Hi Everyone, I manage to fix our problem. It was a NAT issue. And setting pfsense to NO NAT takes care of the problem.
Thank you all for your help. Best regards and have a nice day! Rhon On Wed, May 19, 2010 at 12:05 PM, Tony Graziano < tgrazi...@myitdepartment.net> wrote: > Either you create the tunnel on pfsense or ... > > The cisco routers are also on your private network, in which case add a > gateway and route on pfsense to use the cisco routers to connect those 2 > sites. > > No filters in pfsense should be needed in a vpn setting. > ============================ > Tony Graziano, Manager > Telephone: 434.984.8430 > Fax: 434.984.8431 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > ----- Original Message ----- > From: Picher, Michael <mpic...@cmctechgroup.com> > To: Rhon <c4rdi...@gmail.com>; Tony Graziano <tgrazi...@myitdepartment.net > >; > sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> > Sent: Wed May 19 05:40:23 2010 > Subject: RE: [sipx-users] No Voice/IVR on Site-to-Site > > I guess I don't understand your tunnel outside of the pfSense box. > > > > Unless this diagram is inaccurate. > > > > If you'd like to send be a visio or an true picture how this is > configured I might be able to help. > > > > Mike > > > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Rhon > Sent: Tuesday, May 18, 2010 4:17 PM > To: Tony Graziano; sipx-users@list.sipfoundry.org > Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > Hi Everyone, > > Here's a summary of what I did so far but still unable to resolve the > problems.. > > My network looks like this: > > SITE A SIPX --> PFSENSE --> CISCO --> |||| VIA GRE TUNNEL |||| <-- > CISCO <-- PFSENSE <-- SIPX SITEB > > I use Cisco IPSEC GRE Tunnel for this purpose. > > I set the pfsense to Manual Outbound NAT rule generation (Advanced > Outbound NAT (AON)) > > My NAT rules: > WAN 172.16.3.0/24 * * * * * YES > (VLAN SUBNET) > WAN 172.16.1.0/24 * * * * * YES > (PFSENSE/CISCO SUBNET) > > Create 3 firewall rules in pfSense (FOR WAN/VLAN): > > * Action: Pass > * Interface: WAN > * Protocol: UDP > * Source: any > * Destination: WAN address > * Destination port range: 5080 > > * Action: Pass > * Interface: WAN > * Protocol: TCP/UDP > * Source: any > * Destination: WAN address > * Destination port range: 5060 > > > * Action: Pass > * Interface: WAN > * Protocol: TCP/UDP > * Source: any > * Destination: WAN address > * Destination port range: 30000 - 31000 > > I can connect via IPSEC GRE Tunnel and can route on each sites. I can > ring the phones but if you pickup you can't hear any voice but the call > remained connected. Tried to call IVR but no audio either. > > My questions are: > 1. Could this be a firewall problem? Any other ports to open in order to > establish the voice? > 2. Is it required to pass gre protocol even if I have GRE tunnel > established? > 3. I can establish a call using xlite on each site but not on a hard > phone. > > I also made an ACL in cisco to open 5060(UDP/TCP) but it's no use. > > I will greatly appreciate any inputs here. > > Thank you in advance. > > On Tue, May 18, 2010 at 3:42 PM, Rhon <c4rdi...@gmail.com> wrote: > > Hello Tony, > > Here's my x-lite registration to sipx: > > "Rhon"<sip:2...@domain.com <sip%3a...@domain.com> <mailto: > sip%3a...@domain.com <sip%253a...@domain.com>> > > > <sip:2...@172.16.3.138:49328;rinstance=49bedde5bd36ec5d;x-sipX-nonat> > > > My setup passed the configuration test mentioned in the wiki. And are > working in my simulated setup. > > Thanks > > > > On Tue, May 18, 2010 at 2:47 PM, Tony Graziano > <tgrazi...@myitdepartment.net> wrote: > > I would suspect dns. > > If your xlite is registering via hostname instead of domain name, its a > dead > giveaway. > > ============================ > Tony Graziano, Manager > Telephone: 434.984.8430 > Fax: 434.984.8431 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > ----- Original Message ----- > > From: Rhon <c4rdi...@gmail.com> > To: Tony Graziano <tgrazi...@myitdepartment.net>; > sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> > > Sent: Tue May 18 08:40:17 2010 > Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site > > Hello Tony, > > Thank you for your reply. I already have those settings set and are able > to > call site-to-site via x-lite at the moment. > For the sake of testing I allowed everything to PASS on the firewall but > that don't help either. > > I followed your recommendation in allowing GRE protocol to any > destination > but still failed. > > Any clue what's happening? > > Thanks in advance. > > Rhon > > On Tue, May 18, 2010 at 2:30 PM, Tony Graziano > <tgrazi...@myitdepartment.net > > wrote: > > > Again, since your connection is site-to-site and your vpn via ipsec is > > there, you need to ensure the ipsec is passing/allowing all tcp AND > UDP > > traffic between the two. > > > > Don't confuse things with bringing up pfsense since its not really > > involved > > here (I don't think). > > > > Re-read my post listing your five steps. Filow that. It will work. > > ============================ > > Tony Graziano, Manager > > Telephone: 434.984.8430 > > Fax: 434.984.8431 > > > > Email: tgrazi...@myitdepartment.net > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > Telephone: 434.984.8426 > > Fax: 434.984.8427 > > > > Helpdesk Contract Customers: > > http://www.myitdepartment.net/gethelp/ > > > > ----- Original Message ----- > > From: sipx-users-boun...@list.sipfoundry.org > > <sipx-users-boun...@list.sipfoundry.org> > > To: Picher, Michael <mpic...@cmctechgroup.com>; > > sipx-users@list.sipfoundry.org <sipx-users@list.sipfoundry.org> > > Sent: Tue May 18 08:09:29 2010 > > Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > Hello Michael, > > > > Thank you for your reply. > > > > On Tue, May 18, 2010 at 12:38 PM, Picher, Michael > > <mpic...@cmctechgroup.com>wrote: > > > > > I guess it depends on what is creating that tunnel and where NAT > lives. > > > > > Cisco is creating the GRE tunnel. From Cisco it goes to PfSense FW. I > > made > > NAT set to: > > > > *Automatic outbound NAT rule generation (IPsec passthrough)* > > > > I think NAT is not necessary since traffic is passing thru the GRE > Tunnel > > and not going out. You can correct me if I'm wrong here. > > > > Hoping for your usual response. > > > > Many thanks and have a nice day! > > > > Rhon > > > > > > > > Your diagram (to me) shows your PBX behind pfSense and then going > into > > > some > > > sort of Cisco device with a GRE tunnel between the Cisco devices. > So, > > > is > > > the PBX traffic really NAT'd? Where does the Tunnel terminate? > Your > > > information is incomplete. > > > > > I don't think pbx traffic is NAT'd. Here's my ip topology: > > > > SITE A: > > Cisco/PFSense subnet: 192.168.1.0 > > Voice Subnet: 192.168.2.0 > > Tunnel: 10.10.10.1 > > > > SITE B: > > Cisco/PFSense subnet: 172.16.1.0 > > Voice Subnet: 172.16.2.0 > > Tunnel: 10.10.10.2 > > > > > I assumed (maybe wrongly) that your PBX was behind the pfSense box > and > > > NAT'd. > > > > > > > I not sure how to test this. But please note that we can establish > > connection using X-Lite via site-to-site without problems. Connection > can > > be > > established on each sites flawlessly. > > > > > > > > > > > > > Mike > > > > > > > > > > > > *From:* sipx-users-boun...@list.sipfoundry.org [mailto: > > > sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Rhon > > > *Sent:* Tuesday, May 18, 2010 1:01 AM > > > > > > *To:* sipx-users@list.sipfoundry.org > > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > > > > > I'm using IPSEC GRE and pfsense interfaces have private IPs. should > I > > > still > > > need NAT for that matter? > > > > > > Thanks > > > > > > On Tue, May 18, 2010 at 3:03 AM, Picher, Michael > > > <mpic...@cmctechgroup.com> > > > wrote: > > > > > > It should be set to manual and yes. > > > > > > > > > > > > *From:* Rhon [mailto:c4rdi...@gmail.com] > > > *Sent:* Monday, May 17, 2010 9:33 AM > > > *To:* Picher, Michael; sipx-users@list.sipfoundry.org > > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > > > > > Hello Michael, > > > > > > I have the static NAT port set to NO on pfsense. > > > > > > Also, to I have to enable NAT traversal on sipx? > > > > > > Thanks > > > > > > On Mon, May 17, 2010 at 3:20 PM, Picher, Michael > > > <mpic...@cmctechgroup.com> > > > wrote: > > > > > > Static NAT port on the pfSense? > > > > > > > > > > > > *From:* sipx-users-boun...@list.sipfoundry.org [mailto: > > > sipx-users-boun...@list.sipfoundry.org] *On Behalf Of *Rhon > > > *Sent:* Monday, May 17, 2010 9:14 AM > > > *To:* sipx-users@list.sipfoundry.org > > > *Subject:* [sipx-users] No Voice/IVR on Site-to-Site > > > > > > > > > > > > Hi, > > > > > > I have a problem with our deployment with SipXecs 4.2 which was > > > installed > > > fresh using ISO build. > > > > > > We cannot hear anything on both sides but are able to connect and > can > > ring > > > the other end. Calling the IVR is ok but no audio as well. > > > > > > SITE A: > > > 100 - 199 > > > > > > SITE B: > > > 200 - 299 > > > > > > Everything passed using Configurations tests. > > > > > > Our networks are setup as seen below: > > > > > > SITE A SIPX --> PFSENSE --> CISCO --> |||| VIA GRE TUNNEL |||| <-- > > CISCO > > > <-- PFSENSE <-- SIPX SITEB > > > > > > Any thoughts on what the problem could be? > > > > > > I have bypassed everything on the firewall at the moment. > > > > > > Thank you in advance. > > > > > > Rhon > > > > > > > > > > > > > > > > > >
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
