Has anyone been able to get this to work. I have been working on this for quite some time and haven't been able to get the remote 9508 phones to register. They either stay in "Discovery", or "registering". I have had the customer check the firewall, forward ports 1718-1720,49152-53247 to the IPO. STUN reports "Blocking Firewall" when I run it. I have also tries to set the STUN fields manually to all the different firewall/NAT options.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
IP Office Remote workers & pfSense Firewall
- Thread starter mbendo
- Start date
I played with the exact same setup in my lab and was never able to get it to work. I had the same discovery and registering loop you describe. I know its not what you want to hear, but remote worker does not play nice with pfsense. I ended up using the vpn firmware for the 9508 with the pfsense doing road warrior vpn and it worked flawless in my limited testing.
I don't have any pfsense boxes deployed in real world environments so I cant comment on its long term stability.
I don't have any pfsense boxes deployed in real world environments so I cant comment on its long term stability.
- Thread starter
- #3
Thanks Signo, it's been too much time invested already. I was planning on going the VPN route as well. That's what they eventually want to get to. I have the VPN 9620 phones for the customer. Probably going to use the pfsSense VPN setup, any tips on setting it up? Or a 46xxxvpn.txt file? I know the customer will be looking to me for guidance. Thanks
telecomtekperson
Vendor
do you have entries in the NAT and firewall tables? I have it working...
- Thread starter
- #5
I do, the IT guy at the customer has entered everything for me. Is there something I can have him print out for me. I'm not familiar with the pfSense interface etc. Do you have settings that you are using that I could compare?
Just not exactly sure what to tell him or ask?
Just not exactly sure what to tell him or ask?
- Thread starter
- #7
Basically I have ports 1718-1720, 49152->53247 forwarded to the IPO. Also the ports for manager etc.
Manager, monitor, Sys status work fine, just can't get tehe phones for register. Looks like the IPO is seeing everything, I captured a log in Monitor. Phone stays "Registering". There has to be some other setting in pfSense I'm missing.
491722968mS H323Evt: Recv GRQ from 43c9b164
491722969mS H323Evt: e_H225_AliasAddress_dialedDigits alias
491722969mS H323Evt: found number <299>
491722969mS RasTx: v=Src=172.31.1.6:1719, Dst=67.201.177.100:49306 peb=0
RasMessage = gatekeeperConfirm
Manager, monitor, Sys status work fine, just can't get tehe phones for register. Looks like the IPO is seeing everything, I captured a log in Monitor. Phone stays "Registering". There has to be some other setting in pfSense I'm missing.
491722968mS H323Evt: Recv GRQ from 43c9b164
491722969mS H323Evt: e_H225_AliasAddress_dialedDigits alias
491722969mS H323Evt: found number <299>
491722969mS RasTx: v=Src=172.31.1.6:1719, Dst=67.201.177.100:49306 peb=0
RasMessage = gatekeeperConfirm
- Status
Similar threads
- Locked
- Question