > and not going out. You can correct me if I'm wrong here. > > Hoping for your usual response. > > Many thanks and have a nice day! > > Rhon > > > > > Your diagram (to me) shows your PBX behind pfSense and then going into > > some > > sort of Cisco device with a GRE tunnel between the Cisco devices. So, > > is > > the PBX traffic really NAT'd? Where does the Tunnel terminate? Your > > information is incomplete. > > > I don't think pbx traffic is NAT'd. Here's my ip topology: > > SITE A: > Cisco/PFSense subnet: 192.168.1.0 > Voice Subnet: 192.168.2.0 > Tunnel: 10.10.10.1 > > SITE B: > Cisco/PFSense subnet: 172.16.1.0 > Voice Subnet: 172.16.2.0 > Tunnel: 10.10.10.2 > > > I assumed (maybe wrongly) that your PBX was behind the pfSense box and > > NAT'd. > > > > I not sure how to test this. But please note that we can establish > connection using X-Lite via site-to-site without problems. Connection can > be > established on each sites flawlessly. > > > > > > > > Mike > > > > > > > > *From:* sipx-users-boun...@list.sipfoundry.org [mailto: > > sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Rhon > > *Sent:* Tuesday, May 18, 2010 1:01 AM > > > > *To:* sipx-users@list.sipfoundry.org > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > I'm using IPSEC GRE and pfsense interfaces have private IPs. should I > > still > > need NAT for that matter? > > > > Thanks > > > > On Tue, May 18, 2010 at 3:03 AM, Picher, Michael > > <mpic...@cmctechgroup.com> > > wrote: > > > > It should be set to manual and yes. > > > > > > > > *From:* Rhon [mailto:c4rdi...@gmail.com] > > *Sent:* Monday, May 17, 2010 9:33 AM > > *To:* Picher, Michael; sipx-users@list.sipfoundry.org > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > Hello Michael, > > > > I have the static NAT port set to NO on pfsense. > > > > Also, to I have to enable NAT traversal on sipx? > > > > Thanks > > > > On Mon, May 17, 2010 at 3:20 PM, Picher, Michael > > <mpic...@cmctechgroup.com> > > wrote: > > > > Static NAT port on the pfSense? > > > > > > > > *From:* sipx-users-boun...@list.sipfoundry.org [mailto: > > sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Rhon > > *Sent:* Monday, May 17, 2010 9:14 AM > > *To:* sipx-users@list.sipfoundry.org > > *Subject:* [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > Hi, > > > > I have a problem with our deployment with SipXecs 4.2 which was > > installed > > fresh using ISO build. > > > > We cannot hear anything on both sides but are able to connect and can > ring > > the other end. Calling the IVR is ok but no audio as well. > > > > SITE A: > > 100 - 199 > > > > SITE B: > > 200 - 299 > > > > Everything passed using Configurations tests. > > > > Our networks are setup as seen below: > > > > SITE A SIPX --> PFSENSE --> CISCO --> |||| VIA GRE TUNNEL |||| <-- > CISCO > > <-- PFSENSE <-- SIPX SITEB > > > > Any thoughts on what the problem could be? > > > > I have bypassed everything on the firewall at the moment. > > > > Thank you in advance. > > > > Rhon > > > > > > > > > > > _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
