I have spoke with provider, they said their log show the call as failing.  I have made sure port 5060 is open,  I don't know what is causing this.  This morning I tried to make serveral calls the would not go thru, it looks like if you make and outbound call then inbounds will work.

Donald,

If you can make an outbound call and then the inbound calls work then look at your firewall/NAT device.  Couple comments for you to try.

Connect UC320W directly to public IP and see if inbound calls work consistantly. 

Second setup to capture wireshark trace on public side of your firewall/NAT device and try inbound call and look for inbound invite message. Then confirm if UC320W received the inbound invite message.  Most likely the port numbers are being changed  and the inbound calls are not making it through the firewall/NAT device.

Regards,

Randy

Has anyone got the UC320 to work behind a firewall.  It seems this unit has a mind of its own does what it wants.

Donald,

Are inbound calls still failing? 

Earlier you mentioned you opened port 5060 on the firewall but another area to look at is if the firewall is changing the port number when the message is going through the device.

example:

UC320W  Register message (port 5060) -> firewall  -> Register message (port 62355) ->ITSP

Then check if inbound invite message has matching ports to allow the firewall to to pass the invite message to the UC320W.  If the ports don't match up it is likely the firewall is blocking the inbound message.

Wireshark trace on both sides of the firewall would be benificial to diagnose the issue.

Regards,

Randy

I have resloved this issue,  I have bypassed the firewall, which seems to address the problem.

Question..

Was this unit designed to be plug directly into your wan or reside behind a firewall.  If it is not behind a firewall what kind of

vulnerability percautions were implemented in this unit.

Hi Donald,

The UC320 can be used in either scenario.  The UC320 has technology to a allow NAT keepalive and to work with STUN servers.  That said not all firewalls / SIP Application Layer Gateways (ALGs) behave the same.  Suggest making sure the firewall firmware is the latest available and if you are still having problem, contacting the firewall vendor for support.

Chris

Once again, what are the vulnerabilities if not behind a firewall?  This device was really design as an all in one, it does not work well with external firewalls, that is a given.  So my question is was and still is... what security precautions are built in when the UC320 is connected directly to the WAN?

Is this unit safe attached directly to the WAN?

Hi Donald,

The UC320W has a built in basic firewall and LAN side IP addresses are NAPTed.   As part of the test process the system is run through Cisco's exhaustive security test suites.  That said, the device does not provide some of the advanced security services found in dedicated firewalls such as e-mail scanning, network based antivirus, stateful protocol examination, etc.

If there are more advanced security features that are required, I would suggest looking at the Cisco Security Appliance 500 series (SA500) or the Cisco ASA 5500 series.

Hope that helps.

Chris

Thank you that was the answer I was looking for.  I am not depending on it as my main firewall, it is only routing my phones.  I was never able to get it to work behind my sonicwall so I just want to be sure it does have basic firewall features built in, I know it is not a UTM.