One X mobile issue - Connects but mobile network RX/TX problem 2

[ogTOKYO]

Hi guys,

I've having an issue, can't put my finger on it.

I have my ports nat'd correctly from what I can see. Works well in local network *wifi is on a different subnet*
RX/TX packets are pretty linear.
111.111.111.333:5002
111.111.111.111:50xxx
RX - xxxx/xxxx
TX - xxxx/xxxx

However, when I switch to carrier network (tmobile) my RX quits.
222.222.222.222:5000
111.111.111.111:50xxx
RX - 0
TX - xxxx/xxxx

Under carrier, should the IP still show as local, or public? I'd appreciate any bone thrown at me.

I noticed my mobile always connects from port 5000, also using PFsense, if that helps anyone help me.



______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[IPOfficeGuru]

Please tell me you are tunneling in on VPN and have no open ports directly NAT'd to the IP500 and One-X server....you will regret it if you don't !

"Never fear billing a client for services rendered, or they will think your time is worthless"

 

[ogTOKYO]

I've cut the ports down to 256, open and we've locked the IPOv2 down pretty tight. I've cleaned up the FW rules too so that should help.

Are you suggesting to VPN from my mobile and use oneX?


______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[kyle555]

or an sbc!

 

[IPOfficeGuru]

Yes. Always without question. Exposure is mitigated by not opening ports. Complexity goes way down and dependability of the One-X app improves as the VPN places you on the LAN. You will never have to explain to a customer how their phone system got hacked.

"Never fear billing a client for services rendered, or they will think your time is worthless"

 

[AACon]

You'll be hard pressed to get people to load up a VPN client on their phone, and then the one-x mobile app.
It's designed to run through a firewall.
Yes, vpn would be wonderful, but that is not going to happen in most cases.
Make sure only the necessary ports are open, and anyone with a license has a good alphanumeric password, follow the security docs from Avaya.

-Austin
I used to be an ACE. Now I'm just an Arse.

 

[ogTOKYO]

I'll work on the VPN, but does anyone have any input as to why my 3g doesn't receive voice ? It fully connects, so it says but no packets show under detail. Would it be outbound rules? I have IPO/*/*/* out, works as IPO/IPO ports/*/* originally but nothing changed.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||

 

[derfloh]

I guess you didn't enter a proper public IP under your LAN interface topology settings.

 

[ogTOKYO]

No, that's definitely correct. I set up an A record for it to make it easier to reach.

______________________
|........................................|
|.....i.eat.bunny.children......|
|______________________|
(\__/) ||
(•Y•). ||
/ < )<||