Avaya IPO 500v2 9.0 and Gamma SIP trunks problem 1

[BlueCookeh]

Hey all

I've been searching and searching, trying tons of different options but not managing to get particularly far with setting up our Gamma SIP trunk with our Avaya IPO 9.0. I've tried the various Gamma PDF guides and settings on Tek-Tips but not managed to get them talking.

The Avaya IPO has been assigned 10.0.51.1 on LAN2 which is then NAT'd to a public IP (we'll call it 82.1.1.1) via our ISP and the ports all forwarded correctly. I have configured the LAN2 Topology with our public IP and 'Blocking Firewall' so we don't have to use STUN. Back to the Trunk config, I've left the ITSP Domain Name blank, and put the ITSP Proxy Address to 123.123.123.123 (Gamma's signalling IP on UDP 5060).

I used IP Routes on the IPO to send all traffic destined to Gamma via LAN2, and can confirm that's looking good when looking at the LAN2 Interface monitor, although I cannot see any packets incoming from Gamma (although I don't know if I should be yet, I'm not well versed on SIP). I trust our ISP has configured their end properly since they do this for a lot of customers and I can see incoming ICMP if I ping 82.1.1.1, so I'm leaning to it being a problem with our Avaya box.

At the moment our SIP Trunk is being set to out of service and the log is looking like this:

[pre] 12:37:15 364476mS SIP Reg/Opt Tx: 18
OPTIONS sip:123.123.123.123 SIP/2.0
Via: SIP/2.0/UDP 82.1.1.1:5060;rport;branch=z9hG4bKda424f39b2629b03d961065ea7f1b0ad
From: <sip:123.123.123.123>;tag=8a6e0ae3a2d904e1
To: <sip:123.123.123.123>
Call-ID: c9986a22e97f45a9e0eda9f8519b89f0
CSeq: 288926440 OPTIONS
Contact: <sip:82.1.1.1:5060;transport=udp>
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INFO,NOTIFY
Supported: timer
User-Agent: IP Office 9.0.0.0 build 829
Content-Length: 0

12:37:15 364477mS SIP Tx: UDP 10.0.51.1:5060 -> 123.123.123.123:5060
OPTIONS sip:123.123.123.123 SIP/2.0
Via: SIP/2.0/UDP 82.1.1.1:5060;rport;branch=z9hG4bKda424f39b2629b03d961065ea7f1b0ad
From: <sip:123.123.123.123>;tag=8a6e0ae3a2d904e1
To: <sip:123.123.123.123>
Call-ID: c9986a22e97f45a9e0eda9f8519b89f0
CSeq: 288926440 OPTIONS
Contact: <sip:82.1.1.1:5060;transport=udp>
Max-Forwards: 70
Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INFO,NOTIFY
Supported: timer
User-Agent: IP Office 9.0.0.0 build 829
Content-Length: 0

12:37:17 366477mS Sip: SIP Line (18) No response to SIP Options Messages - setting trunk out of service
12:37:17 366478mS Sip: SIPDialog f4ea10dc destroyed, size 0

[/pre]

Is this looking correct? I really can't figure out what's going wrong.

I've attached the info sheet from Gamm here:

Cheers

 

[petefish]

Have a look at this file I used it on my first Gammer setup if you still have problems I can have a look at the config. I have tried a few ways with stun server and without. I find as long as you put your public iP in and have firewall as unknown it works. We have started using Draytek routers rather than the Cisco Gamma send out as you get a bit more control.

 

[petefish]

As The file shown up

 

[amriddle01]

You don't want incoming ping hitting the IP Office, just the ports for SIP to work, they are better off dropping ping

 

[BlueCookeh]

@petefish, any chance you could reup those files? It doesn't seem to have worked!

@amriddle01 as soon as our SIP trunk is confirmed working we'll be closing all unnecessary ports, but at the moment I'm still not having any luck

 

[petefish]

Sorry first time I've uploaded something.

 

[hairlessupportmonkey]

Have you tried a public STUN server on your LAN topology?

Gamma might be sending back to your private IP. Also, Gamma use a trusted IP, so check 100% they have the correct IP configured on their firewall.

The other thing to do is also get a PCAP from the WAN side of the firewall.... that might be quire revealing.

ACSS - SME
General Geek

 

[Pepp77]

For STUN use 146.101.248.221

Have it turned on on the IPO as it is not only used to confirm the network topology settings but is also used for each call for media setup on Gamma - if you do not have STUN active then ensure SIP transformations/SIP ALG is turned on.

(Basically STUN on = SIP ALG off, STUN off = SIP ALG on)



| ACSS SME |

 

[janni78]

I would say that ALG should never be used unless you absolutely must, on IP Office ALG should never be needed unless you have a dynamic IP on you internet connection.
Same goes with STUN, although STUN is preferable over ALG since it changes the settings directly in IP Office.
ALG has limitations on how many SIP sessions it can handle and on cheaper firewalls it ain't many.

If you have a static external IP you shouldn't need STUN or ALG.

"Trying is the first step to failure..." - Homer

 

[Pepp77]

Janni - you would be surprised. We have been using Gamma for a few years now and our testing (based on Sonicwall firewalls) do require one or the other to be active to ensure the local IP address in the SIP packets is translated to the correct public IP address so Gamma now how to respond. If using STUN then the IP address is changed in the outgoing packet from the IPO to the public one, if not using STUN, then the local IP address is sent by the IPO and the SIP ALG setting amends the packets to include the public IP address rather than the local one. This is using a static public IP address assigned as a 121 NAT with the PBX.

| ACSS SME |

 

[janni78]

I've never used either STUN or ALG, (this is always set to OFF) on my IP Offices and it still replaces all the IPs to public.
Only time I've used ALG is on Aura since it couldn't rewrite the SIP headers.

Although we don't have Gamma here and people seem to have all kind of problems with them so might be a special case.

Just considering how both technologies work they shouldn't be needed.
When using ALG one should check the number of SIP channels the firewall supports since this could less than the SIP channels in the PBX.

"Trying is the first step to failure..." - Homer

 

[Pepp77]

Do you use username authenticated SIP trunks as these settings are never needed for those types of SIP trunks. The two IP authenticated providers I have used (Gamma and Intelepeer) have both required either STUN or ALG to be active.

| ACSS SME |

 

[janni78]

I only have IP authenticated SIP trunks.

"Trying is the first step to failure..." - Homer

 

[janni78]

Basically I just set Firewall to "Static port block" or "Blocking Firewall" and the public IP under LAN -> Network Topology. then I use that Topology on the SIP trunk.

"Trying is the first step to failure..." - Homer