08-19-2018 06:47 PM - edited 08-19-2018 11:01 PM
Hi All
I have NVI nat on this router, everything works on the LAN as expected but from the WAN, my Sip phone can register but no audio. I assume RTSP is the issue here
Ive restricted my SIP server to use 16384-16390 and opened these firewall ports direct to the SIP end host.
Unfortunately, the same issue
My configuration is attached.
Ultimately, all i need to do is make SIP signaled calls from a LAN based SIP client to a 4G, WAN based SIP client. only 1 call.
Is CUBE a solution?
class-map type inspect match-any WAN-to-LAN match access-group name RDP match access-group name SSH match protocol sip match access-group name HTTP-HTTPS match access-group name SIP-Protection class-map type inspect match-any LAN-to-WAN match access-group name LAN-to-WAN match protocol https match protocol http ! policy-map type inspect WAN-to-LAN description "Permits inbound to LAN from WAN" class type inspect WAN-to-LAN inspect class class-default drop policy-map type inspect LAN-to-WAN description "Permits all traffic from the LAN to the WAN" class type inspect LAN-to-WAN inspect class class-default drop ! zone security LAN description "Towards 192.168.0.x" zone security WAN description "Towards NBN" zone-pair security LAN-to-WAN source LAN destination WAN description "Ties the LAN to the WAN" service-policy type inspect LAN-to-WAN zone-pair security WAN-to-LAN source WAN destination LAN description "Protect WAN interface" service-policy type inspect WAN-to-LAN ! interface GigabitEthernet0/0 description "NBN HFC Aussie BroadBand 100/40" ip address dhcp ip access-group 1 in no ip redirects ip nat enable zone-member security WAN load-interval 30 duplex auto speed auto ! interface GigabitEthernet0/1 description "Local LAN 192.168.0.0/24" no ip address no ip redirects ip nat enable duplex auto speed 1000 bridge-group 1 ! interface Vlan1 description "Link to the 192.168.0.x LAN" ip address 192.168.0.254 255.255.255.0 no ip redirects ip nat enable zone-member security LAN ! ip nat source static tcp 192.168.0.141 80 interface GigabitEthernet0/0 6168 ip nat source static tcp 192.168.0.10 3389 interface GigabitEthernet0/0 6150 ip nat source static tcp 192.168.0.3 3001 interface GigabitEthernet0/0 3001 ip nat source static tcp 192.168.0.2 443 interface GigabitEthernet0/0 6164 ip nat source static tcp 192.168.0.4 3389 interface GigabitEthernet0/0 6169 ip nat source static tcp 192.168.0.3 3000 interface GigabitEthernet0/0 3000 ip nat source static tcp 192.168.0.3 22 interface GigabitEthernet0/0 6165 ip nat source static tcp 192.168.0.4 82 interface GigabitEthernet0/0 6166 ip nat source static tcp 192.168.0.3 8080 interface GigabitEthernet0/0 6170 ip nat source list LAN-NAT interface GigabitEthernet0/0 overload ip nat source static tcp 192.168.0.4 5060 interface GigabitEthernet0/0 5060 ip route 192.168.0.7 255.255.255.255 ucse4/0 ip route 192.168.3.2 255.255.255.255 Embedded-Service-Engine0/0 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp ip ssh source-interface Vlan1 ip ssh rsa keypair-name ssh ip ssh version 2 ! ip access-list extended HTTP-HTTPS permit tcp any host 192.168.0.141 eq www permit tcp any host 192.168.0.3 eq 8080 permit tcp any host 192.168.0.3 eq 3001 permit tcp any host 192.168.0.4 eq 82 permit tcp any host 192.168.0.3 eq www permit tcp any host 192.168.0.2 eq 443 permit tcp any host 192.168.0.3 eq 6170 permit tcp any host 192.168.0.3 eq 3000 ip access-list extended LAN-NAT remark NATs all the LAN hosts to the WAN permit ip 192.168.0.0 0.0.0.255 any ! ip access-list extended LAN-to-WAN permit ip 192.168.0.0 0.0.0.255 any ! ip access-list extended SIP-Protection permit tcp host 203.129.27.127 host 192.168.0.4 eq 5060 permit udp host 203.129.27.127 host 192.168.0.4 eq 5060 permit udp host 203.129.27.127 host 192.168.0.4 permit udp any host 192.168.0.10 range 16384 16390 permit udp any host 192.168.0.141 range 16384 16390
Solved! Go to Solution.
08-20-2018 02:27 PM
No change Georg :(
08-20-2018 02:57 PM
Hello,
what if you use the IP address assigned by DHCP to your WAN interface and use that instead of the interface name ? So e.g.:
ip nat source static tcp 192.168.0.4 5060 212.22.12.12 5060 extendable
08-20-2018 04:08 PM - edited 08-20-2018 04:21 PM
Hi Georg
The issue is not with 5060, as mentioned the phone can register with the SIP server just fine on the static nat I've created. It rings, accepts and hangs up just fine. So this static nat is not the culprit.
Also the extendable is not an option using my nat statement
08-20-2018 07:40 PM
And here lies the problem. That IP address is my mobile phones private IP (the the Telco allocated one) which means the proxy doesnt know how to route to it, hence no RTP.
v=0
o=Zoiper 0 1 IN IP4 10.164.13.47
s=Zoiper
c=IN IP4 10.164.13.47
t=0 0
m=audio 16392 RTP/AVP 0 3 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=sendrecv
08-20-2018 08:10 PM
And its fixed.
Had to open the RTP post to the SIP Server in combination with turning the ALG's on and setting RPORT on my zoipher client. Works nicely now :D
08-21-2018 12:21 AM
Hello,
so, for future reference, in the end your initial router configuration was good ?
Glad that you got it sorted out...
08-21-2018 12:48 AM
Well i didnt have RTP open the SIP server, i thought RTP was peer to peer, not peer to server?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide