08-23-2007 10:41 AM - edited 03-05-2019 06:04 PM
Heres my issue: I wish to permit our remote users access to our PBX (Switchvox1) using SIP. According to the PBX requirements UDP ports 10000-105000 must be open to permit traffic. I am able to auth to the PBX outside of the network and even hear traffic but when you attempt to talk nothing is transmitted. So it goes something like this ~ User auths to PBX via remote connection, established and config is good - Caller#1 comes into our Voice T-1's pushed directly to our PBX - PBX routes call to an extension (User) and pushes data to that SIP phone (All inbound data is fine, you can hear and what not with no issues) - when User attempts to talk Caller#1 can hear nothing. Any help would be appreciated! Heres a mod'ed show run from the PIX (where I think the issue is)
PIX Version 7.0(4)
object-group service sipports udp
port-object range 10000 10500
object-group service sipgateway tcp-udp
access-list outside_access_in extended permit udp any host sipgw-ext eq sip
access-list outside_access_in extended permit udp any host sipgw-ext range 10000 10500
access-list outside_access_in extended permit tcp any host sipgw-ext eq sip
access-list outside_access_in extended permit tcp any host sipgw-ext eq 5222
access-list outside_access_in extended permit tcp any host sipgw-ext eq ssh
access-list outside_access_in extended permit tcp any host sipgw-ext eq www
access-list outside_access_in extended permit tcp any host sipgw-ext eq https
access-list outside_access_in extended permit tcp any host sipgw-ext eq echo
access-list outside_access_in extended permit tcp any host sipgw-ext eq domain
access-list outside_access_in extended permit tcp any host sipgw-ext gt talk
access-list outside_access_in extended permit tcp any host sipgw-ext
access-list outside_access_in extended permit udp host sipgw-ext range 10000 10500 host switchvox1
access-list outside_access_in extended permit tcp host sipgw-ext host switchvox1 eq sip
nat-control
global (outside) 1 interface
global (inside) 2 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz4) 1 0.0.0.0 0.0.0.0
static (dmz4,outside) tcp pbx2-ext ssh pbx2-int ssh netmask 255.255.255.255
static (dmz4,outside) tcp pbx2-ext https pbx2-int https netmask 255.255.255.255
static (dmz4,outside) tcp pbx2-ext sip pbx2-int sip netmask 255.255.255.255
static (dmz4,outside) udp pbx2-ext sip pbx2-int sip netmask 255.255.255.255
static (dmz4,outside) tcp pbx2-ext 5222 pbx2-int 5222 netmask 255.255.255.255
static (dmz4,outside) tcp sipgw-ext ssh switchvox1 ssh netmask 255.255.255.255
static (dmz4,outside) tcp sipgw-ext https switchvox1 https netmask 255.255.255.255
static (dmz4,outside) tcp sipgw-ext sip switchvox1 sip netmask 255.255.255.255
static (dmz4,outside) udp sipgw-ext sip switchvox1 sip netmask 255.255.255.255
static (dmz4,outside) tcp sipgw-ext 5222 switchvox1 5222 netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group dmz1-2_in in interface dmz1
access-group dmz1-2_in in interface dmz2
access-group dmz4_access_in in interface dmz4
route outside 0.0.0.0 0.0.0.0 X.X.X.X
route dmz4 10.1.2.0 255.255.255.0 10.10.6.2 1
route dmz4 10.50.0.0 255.255.0.0 10.10.6.2 1
route dmz4 10.1.1.0 255.255.255.0 10.10.6.2 1
route dmz4 10.10.0.0 255.255.0.0 10.10.6.2 1
09-05-2007 12:40 PM
no help?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide