IPO R10 No Audio VoIP One-X 7

[maxse]

I can make a call on the mobile app but have no audio. I am on the latest release and have a FQDN setup using Cisco Meraki firewall with 1:1 NAT on a dedicated WAN IP. I have all ports forwarded.

 

[tlpeter]

What IP route do you have to the defaullt gateway?
External call require a 0.0.0.0, 0.0.0.0, default GW route as you do not know the external IP adres of the phone.

BAZINGA!

I'm not insane, my mother had me tested!

 

[maxse]

I do have a 0.0.0.0 0.0.0.0 GATEWAYIP route. I have seen others use 255.255.255.255 I assume they accomplish the same thing not to get off topic.

What's odd is that I setup evening before PRI cutover and I was able to dial *17 and hit vm prompts now it connects and I get dead air. It DOES work if I have the app call another line and bridge but of course not through VoIP.

 

[Avalon100]

you may need a stun server setting up

 

[maxse]

I used stun.counterpath.com and got port restricted cone nat

 

[maxse]

It's showing the IP which is the outgoing IP on the Cisco (primary WAN IP) of course traffic coming in using the FQDN routes to a secondary IP in the same WAN subnet not sure if that causes an issue but I can't control that with Cisco.

 

[AACon]

yes of course that will cause an issue. You need inbound/outbound on the same IP. Easiest to just change the FQDN to match that IP.

-Austin
I used to be an ACE. Now I'm just an Arse.

 

[holdmusic34]

Some top tips there.

Hail the tripod!

 

[maxse]

Actually the inbound and outbound different IPs didn't matter. Changed to full cone nat and rebooted and it's working. Also put the ip in instead of letting stun pick up the outgoing ip. I have two way audio over voip.

 

[holdmusic34]

Star for posting resolution. Avalon picks up a gong on the way though.

Hail the tripod!

 

[derfloh]

with 1:1 NAT on a dedicated WAN IP. I have all ports forwarded.

Sounds really dangerous...

 

[maxse]

By all ports I am referring to all required ports for onex and sip

 

[amriddle01]

By all ports I am referring to all required ports for onex and sip

That's the dangerous part

 

[maxse]

How do you all handle one-x mobile? Mobile VPN on iOS?

 

[Telecomboy]

Just change the ports. Don't use the ports mentioned in the manual as these are easily hacked and you will be hacked. I had a client that didn't want to change from the ports mentioned in the manual and they were hacked less than 2 days later to the tune of $5k. I had made it such a big deal that the client knew it was not my fault and was their own/IT techs fault for using the default ports.

 

[maxse]

These are the ports you are referring to? Not the 50802-50812...

5222,
8443,
8444,
5269,
9443,
8063,
5060

 

[Telecomboy]

Yes the 50802-50812... That is how they accessed my client's system.

 

[maxse]

I am not forwarding the 50802-50812 BUT I have any learned that you will be hacked of course. For clients that we can get an agent (LMI/TeamViewer)that's what we do - otherwise if we have to we forward those ports but ONLY white-listing our IP so they won't get hacked.

Would you say it's safe to forward the ports for One-X mobile as long as manager ports are closed? The only way I presume they can rack up toll fraud in this case would be if they brute forced the user extension password for One-X login...

 

[ogTOKYO]

Do you have one way audio? Check mobile stats for RX / TX.

Set FQDN in IPO domain for your LAN interface who's public IP you're using.

Make sure you're forwarding your assigned ports ie. 48xxx:50xxx, I like to make ports a mininum, so 54000:54264
forward your SIP to IP, forward other ports to oneX.

In onex, add your FQDN.

set your firewall correctly.

Should be fine.

Did I miss anything?

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[Pepp77]

Why would anyone ever forward the TCP ports in the 50xxx range?

| ACSS SME |