I have an IP Office IP500v2 behind a Watchguard Firewall. The IP Office is running R8.1. I periodically am getting one way audio or dropped calls because the IP Office seems to be changing the port from UDP 5060 to random port numbers usually in the 1200 or 1300 range. I have the Firewall type set to Static Port Block but have also tried using Full Cone NAT. has anyone seen this behavior before or know how to resolve this?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SIP Dynamically Changing port from 5060
- Thread starter joestar
- Start date
The phones need a whole slew of ports for audio to work. Are you talking about remote phones, phones on a different vLAN firewalled off from the IPO, or.....what exactly?
SIP is just used to setup the call. The media (audio) will use a range of ports defined in the system's settings.
You also don't mention what type of phones you're using. 8.1 is WAY old and I don't recall any simple-to-connect SIP phones for that version. All of the 1600 and 9600 phones are/were H.323 not SIP when connected to IP Office.
SIP is just used to setup the call. The media (audio) will use a range of ports defined in the system's settings.
You also don't mention what type of phones you're using. 8.1 is WAY old and I don't recall any simple-to-connect SIP phones for that version. All of the 1600 and 9600 phones are/were H.323 not SIP when connected to IP Office.
- Thread starter
- #3
TouchToneTommy
Vendor
Does your firewall have SIP ALG enabled, and if it is a SonicWall, do you have Consistent NAT enabled?
- Thread starter
- #5
My firewall is a Watchguard and it does have SIP ALG enabled. We initially did not have this enabled and were just using a simple packets filter for UDP 5060. However, that creates a new problem where the internal IP address of the IP office is periodically sent to the carrier despite being set correctly in the network topology settings of the IP office to send the public IP instead. SIP ALG resolved this but not I have this problem with the port changing from 5060 to other port numbers. The port is changing in the IP office and you can see it in the monitor.
biglebowski
Technical User
What port/s is it changing to?
SIP can use a range of 5056 - 5071 but it's generally the common ones of 5056/5060/5061 used by most vendors.
SIP can use a range of 5056 - 5071 but it's generally the common ones of 5056/5060/5061 used by most vendors.
biglebowski
Technical User
Actually just spotted your 1200/1300 range in the OP
I'd run a wireshark to see if the IPO is requesting the port change or what port it is sending the traffic to the watchguard over.
Does sound like some weird custom NAT going on
I'd run a wireshark to see if the IPO is requesting the port change or what port it is sending the traffic to the watchguard over.
Does sound like some weird custom NAT going on
- Status
