Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MBG SIP TRUNKS

Status
Not open for further replies.
BDAIT

BDAIT

Technical User
Mar 21, 2011
22
US
Hi All

We seem to be having some difficulties connecting via SIP connection just times out. Tried various SIP apps on the iPhone

Our setup

MBG (On the dmz)
3300 MCD 5 SP1

We currently have teleworker users using Mitel 5340 handset which establish connection and is working well and has been for a few years the issue we have here is just regarding SIP

We can see the connection to the MBG is successful it seems like no connection is being made to the 3300 to authenticate the user account, no logs on the 3300. The 3300 has ben setup

- Network Element
- SIP Peer Profile
- Truck Services
- SIP peer profile assignment etc....
- Configured user account to use SIP devices on the 3300

Licences have been applied to the MBG and 3300.

Firewall has been temporary configured to allow any any traffic.

Thanks


 
Sort by date Sort by votes
This certainly sounds like a timer possibly in the SIP Peer Profile. Anyone else? Thanks.

Always look out for the next tech. because one day it will be you!
 
Upvote 0 Downvote
Hi Thanks for getting back to us...

Here's our timer config

Keep-Alive Period 120
Registration Period 3600
Registration Period Refresh 50
Registration Max Timeout 90
Session timer 0
Subscription Period 3600
Subscription Period Min 300
Subscription Period Refresh 80
Invite Ringing Response Timer 0

Thanks again
 
Upvote 0 Downvote
OK, B. I think someone else will need to chime in on this one then. Thanks.

Always look out for the next tech. because one day it will be you!
 
Upvote 0 Downvote
You have set the SIP proxy to be the MBG on the 3300? Without seeing your config this amy be difficult as one small error may cause the problem....
 
Upvote 0 Downvote
Are you trying to use an iPhone SIP client to connect to the 3300 as an extension via MBG? We use Bria and a MBG and it works fine. iPhone programmed as Generic SIP Device in User and Devices. Not sure why you are asking about SIP trunks....
 
Upvote 0 Downvote
I have the same question, why are you refering to sip truks? Isn't just SIP teleworker user what you are trying to register om the 3300 via the MBG?

Remove any firewall policies, allow full traffic from the lan (whetr you pbx is at) and the mbg and vice versa. Now use a laptop on the lan with your bria client and try to register to the mbg local address. For now please forget the internet, lets make sure this will work internally.

As wireman says, don't forget to select you mbg as sipbproxy to the sip extensions.

Good luck and please post vack with results

Daniel

 
Upvote 0 Downvote
what Software versions are in use
Have you added sip accounts on the MBG with Set side and MCD side passwords ?
I dont think you need a network element for the MBG for Sip extension use ?
the Network element in the MBG however must be set to enable sip to the MCD

Are the remote sip endpoints set to register to the MBG Public IP ?

We have Bria on Iphone and laptops connecting via MBG no problems

a packet capture on the MBG may help identify the problem

If I never did anything I'd never done before , I'd never do anything.....
 
Upvote 0 Downvote
Also, if you Are using a DMZ configuration, don't forget to turn off all SIP helpers on the firewall, you don't want your mbg and the firewall to handle SDP protocol simultaniously.

As they have commented if what you are after us to setup sIP teleworker users I can also confirm that it will work if you set it up correctly.

Also, have a look at the BriA configuration notes on MOl so you set the SIP capabilities corectly,

Cheers

 
Upvote 0 Downvote
Agree with everyone else you post is SIP trunk but everything else seems to be an issue with getting SIP phones to work. Can you indicate what it is you are trying to do because they are programmed differently on the 3300 and in the MBG.

An apple a day keeps the doctor away. Anyone else and you need to throw it harder.
 
Upvote 0 Downvote
Dear All

Thank you all for your input much appreciated

SXWizard Yes I’m using an iPhone client (iSip) I will give Bria a try and use this client for further testing
Apologies for the confusion about Sip trucks I was refereeing to the SIP trucks provided by our providers and if may be an issue here. Danramirez this is what I’m trying to achieve registering on the 3300 via MBG. As mention the client is able to connect onto the MBG but failing to authenticate on the 3300. No logs what so ever on the 3300. All firewall policies have been removed purely to test this. My next step is to test internally MBG Local address to the 3300. I’m out the office so I will post back further results by the end of the week. SIP helper is already disabled.

The 3300 has already been configured with a SIP proxy to the MBG.

Blilz66 Yes sip account has been added to the MBG with Set side credential added also the ICP for the 3300 has been entered, the username I added was for the ext. number in use pin number use for the password.
The Sip endpoints have been registered to the MBG public ip as advice by Danramirez I will try with this internally using local IP address.

LoopyLou I’m basically setting up our clients, using SIP capabilities rather than issuing anymore teleworker handset. Cost cutting exercise..
It’s also important to point out (apologies this was checked after I posted) my colleague monitored the traffic on the firewall we can see the client makes a connection to the MBG, and then talks to our SIP providers at which points stops here. I’ve checked with our SIP providers and they said the link is live and there are no issues with them.

Here is a breift summary of how I’ve configured the system (Will keep this short highlighting key configs if there’s anything more specific please do let me know) this is all off the top of my head as I’m currently not with the system so please bear with me..


3300

Network Element
Details of our SIP providers, sip peer ports etc transport via UDP
Sip Peer Profile
Set up policies and specifying outbound proxy (MBG)

Trunk Attributes
Ensure COS and COR are correct (won’t go through every option but this has been done according to Mitel guidelines)

User account
New user added with device type generic SIP phone and assign pin number. Is there anything else I need to do with the user account on the 3300?

MBG
User account added Set-side and ICP Side (ICP: EXT as username and pin code which is set on the 3300) set configured ICP pointing to the 3300

Sip trucks, End point status live to Sip provider and 3300.
I’m back in the office in a few days so I will run some test and get back to you all with the results. Thank you all for taking time to assist with this.
 
Upvote 0 Downvote
So you have generic sip extensions in the MCD with Passwords and you have entered these details as the mcd side details on the MBG ?

Basically you need to have this

MCD
Generic sip user with ext 100 and password 1234

MBG Sip device with MCD side ext 100 and password 1234
MBG Sip device with Client side ext 100 and password Topsecret

CLient with ext 100 Password Topsecret and domain the Public IP of the MBG server

for troubleshooting , I would first get a free sip client ( xlite) , connect to voice network and test internal account details work
- use ext 100 and password 1234 with internal IP address of MCD for the domain

Then repeat using the xlite external to the network with Ext 100 Password Topsecret and domain the Public IP of the MBG server

If you are having problems run a tcpdump on the MBG and check the MCD logs - that should show you why the client isn't registering


If I never did anything I'd never done before , I'd never do anything.....
 
Upvote 0 Downvote
he said this in the first post so i assumed that it was
"We currently have teleworker users using Mitel 5340 handset which establish connection and is working well and has been for a few years the issue we have here is just regarding SIP"

If I never did anything I'd never done before , I'd never do anything.....
 
Upvote 0 Downvote
Guys thanks again for your advise, I tried this internally using X-lite for windows connecting straight in to the 3300 and that worked using SIP account....

Our edge firewall is co-managed by a 3rd party supplier there due in next Tuesday so we can run some test on the network so investigate further why the connection is dropping between the MBG and 3300.. will keep you posted. I'm pretty sure this is a firewall issue. How do I run a tcpdump on the MBG? I can't see any logs on the 3300.

Thanks again
 
Upvote 0 Downvote
Depending on the version , you can run it from the Gui ( under diagnostics )
or SSh to it and use something like this

tcpdump -i eth0 -s 0 -w /tmp/trace.pcap

That will create a trace.pcap file in the /tmp directory

USe winscp to transfer it off


If I never did anything I'd never done before , I'd never do anything.....
 
Upvote 0 Downvote
Thanks I had a look at the logs TUG_TUG.LOG from there I can see my SIP client making connection to the MBG and actually authenticates with the 3300 but then times-out on reg. There's no further info from here.

On viewing the logs I noticed something quite alarming in particular two attempted IP address trying to gain access to the system. Looks like they tried various EXT num which all fails. Is this normal for hackers to attempt access through the MBG guessing the ext and password??. The username and passwords I've used have been quite complex (lucky) and I have not used password / pin such as 1234.

Moving on I've disabled the SIP connector for the time being until I can do a bit of research on the unauthorised access. We will be running wireshark on the network on Tuesday just to get an idea of what's happening between the MBG and 3300, checking firewall rules etc. Will keep you posted.

Again Thanks for everyone's input
 
Upvote 0 Downvote
RE : . Is this normal for hackers to attempt access through the MBG guessing the ext and password??

Unfortunately yes

There was a method where a script could be run on the MBG to lock out users after 3 failed attempts

This was advised via Mitel product support

If I never did anything I'd never done before , I'd never do anything.....
 
Upvote 0 Downvote
Dear all

Just to give an update we have identified the problem to be with the firewall, the traffic is was not routing correctly. From the wire shark logs we could see the connection to the mbg and the 3300 authenticating the user however the next hop is to another device which at this point fails and times out.

The device was a rule setup to allow audio to get out for our existing teleworker, removing this rule fixes the problem but we end up with one way audio for our teleworkers. This is now in the hands of our infrastructure team. No issues with the MBG or 3300. So thank you all once again for your input.

Kind Regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

danramirez
  • Question
MiVB SMBC Controller with Embedded MBG Blade
Replies
5
Views
404
Billz66
Billz66
bojo3871
  • Locked
  • Question
MBG Teleworker license needed for SRC Recording?
Replies
2
Views
327
bojo3871
bojo3871
sadic
  • Locked
  • Question
no outgoing via sip trunk
Replies
7
Views
585
sadic
sadic
Tinos
  • Locked
  • Question
MIVB SIP Trunk to Provider 3
Replies
4
Views
730
Tinos
Tinos
Crowtalks
  • Locked
  • Question
Mitel TA7102 fax woes, MiVB 8.0 MXE III SIP trunks 1
Replies
7
Views
230
Crowtalks
Crowtalks

Part and Inventory Search

Sponsor

Back
Top