SIP trunk - no audio

[Diya Freahat]

I have a sip trunk configured with a sip provider in IP Office v2 R11.1 behind a Meraki firewall

No signal issues for incoming and outgoing calls, but no audio in both directions when answering call, and system status shows 100% packet loss with media IP even though there is a ping from IPO

I set and ran a STUN address for Google in the LAN1 network topology which provides the full cone NAT & public IP, and fixes the audio issue for only a few hours

Firewall engineer advised me that the Meraki doesnt do sip alg inspection.
and I should use either :
STUN server,
Is there a free STUN server that runs permanently without any restrictions or does it require a subscription?

Or

Configre IPO to correctly send the public IP in its header, how is it done?

Any advice appreciated.

 

[Jonah29]

I have a sip trunk configured with a sip provider in IP Office v2 R11.1 behind a Meraki firewall

No signal issues for incoming and outgoing calls, but no audio in both directions when answering call, and system status shows 100% packet loss with media IP even though there is a ping from IPO

I set and run a STUN address for Google in the LAN1 network topology which provides the full cone NAT & public IP, and fixes the audio issue for only a few hours

Firewall engineer advised me that the Meraki doesnt do sip alg inspection.
and I should use either :
STUN server,
Is there a free STUN server that runs permanently without any restrictions or does it require a subscription?

Or

Configre IPO to correctly send the public IP in its header, how is it done?

Any advice appreciated.

 

[Jonah29]

Is SIP aLG disabled in the FW?

 

[Jonah29]

Sorry I just reread the post. Forget that question.
Sorry.

 

[derfloh]

If you have to send your public IP you need to set up your network Topology. But if you have no audio in both directions it looks like the firewall blocks traffic in both directions.

Is it a trunk with registration?

 

[Travis Harper]

Its usually related to setting the NAT Type correctly, and/or RTP range not being setup properly in the firewall.

 

[Diya Freahat]

If you have to send your public IP you need to set up your network Topology. But if you have no audio in both directions it looks like the firewall blocks traffic in both directions.

Is it a trunk with registration?

No authentication in SIP trunk, SIP provider shared with me only IP details, 5060 UDP, and RTP 20000-40000 which are opened in IPO & in firewall,
They told me that the call coming from SIPTrunk having media IP as the local IP instead of the public

I believe this happens when SIP alg is enabled on the firewall, but ALG functionality is not available on the client firewall

 

[Diya Freahat]

Its usually related to setting the NAT Type correctly, and/or RTP range not being setup properly in the firewall.

What is the correct NAT type?
Full cone NAT in network topology & in firewall?

Google stun server discovers the full cone NAT with the public IP, and fixes the audio issues shortly.
The audio problem remains if NAT type & public IP if are set manually in network topology.
Should they be set to the firewall as well?

 

[Travis Harper]

What is the correct NAT type?
Full cone NAT in network topology & in firewall?

Google stun server discovers the full cone NAT with the public IP, and fixes the audio issues shortly.
The audio problem remains if NAT type & public IP if are set manually in network topology.
Should they be set to the firewall as well?

I've always struggled with this myself. Using an external firewall woth port forwarding the signaling and RTP, I've used Open Internet.

 

[derfloh]

No authentication in SIP trunk, SIP provider shared with me only IP details, 5060 UDP, and RTP 20000-40000 which are opened in IPO & in firewall,
They told me that the call coming from SIPTrunk having media IP as the local IP instead of the public

I believe this happens when SIP alg is enabled on the firewall, but ALG functionality is not available on the client firewall

The port range 20000-40000 is on their side and must be open outbound. Inbound you have to ensure that the port range configured in your IPO (LAN interface) is open as the IPO tells rhe provider to send RTP to those ports.