Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ports needed for IP Phones in firewall 1

Status
Not open for further replies.

saxophobe

MIS
Mar 3, 2006
27
US
Good Afternoon all,

We recently changed ISPs and are currently reconfiguring our firewall. We would like to get our IP DTerms up and running again on our NEAX 2000 IPS, but I haven't been able to find the port/protocol information that will allow our IP phones to communicate with the 2000 IPS. When I go into MATWorx, it says the system is using TCP port 60000, but the IP card is using UDP 50000, TCP 06000 and 10000 RTP and has a different IP address. So what ports do I need to open/forward from the firewall?

Thanks in advance!

sax
 
Hope this helps. :)


DRS Login port = UDP 3456 default but can be changed in 0B Y=10>60
DRS connection on Dterm IP = UDP 3455 default but can be changed in the Admin menu on the Dterm IP

Voice traffic uses
UDP for the Dterm IP = Port 4000
UDP for the IP PAD = Port 50000
TCP for the Dterm IP 1021-65535 Assigned in a round robin method
TCP for the IP-PAD = Port 6000-7024 assigned in command OA Y10-17/30-37/100-115>92
RTP Dterm IP = Port 3462 but can be from 1024-65535 Assigned by round robin method
RTP for the IP Pad = ports 998-10317 but can be changed by OA Y=10-17/30-37/100-115>93

 
Thanks smoom! I really appreciate the info. I hope you had a good 4th!

Now that we have these ports setup, I am trying to connect a remote phone via IP and at this time, haven't managed to get it connected.

We have the internal IP address mapped to an external IP in the firewall, with the requisite ports open, however, the phones are still not making a connection. Is there a way of testing these ports via telnet to test connectivity? Or maybe a way of finding this information in MATWorx? If anyone knows, please let me know.

Thanks for your help in advance!

sax
 
Will not work unless you have all of the follwing four conditions:
1. Software revision 12.1 and up on the IPS and;
2. You have and 8IPLA (none of the 32IPLAs will work) and;
3. You have a public IP address on the IPS CPU and;
4. Your map 4 ports from the firewall on the IP Phone side: 3455 > 3455 UDP, 3458 > 3458 UDP, 4000 > 4000 UDP, 3462 > 3462 UDP.

You wrote: "We have the internal IP address mapped to an external IP in the firewall." If you are referring to the phone system side, it violates condition number 3 above and will not work.

 
Thanks ctvi! I appreciate the quick reply, but I have a couple of questions.

First, do you mean that I have to give my IPS a public IP address, bypassing our firewall? Instead of entering an internal IP address in 0B>00, that I enter a public IP address?

Also, you said "You have and 8IPLA...". Did something get left out here?

I just want to be clear!

Thanks in advance for your help!

sax
 
Two corrections: a. You need an 8IPLA.
b. The CPU and IPLA card need a public IP address i.e. in command 0B and command 0A, you need to program a public ip address.

See:
(I have been told that for the 0A command static routing should work - but logically, I don't see how. The phone set will only see the public ip address of the firewall and not the 0A device. Best practice would be to put a public ip address on both. NEC uses dynamic IP ports and the range is large. Make sure you have a password on the phone system as you opening it up to hackers)

 
Use a VPN to connect your remote locations to your main site, placing your PBX on a public address is just asking for trouble. Anytime you put a piece of equipment on the outside of your firewall, you are just asking for someone to hack into it and mess it up!
 

Hey Guys! I really appreciate all the help!

I just looked inside our PIMs and found that we have a 32IPLA. I will need to discuss that with the vendor. Also, I'm pretty sure that we don't have version 12.1 on our IPS. (How do you tell what version of software you are using?)

I can tell you that at one time, this did work, and we were using a VPN connection. However, since we just changed ISPs and have had to reconfigure everything, we have not been able to get it to work correctly. Previously, we had clients using a VPN router pointing directly at a public IP address that mapped to an internal IP address in our firewall.

If anyone knows anything else we can try, I would really appreciate the help.

Thanks again to all!

sax
 
Ip Dterms will work with a 32IPLA depending on the software revision of the 32IPLA, if it worked before it should work now. To tell what software rev you are for the system look at the header for MATWORX when you are connected. it will show SC-XXXX then a letter j-o this is the revision followed by the build in that revision.
J1=Rev9
K1=Rev10
L1=Rev11
M1=Rev12.1
M2=Rev12.2
N1=Rev13
O1=Rev14

So SC-3655 N1-0003.00 Would be a switch running Rev 13 build 3.0 software.

As for your problem, does you VPN work correctly for data and not the phone or neither?
 

Ok, this is interesting....

When I connect MatWorx to the PBX, is says the following:

SC-3117 F1-0004.03

I can only assume this is Revision 6, build 4.03.

I also had one of the remote clients try to connect and he never gets connected to the DRS. He can use the router that he has been using and make a connection to our VPN, but that isn't mapped to the PBX. When it worked before, the PBX was mapped to the VPN, but the quality was so poor our road reps refused to use it.

I will continue to research in hopes of stumbling across something I'm missing.

Thanks again in advance for all your help, guys!

sax
 
When your reps connect to the VPN do they have a reliable data connection? Can your reps ping the PBX?, if they can do a trace route and see how many hops and how much latency you are getting.
 
Sorry not to get back to you guys until now. I've had to rebuild a SQL Cluster/SAN and make sure that works. Now I can start devoting time to this again.

At this time, we can't ping from remote sites as the Cisco guy that setup our firewall has turned off ping for the PBX as a security measure. I'm trying to get a hold of him now to have him turn it on for troubleshooting.

I will continue to research and use the information here to see if we can get it running. If anyone else has anything else to add, I appreciate all advice.

Thanks for all your time!

sax
 
Ok, here's the latest. After much thought and consideration, we have decided to go with the SP30 softphones for our remote folks to use VoIP. This has the benefit of using the PC's VPN connection, which is not a problem. The only wrinkle at this time, is that I have not been able to get the SP30 to work on Vista. During the 4 hour upgrade peroid last night, we successfully tested it on XP with no problem. The CEO of our company, however, uses Vista Ultimate and it doesn't work. I'm still playing with it, but right now, it's no go.

Does anyone have any experience with SP30s on Vista?

Please let me know.

Thanks in advance for all your help!

sax
 
NEC will be releasing a new version of the SP30 that will support VISTA in the near future, Contact your dealer so they can let you know when it gets released.
 
Thanks ctvi! I'll get with my account rep and shake some trees until I get what we paid for!

As always, you guys are the best!

sax
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top