right. proper firewall configuration... On Wed, Sep 8, 2010 at 11:01 AM, Stiles Watson <wat...@datatek-net.com>wrote:
> Thanks Tony! > > I already had consistent NAT enabled, but not SIP Transformations (turning > that on with Trixbox resulted in the Sonicwall being pegged at 100% - which > is why I had not tried it with sipX). I enabled transformations and made my > call again and after 2min it was still up so that seems to have done the > trick. > > I'll keep testing. > > Stiles > > Tony Graziano wrote: > > I think in sonicwall it is called consistent nat. > > > To enable Consistent NAT, select the Enable Consistent NAT setting and > click Apply. This checkbox > is disabled by default. > > > On Wed, Sep 8, 2010 at 10:31 AM, Tony Graziano < > tgrazi...@myitdepartment.net> wrote: > >> your firewall is a REALLY important pice of the puzzle. Thanks for finally >> telling us what it is. >> >> In the sonicwall: >> >> >> 1. Open web administration interface >> 2. Select VoIP from the left menu >> 3. Check/uncheck Enable SIP Transformations >> 4. Click Accept >> >> >> Then try your call again and see if it disconnects at the 90 second call >> timer. The call is because both sides have never agreed the connection is >> "OK". So, the FIRST thing to do is make sure your firewall is configured to >> disable the SIP ALG and provide symmetric nat. >> >> 1. DISABLE SIP ALG (see above). >> 2. Make sure the NAT is "SYMMETRIC" NAT on the sonicwall. >> >> Sonicwall lovers feel free to share "how-to" on the sonicwall, >> especially how to deploy symmetric nat >> >> >> On Wed, Sep 8, 2010 at 10:22 AM, Tony Graziano < >> tgrazi...@myitdepartment.net> wrote: >> >>> I think you need to disable the sip alg on the sonicwall. >>> >>> >>> On Wed, Sep 8, 2010 at 10:19 AM, Stiles Watson >>> <wat...@datatek-net.com>wrote: >>> >>>> That was my initial sipX setup as well (except I had Auth User set >>>> equal to User). >>>> >>>> On the Teliax side under device settings did you do either of the >>>> following? >>>> >>>> - enable DNIS so they send the number instead of the user in the SIP >>>> INVITE? >>>> - enter your pubilc IP >>>> >>>> The reason I ask is because the "User part of INVITE SIP URI is a phone >>>> number" checkbox under the sipX ITSP Account settings defaults to >>>> 'enabled', >>>> but unless you enable DNIS on the Teliax side, this is not the case (unless >>>> I'm misunderstanding the something works). >>>> >>>> Firewall: >>>> >>>> I'm using a Sonicwall NSA 240. I have NAT policies which forward ports >>>> UDP 5080, UDP&TCP 5060-5061 & UDP 30000-31000 untranslated to the sipX >>>> server (we're a small shop so everything is running on one server). Are you >>>> saying that the invite actually comes to UDP port 37678? >>>> >>>> >>>> Stiles >>>> >>>> Dave Redmore wrote: >>>> >>>> My settings for the gateway are all default - Under "Configuration", I >>>> defined "Address" as "den.teliax.net" - Under "CallerID" I set the >>>> "Default Caller ID" to my incoming phone number - under "ITSP Account" I >>>> defined "Username" ("Authentication Username" is left blank), "Password" >>>> and >>>> checked "Register on Initialization". Everything else is defaulted. >>>> >>>> When I do a packet capture on the WAN port of the pfSense - I see Teliax >>>> sending me OPTION pings to the NAT'd port number (37678 in this case). >>>> When >>>> I look at the State table I see active states from sipX:5080 -> >>>> pfSense:37678 -> den.teliax.net:5060. Incoming Invite is to the >>>> external port (37678). >>>> >>>> So, it looks like FreeSwitch on Teliax end is doing its NAT compensation >>>> magic and pfSense is staying out of the way. >>>> >>>> Interestingly, when I looked at the packet capture and state tables - in >>>> addition to the connection from sipXbridge on port 5080 - there is also a >>>> connection maintained from sipXecs on port 5060 (which in this case is >>>> being >>>> NAT'd to port 5041). So, I am getting OPTION pings to port 37678 >>>> (translated to 5080), to which sipXbridge respondes "406 Not Acceptable" >>>> and >>>> OPTION pings to port 5041 (translated to 5060) to which sipX responses "200 >>>> Okay". The "Request URI" for the OPTION ping to sipXbridge looks like >>>> "sip:teliaxusername@(Ext. >>>> IP Address):37678;transport=udp;fs_nat=yes". The "Request URI" for the >>>> OPTION ping to sipX looks like "sip:s@(Ext IP Address):5041;fs_nat=yes". >>>> >>>> >>>> Dave >>>> >>>> >>>> ----- Original Message ----- >>>> From: "Tony Graziano" >>>> <tgrazi...@myitdepartment.net><tgrazi...@myitdepartment.net> >>>> To: sipx-users@list.sipfoundry.org >>>> Sent: Tuesday, September 7, 2010 6:20:04 PM GMT -06:00 US/Canada Central >>>> Subject: Re: [sipx-users] Call drops after 1 min & 29 secs >>>> >>>> Then it would be good to have a template for them. Can you detail an >>>> example >>>> of your gateway? Are they sending on port 5080? What did you have to do >>>> to >>>> get them to send on port 5080? >>>> ============================ >>>> Tony Graziano, Manager >>>> Telephone: 434.984.8430 >>>> Fax: 434.984.8431 >>>> >>>> Email: tgrazi...@myitdepartment.net >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> Fax: 434.984.8427 >>>> >>>> Helpdesk Contract Customers: >>>> http://www.myitdepartment.net/gethelp/ >>>> >>>> ----- Original Message ----- >>>> From: sipx-users-boun...@list.sipfoundry.org >>>> <sipx-users-boun...@list.sipfoundry.org><sipx-users-boun...@list.sipfoundry.org> >>>> To: Discussion list for users of sipXecs software >>>> <sipx-users@list.sipfoundry.org> <sipx-users@list.sipfoundry.org> >>>> Sent: Tue Sep 07 19:17:14 2010 >>>> Subject: Re: [sipx-users] Call drops after 1 min & 29 secs >>>> >>>> I can report that I have 4.2.1 installed and working very nicely with >>>> Teliax. I have configured a gateway using very "plain vanilla" settings >>>> and >>>> it worked pretty much "right out of the box". Incoming calls and >>>> outgoing. >>>> MOH and transfers all seem to work fine. I currently have a Grandstream >>>> GXP-2020 and Polycom 301 on that system for testing/evaluation and will >>>> probably put it into "production" in the next day or two. I have sipX >>>> sitting behind a pfSense firewall. I am using the Denver proxy for >>>> incoming >>>> calls and outgoing route to their Chicago proxy. >>>> >>>> >>>> I am limited in choices for ITSPs that can provide local DIDs and have >>>> been >>>> working with Teliax for about 4-5 years. I personally find them to be >>>> pretty >>>> good and a decent value when using the PAYG services. >>>> >>>> >>>> Dave >>>> >>>> ----- Original Message ----- >>>> From: "Tony Graziano" >>>> <tgrazi...@myitdepartment.net><tgrazi...@myitdepartment.net> >>>> To: "Discussion list for users of sipXecs software" >>>> <sipx-users@list.sipfoundry.org> <sipx-users@list.sipfoundry.org> >>>> Sent: Tuesday, September 7, 2010 5:40:35 PM GMT -06:00 US/Canada Central >>>> Subject: Re: [sipx-users] Call drops after 1 min & 29 secs >>>> >>>> That still references using port 5060 and ip authentication. He would >>>> need >>>> to ensure they support using the public IP at port 5080. It sounds like >>>> he >>>> may have to get them to do that for him manually. >>>> >>>> >>>> On Tue, Sep 7, 2010 at 6:29 PM, Todd Hodgen < thod...@verizon.net > >>>> wrote: >>>> >>>> >>>> >>>> >>>> >>>> >>>> There have been some discussions about this ITSP on the list in the >>>> past. >>>> >>>> >>>> >>>> I did find this one. >>>> >>>> http://forum.sipfoundry.org/index.php?t=msg&goto=44468&S=9a2fe924342a700db212b8481e97cc22#msg_44468 >>>> >>>> >>>> >>>> Not sure if this fixes your problems, but it does reference a dashboard >>>> that >>>> you may want to access for some configuration options. I’d search more >>>> of >>>> the archives as well for people that have referenced this ITSP and have >>>> successfully gotten it working. >>>> >>>> >>>> >>>> >>>> From: sipx-users-boun...@list.sipfoundry.org [mailto: >>>> sipx-users-boun...@list.sipfoundry.org ] On Behalf Of Tony Graziano >>>> Sent: Tuesday, September 07, 2010 3:16 PM >>>> >>>> To: Discussion list for users of sipXecs software >>>> >>>> Subject: Re: [sipx-users] Call drops after 1 min & 29 secs >>>> >>>> >>>> >>>> >>>> >>>> If your firewall has a packet capture facility, you can do a pcap on the >>>> WAN >>>> interface and see what they are sending. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> I would suspect if anyone has a working teliax config they will share >>>> it. >>>> >>>> >>>> On Tue, Sep 7, 2010 at 6:15 PM, Tony Graziano < >>>> tgrazi...@myitdepartment.net >>>> > wrote: >>>> >>>> I think unless you are wed to them, it would be easier to switch to a >>>> "normal" provider. Supported providers in the templates usually take 5 >>>> minutes to setup. I HOPE your firewall is doing manual versus automatic >>>> NAT. >>>> >>>> >>>> >>>> >>>> >>>> I looked at Teliax and they seem "residentially" focused, and really >>>> expensive for business plans. >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Sep 7, 2010 at 6:12 PM, Stiles Watson < wat...@datatek-net.com> >>>> wrote: >>>> >>>> >>>> Unfortunately, there is no way in the Teliax portal to even see if you >>>> are >>>> registered, much less what port. >>>> >>>> The reason I had 5060 forwarded to sipx was this was how I had Trixbox >>>> CE >>>> setup and working. There is nothing in my Teliax setup which I changed >>>> to >>>> force 5060. >>>> >>>> Thanks for the pdf. With the exception of the SIP port, I think I have >>>> everything setup correctly. I changed my NAT rules to forward 5080 >>>> instead >>>> of 5060 and the call acted exactly the same. >>>> >>>> I've also asked Teliax if they have config info for sipX and they said >>>> no, >>>> but many are using the two together successfully. Here is their exact >>>> response: >>>> >>>> "We do not have a have a configuration for them. However, I know that >>>> many >>>> customers have used SIPXECS without a problem. The main information you >>>> need >>>> is the username, secret, and host that you are registering to." >>>> >>>> I've asked them what port they are sending the INVITE on and am waiting >>>> on a >>>> response. >>>> >>>> Any other suggestions/thoughts? >>>> >>>> Stiles >>>> >>>> Tony Graziano wrote: >>>> >>>> >>>> >>>> It means they are not acking the call. I suspect this is because >>>> sipxbridge >>>> may not be involved in the call, and only sipxproxy is, which would be >>>> problematic for a lot of call scenarios (like transfers). >>>> >>>> >>>> >>>> >>>> >>>> >>>> I'm confused though, because it seems you are breaking "rule #1" when >>>> using >>>> sipxbridge... you are having the calls sent to port 5060 instead of >>>> 5080. >>>> >>>> >>>> >>>> >>>> >>>> When you register with teliax, can you see on their portal what port you >>>> are >>>> registering on? Can you confirm they are sending to you on a specific >>>> port? >>>> If so, what port? >>>> >>>> >>>> >>>> >>>> >>>> You should peek at this: >>>> >>>> >>>> >>>> >>>> >>>> >>>> http://blog.myitdepartment.net/wp-content/uploads/2009/11/Call-Setup-Example-sipXecs-through-ITSP1.pdf >>>> >>>> >>>> >>>> >>>> >>>> Somehow I don't believe you are doing it quite like that. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Sep 7, 2010 at 5:18 PM, Stiles Watson < wat...@datatek-net.com> >>>> wrote: >>>> >>>> >>>> Running >>>> >>>> • sipXecs v 4.2.1 >>>> • ITSP is Teliax >>>> • SIP ports 5060 & 5061 are routed to sipX server >>>> • RTP ports 30000-31000 are routed to sipX server >>>> • Polycom IP 335 hardphone >>>> >>>> >>>> I'm able to place incoming and outgoing calls through Teliax, but calls >>>> consistently drop after 1 min. 29 sec. >>>> >>>> Teliax device config change attempts: >>>> >>>> • Enable DNIS (teliax sends number in sip invite instead of user) >>>> >>>> >>>> >>>> >>>> • result: calls still drop after 1 min. 29 sec., but made call >>>> routing easier via a custom DID! >>>> >>>> • Entered public IP under "Your IP" >>>> >>>> >>>> >>>> • This is optional and resulted in not being able to make >>>> inbound >>>> calls (I read in the archives that this is recommended with Teliax - is >>>> there a sipX config change needed to make this work?) >>>> >>>> sipX config for teliax SIP trunk Gateway: >>>> >>>> • Configuration >>>> >>>> >>>> >>>> >>>> • Enabled: yes • Name: teliax >>>> • SBC Route: sipXbridge-1 >>>> • Address: den.teliax.net (this has to match with the proxy >>>> setting >>>> in your teliax account) >>>> • Port: 0 >>>> • Transport protocol: Auto >>>> • Location: all >>>> • Shared: yes >>>> >>>> >>>> • Caller ID >>>> >>>> >>>> >>>> • Default Caller ID: set this to the number from Teliax >>>> • >>>> use default for all other settings >>>> >>>> >>>> • Dial Plan >>>> >>>> >>>> >>>> • Enabled and added both Local & Long Distance dial plans to >>>> this >>>> gateway >>>> >>>> • ITSP Account >>>> >>>> >>>> >>>> • Username: use teliax username • Authentication >>>> Username: >>>> same as Username >>>> • Password: use teliax device password >>>> • Register on init: yes >>>> • ITSP server address: same as Config-->Address above >>>> • Use public address for call setup: yes (I tried both yes and >>>> no, >>>> calls completed either way and did not effect disconnect problem) >>>> • Strip private headers: default >>>> • Use default asserted identity: default >>>> • Asserted identity: default >>>> • Use default preferred identity: default >>>> • Preferred identity: default >>>> • User part of INVITE SIP URI is a phone number: NO >>>> • ITSP Registrar Address: default >>>> • ITSP Registrar Port: default >>>> • Registration interval: default >>>> • Session Timer Interval: default >>>> • Method to use for SIP keepalive: Empty SIP message (also tried >>>> None) >>>> • Method to use for RTP keepalive: Replay last sent packet (also >>>> tried None) >>>> • Route by To Header: default >>>> >>>> >>>> Any thoughts as to why the calls would drop after 1 min. 29 sec.? >>>> >>>> Stiles >>>> >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> sipx-users@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> >>>> >>>> >>>> -- >>>> ====================== >>>> Tony Graziano, Manager >>>> Telephone: 434.984.8430 >>>> sip: tgrazi...@voice.myitdepartment.net >>>> Fax: 434.984.8431 >>>> >>>> Email: tgrazi...@myitdepartment.net >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> sip: helpd...@voice.myitdepartment.net >>>> Fax: 434.984.8427 >>>> >>>> Helpdesk Contract Customers: >>>> http://www.myitdepartment.net/gethelp/ >>>> >>>> Why do mathematicians always confuse Halloween and Christmas? >>>> Because 31 Oct = 25 Dec. >>>> >>>> _______________________________________________ sipx-users mailing list >>>> sipx-users@list.sipfoundry.org List Archive: >>>> http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> sipx-users@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> >>>> >>>> >>>> -- >>>> ====================== >>>> Tony Graziano, Manager >>>> Telephone: 434.984.8430 >>>> sip: tgrazi...@voice.myitdepartment.net >>>> Fax: 434.984.8431 >>>> >>>> Email: tgrazi...@myitdepartment.net >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> sip: helpd...@voice.myitdepartment.net >>>> Fax: 434.984.8427 >>>> >>>> Helpdesk Contract Customers: >>>> http://www.myitdepartment.net/gethelp/ >>>> >>>> Why do mathematicians always confuse Halloween and Christmas? >>>> Because 31 Oct = 25 Dec. >>>> >>>> >>>> >>>> >>>> -- >>>> ====================== >>>> Tony Graziano, Manager >>>> Telephone: 434.984.8430 >>>> sip: tgrazi...@voice.myitdepartment.net >>>> Fax: 434.984.8431 >>>> >>>> Email: tgrazi...@myitdepartment.net >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> sip: helpd...@voice.myitdepartment.net >>>> Fax: 434.984.8427 >>>> >>>> Helpdesk Contract Customers: >>>> http://www.myitdepartment.net/gethelp/ >>>> >>>> Why do mathematicians always confuse Halloween and Christmas? >>>> Because 31 Oct = 25 Dec. >>>> _______________________________________________ >>>> sipx-users mailing list >>>> sipx-users@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> >>>> >>>> -- >>>> ====================== >>>> Tony Graziano, Manager >>>> Telephone: 434.984.8430 >>>> sip: tgrazi...@voice.myitdepartment.net >>>> Fax: 434.984.8431 >>>> >>>> Email: tgrazi...@myitdepartment.net >>>> >>>> LAN/Telephony/Security and Control Systems Helpdesk: >>>> Telephone: 434.984.8426 >>>> sip: helpd...@voice.myitdepartment.net >>>> Fax: 434.984.8427 >>>> >>>> Helpdesk Contract Customers: >>>> http://www.myitdepartment.net/gethelp/ >>>> >>>> Why do mathematicians always confuse Halloween and Christmas? >>>> Because 31 Oct = 25 Dec. >>>> >>>> >>>> _______________________________________________ sipx-users mailing list >>>> sipx-users@list.sipfoundry.org List Archive: >>>> http://list.sipfoundry.org/archive/sipx-users/ >>>> _______________________________________________ >>>> sipx-users mailing list >>>> sipx-users@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> ------------------------------ >>>> >>>> _______________________________________________ >>>> sipx-users mailing listsipx-us...@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>>> >>>> _______________________________________________ >>>> sipx-users mailing list >>>> sipx-users@list.sipfoundry.org >>>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >>>> >>> >>> >>> >>> -- >>> ====================== >>> Tony Graziano, Manager >>> Telephone: 434.984.8430 >>> sip: tgrazi...@voice.myitdepartment.net >>> Fax: 434.984.8431 >>> >>> Email: tgrazi...@myitdepartment.net >>> >>> LAN/Telephony/Security and Control Systems Helpdesk: >>> Telephone: 434.984.8426 >>> sip: helpd...@voice.myitdepartment.net >>> Fax: 434.984.8427 >>> >>> Helpdesk Contract Customers: >>> http://www.myitdepartment.net/gethelp/ >>> >>> Why do mathematicians always confuse Halloween and Christmas? >>> Because 31 Oct = 25 Dec. >>> >>> >> >> >> -- >> ====================== >> Tony Graziano, Manager >> Telephone: 434.984.8430 >> sip: tgrazi...@voice.myitdepartment.net >> Fax: 434.984.8431 >> >> Email: tgrazi...@myitdepartment.net >> >> LAN/Telephony/Security and Control Systems Helpdesk: >> Telephone: 434.984.8426 >> sip: helpd...@voice.myitdepartment.net >> Fax: 434.984.8427 >> >> Helpdesk Contract Customers: >> http://www.myitdepartment.net/gethelp/ >> >> Why do mathematicians always confuse Halloween and Christmas? >> Because 31 Oct = 25 Dec. >> >> > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: tgrazi...@voice.myitdepartment.net > Fax: 434.984.8431 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: helpd...@voice.myitdepartment.net > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > > ------------------------------ > > _______________________________________________ > sipx-users mailing listsipx-us...@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/