SIP lines not working customers cant hear us and we cant hear them 1

[kuchulane]

hi all

we are testing SIP lines on Avaya IP office 406 V2 software version 5(24)

the call lands on telephone exchange but when answered, clients cant hear us and we cant hear them.

i have opened all the firewall ports for exchange IP but still no luck.

Any suggestions?

Many Thanks

 

[montyzummer]

are you sure you have opened the RTP ports?

APSS (SME)
ACSS (SME)

 

[kuchulane]

hi montyzummer
thanks for the quick reponce.
yes i have opened all the ports.

thanks

 

[montyzummer]

what firewall are you using please dont say sonic wall?

APSS (SME)
ACSS (SME)

 

[kuchulane]

no its not sonic wall
its a draytek router.
I have configured the exchange ip address as a dmz host whcih in theory should forward all the traffic on that IP to telephone exchange.
I am looking at ip office firewall. are there any changes i need to make on ip office firewall?
please see the attachment

many thanks

 

[amriddle01]

Turn SIP ALG off on the Draytek , telnet in and type sys sip_alg = 0 (I think)

 

[montyzummer]

no changes to the ipo firewall , as amriddle suggests turn off the alg and make sure you do a full save of the config on the router and reboot..keep us posted

APSS (SME)
ACSS (SME)

 

[kuchulane]

hi guys
thanks for all the info.

i had a quick chat with the sip service provide.
he is saying that he is seeing the LAN ip address of the telephone exchange rather than the NATed address.
telephone exchane is sitting behind the draytek router.
In draytek router, i have created DMZ for the telephone exchange.

NAT for the rest of the servers is working fine.

any ideas

many thanks

 

[NLPeterK]

Delete the firewall profile in the IPO. Not needed.

Open the ports specifically on the Draytek. I believe there's an option called Open Ports where one can enter one host and then set different ranges.

Ranges:
UDP 5060-5090
UDP 3478-3478
UDP 49152-53246.

Run STUN!!! <-Important!

And obviously, check your IP routes. Preferably set a 0.0.0.0/0.0.0.0 route and not one specific one for your SIP host. RTP may travel to other IP adresses.

 

[IPOfficeIreland]

you need to use either a stun server, a session border controller or set your SIP line to use Network Topology =NONE.

If you use a stun then have a look here - you can do a ping test (if permitted by the stun) to see which 1 is closest to you.

http://www.tek-tips.com/faqs.cfm?fid=7542

But your best bet is to avoid stun and set in sip line, network topology NONE. A good provider will use the external ip in the packet header as the rtp address. you don't need to set up rules on the draytek at all, particularly if you register every 1 minute. The NAT table will remain open for this length of time.

 

[NLPeterK]

AFAIK IPO uses STUN to correctly put information in SIP Messages. Without STUN information could be incorrect?

 

[amriddle01]

You only need STUN if the provider doesn't have session border controllers (SBC's) usually the cheapskate companies don't have them

 

[NLPeterK]

Alright fair enought

I use it anyways, part of my usual setup. Always works like a charm, regardless of provider.

 

[amriddle01]

It can also break trunks, Tom Mills can vouch for that

 

[hairlessupportmonkey]

A properly working SIP trunk will only need port 5060 UDP open on the firewall, no need to open all those RDP ports.

Here is the STUN server I use as they have a round robin / load balanced DNS - stun.ekiga.net (from the FAQ I wrote)

open a command prompt and do an nslookup:

> stun.ekiga.net
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: stun.voipbuster.com
Addresses: 77.72.169.156
77.72.169.152
77.72.169.158
77.72.169.154
Aliases: stun.ekiga.net

pick on and add it to your STUN client, and click Run STUN.

as already mentioned turn off the SIP ALG on the draytek or your NAT rule will be worthless and you will find your source port for SIP is not 5060 outbound.

Ensure your SIP trunk is using network topology LAN 1 or 2 depending what you setup as your route to the internet and STUN server.

Once done, all should work with audio!






ACSS - SME
General Geek

 

[kuchulane]

thanks for your help guys.

i have disabled the SIP ALG on dreytek router, reconfigured NAT and opened firewall ports.

just want to restart exchange before i test it again.
waiting for users to put the phones down .

will keep you guys posted and thanks again for all the help.

 

[kuchulane]

All sorted now.
Disabling SIP ALG did the trick for me.
Many thanks for your help Experts.
Much appreciated

 

[amriddle01]

No worries, yet Sean gets the pink love

 

[hairlessupportmonkey]

Life Andy - Life ;-)

ACSS - SME
General Geek