Outbound calls dropping after 30secs everytime on SIP trunks

[FreightTrain]

My customer has a SIP trunk and they can recieve in bound calls fine but every outbound call get dropped after 30secs. Any ideas? Ive made sure the ALG SIP is disabled and
TCP 21 (FTP)
TCP 30000 - 50000 (Passive FTP)

TFTP server
UDP 69 (TFTP)

Feature Server
UDP 5060 (SIP)
UDP 10000 - 60000 (RTP)

UDP timeout got change to 96,000. for UDP and TCP.


Any help is greatly appreciated as I'm on my last leg here.

"When all else fails call for backup

 

[DavidCT]

You clearly need to engage both a firewall expert and an Avaya business partner.

Your current config is a train wreck. You are going to be hacked in short order.

 

[pmcook]

Your ACK packets are not being received by the IPO so the IPO drops the call. Check to be sure all your UDP ports are open on the firewall. Are you using WAN2? NAT? NAT refresh may be set too low. It should be set to static. It is a firewall issue not an IPO issue.

 

[FreightTrain]

DavidCT not sure why you need to be negative. I have plenty of IPO experience just having a hard time with SIP. Next time keep negative thoughts to your self. My nights been stressful enough and I don't need your insults.


PMCook I thought the same thing. The IT guy told me he enabled top 10,000-30,000 but now I'm not sure. I will triple check tomorrow. Thanks for giving me ideas. Your advice is much appreciated.

"When all else fails call for backup

 

[pmcook]

Train - you do run a big risk of hacking with SIP. It happened to a client of mine 30 minutes after we first configured the SIP trunks. They were making calls to Somalia. It was a fun evening to say the least.

 

[FreightTrain]

How would it get hacked?

"When all else fails call for backup

 

[VinylDave]

What is probably happening, you also need a sip trace from outside the firewall to confirm, is the IPO is sending it's internal IP as the reply to IP in the SDP messages. so the provider is sending back to the private IP rather than the public.

2 things will help:
sip alg - set to ON - packets inspected will replace with public IP
use topology in system line settings - set to LAN1 or 2 (whichever has route to TSP), set to use stun server.

ideally the TSP would use a SBC and simply respond to the NATd public IP on received address, and port.

 

[FreightTrain]

Yes we are sending the public IP and the ALG SIP is off. We are using the LAN1 topology in the system.

"When all else fails call for backup

 

[hairlessupportmonkey]

There is NO NEED to open all those UDP ports on your firewall.
What is the firewall in question?
Ive seen this on Cisco ASA devices on earlier firmware.

ACSS - SME
General Geek

 

[FreightTrain]

My provider requires those ports to be open ,and I got it working. It was AT&T router causing the problems. Again all those who helped thank you and the one who talked trash..... well I will just stay professional.

"When all else fails call for backup

 

[amriddle01]

My provider requires those ports to be open

They say that, but more often than not you don't need to open all the UDP ports at all. Gamma ask for the same but you don't need to do it

 

[FreightTrain]

Understood. I will double check over the ports then. Thanks guys.

"When all else fails call for backup