SIP Port Issue

[acollard83]

We have an Asterisk server behind NAT. The nat router is a Cisco 2851. We are having one-way and no audio issues. Ports are forwarded correctly. The below SIP Trace shows something changing the ports. Any ideas where to look?

U 2013/04/23 22:26:31.411121 4.31.X.2:5060 -> 216.82.224.202:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 216.82.224.202;branch=z9hG4bKbc0e.c9dc9fd3.0;received=216.82.224.202.
Via: SIP/2.0/UDP 4.31.X.2:1195;branch=z9hG4bKbc0e.cba48a23.0.
Via: SIP/2.0/UDP 4.31.X.2:1197;branch=z9hG4bK0aB3e613c07c2399b58.
Record-Route: <sip:216.82.224.202;lr;ftag=gK0a019743>.
Record-Route: <sip:4.31.X.2:1195;lr=on;ftag=gK0a019743>.
From: "Unavailable" <sip:+19193225173@4.31.X.2:1197>;tag=gK0a019743.  The system is adding this port 1197 onto the call and that is why we have no two way audio plus the calls drop.
To: <sip:+15175136709@4.31.X.2:1195>;tag=as56f12d93.
Call-ID: 353021783_1501442@4.55.10.97.
CSeq: 16852 INVITE.
User-Agent: Asterisk PBX.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO.
Supported: replaces.
Contact: <sip:%2b15175136709@4.31.X.2:1680>.
Content-Type: application/sdp.
Content-Length: 236.
.
v=0.
o=root 12990 12990 IN IP4 4.31.X.2.
s=session.
c=IN IP4 4.31.X.2.
t=0 0.
m=audio 19486 RTP/AVP 0 101.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=silenceSuppff - - - -.
a=ptime:20.
a=sendrecv.

 

[ucxguy]

Typically, this is caused by SIP ALG on the router. Locate SIP ALG in the router configuration and turn it off.

 

[acollard83]

We have no router that is doing any ALG. We only have a Cisco 2851 doing NAT and an Adtran 5305 as a DS3 router. Configs for the 2 routers are below. Anything else that may be causing this?

!
!
! ADTRAN, Inc. OS version 17.09.02.00
! Boot ROM version 15.01.00
! Platform: NetVanta 5305, part number 1200831L1
! Serial number LBADTN1206AA547
!
!
hostname "WINDHAMHILLS-DS3"
no enable password
!
clock timezone -5-Eastern-Time
!
ip subnet-zero
ip classless
ip routing
!

!

ip name-server 68.94.156.1 68.94.157.1
!
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password x
!
banner motd ^
******************** W A R N I N G *************************

AUTHORIZED ACCESS ONLY

This system is the property of Voxity Telecom, Inc -

UNAUTHORIZED ACCESS, MISUSE OR SOLICITATION OF THIS SYSTEM,
AND/OR MODIFICATION TO ITS DATA IS STRICTLY PROHIBITED.

You must have explicit permission to access this
device. All activities performed on this device are
logged and violations of this policy will result in
disciplinary action.

******************** W A R N I N G *************************

^
!
!
no ip firewall alg ftp
no ip firewall alg msn
no ip firewall alg mszone
no ip firewall alg pptp
no ip firewall alg h323
no ip firewall alg sip
!
aaa on
aaa authentication fail-message ^
******************** W A R N I N G *************************

AUTHORIZATION FAILED!

YOUR ATTEMPTS ARE BEING LOGGED!

******************** W A R N I N G *************************
^
!
radius-server host 70.39.178.7 key cisco
!
aaa authentication login default local
!
!
!
no dot11ap access-point-control
!
!
!
!
ip dhcp-server excluded-address 70.39.179.129 70.39.179.130
!
!
!
!
!
!
interface eth 0/1
description CMTS Link
ip address 4.31.x.5 255.255.255.252
ip mtu 1500
no awcp
no shutdown
!
!
interface eth 0/2
description To NAT Router
ip address 4.31.x.1 255.255.255.240
ip mtu 1500
no awcp
no shutdown
!
!
!
interface t3 1/1
no shutdown
!
interface ppp 2
ip address 4.31.x.70 255.255.255.252
no shutdown
cross-connect 1 t3 1/1 ppp 2
!
!
!
!
!
!
!
!
!
ip route 0.0.0.0 0.0.0.0 4.31.x.69
!
no ip tftp server
no ip tftp server overwrite
ip http server
no ip http secure-server
ip snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
!
!
!
snmp-server community public RO
!
!
!
!

no ip sip udp

no ip sip tcp

!

!

!

!

!

!

!

!

!

!

!

!

!

!
line con 0
!
line telnet 0 4
no shutdown
line ssh 0 4
no shutdown
!
!
ntp source ppp 2
ntp update-rtc
ntp server 38.106.177.10 version 3 source ppp 2 prefer
!
!
!
end




Using 2840 out of 245752 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WH-2851
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username adam privilege 15 secret 5 $1$L5Fr$6vKZDiMWOyed.Aq5V2Qmg1
username eric privilege 15 secret 5 $1$99KV$10h4Lk6sevBjaezKBLuaL.
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 4.31.x.2 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.76.1 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 4.31.x.1
ip route 10.0.72.0 255.255.255.0 10.0.76.2
ip route 10.0.73.0 255.255.255.0 10.0.76.2
ip route 10.0.74.0 255.255.255.0 10.0.76.2
ip route 10.0.75.0 255.255.255.0 10.0.76.2
ip route 10.2.0.0 255.255.255.0 10.0.76.2
no ip http server
no ip http secure-server
--More-- !
!
ip nat pool POOL1 10.0.75.2 10.0.75.2 netmask 255.255.255.0 type rotary
ip nat inside source list 105 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.0.75.2 1723 interface GigabitEthernet0/0 1723
ip nat inside source static tcp 10.0.75.2 22 interface GigabitEthernet0/0 22
ip nat inside source static tcp 10.0.75.2 3306 interface GigabitEthernet0/0 3306
ip nat inside source static tcp 10.0.75.2 10000 interface GigabitEthernet0/0 10000
ip nat inside source static tcp 10.0.75.2 3000 interface GigabitEthernet0/0 3000
ip nat inside source static tcp 10.0.75.2 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 10.0.75.2 5060 interface GigabitEthernet0/0 5060
ip nat inside source static udp 10.0.75.2 19000 interface GigabitEthernet0/0 19000
ip nat inside source static udp 10.0.75.2 20000 interface GigabitEthernet0/0 20000
ip nat inside source static udp 10.0.75.2 19001 interface GigabitEthernet0/0 19001
ip nat inside source static udp 10.0.75.2 19002 interface GigabitEthernet0/0 19002
ip nat inside source static udp 10.0.75.2 19003 interface GigabitEthernet0/0 19003
ip nat inside source static udp 10.0.75.2 19004 interface GigabitEthernet0/0 19004
ip nat inside source static udp 10.0.75.2 19005 interface GigabitEthernet0/0 19005
ip nat inside destination list 110 pool POOL1
!
access-list 105 permit ip any any
access-list 110 permit udp any any range 19000 20000
access-list 110 permit tcp any any range 19000 20000
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
!
scheduler allocate 20000 1000
end

 

[busster]

What interface are you using? FreePBX? none?

Usually in Asterisk you have an eternip statement when using nat. has this been defined?

 

[busster]

Might be in sip_nat.conf or sip_general_additional.conf depending on your version / distribution of Asterisk.

something like:

nat=yes
externip=x.x.x.x
localnet=x.x.x.x/255.255.255.0

 

[acollard83]

We are using the externip config. This is port numbers being changed somewhere.

 

[Mouafy]

try to use ; qualify=yes to keep Nat session opened

Regards,
Ismail

 

[bithead9]

OK I had similar problem with one carrier I setup a month ago, maybe this will help. I added:
Externip=n.n.n.n <--- your public IP address (tells * to pass this address in packets outbound)
localnet=192.168.1.0/255.255.255.0 <--Replace with your local subnet address and mask
rtpkeepalive=10 <--- some providers need a keep alive packet. (10 is in seconds)
Be sure you have:
context=from-trunk
coded on the TRUNK definition (inbound).
Of course forward port 5060 between internal server and the providers static IP address. Do not open your server to all IP address as you will get a flood of hacks on that port.

 

[busster]

I am sure you have probably checked, but is the gateway setup correctly?

Can you ping google.com and get a response?