Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SV9100 NAT

Status
Not open for further replies.

conxtel

Technical User
May 12, 2014
131
CA
I haven't set up too many remote IP phones on a 9100 and was setting one up today and ran into an issue. Not sure if that is how it is supposed to work or not.

I had already enabled 10-46-14 (NAT mode for DT900/800) but wanted to register my phone onsite first. I had the standard settings in my phone (NAT Transversal was not yet enabled) and the phone just kept coming up SIP Server Cannot be Found. I disabled 10-46-14 and away the phone went. I then re-enabled it, connected the phone at the remote site with NAT Transversal settings enabled, and it worked.

My question is now that I have one remote phone working, and it would not register locally with NAT mode enabled, how would a person add more IP phones locally? Does any future IP phone have to be set with NAT Transversal enabled, even if it is locally connected?
 
Program 10-58. Just put your local IP subnet there. You also use this for the far end subnet of any hardware VPN connected IP phones.
 
You need to use different ports for each remote phone and keep a spreadsheet of what you use or it will soon get out of hand!
 
For more IP phones locally, you generally don't need NAT Transversal enabled if they're on the same network.
 
Ozzie, you shouldn't need to do that. If NAT is setup properly. Your biggest issues will be if SIP ALG is turned off at both ends. Internally you shouldn't be using NAT. You can use both NAT and local phones. Check your network settings and network. Never had an issue. 10-46-14 should almost always be on.
 
@CoralTech Sorry but been there done this and each phone needed different ports and if you had 2 on the same port, at least one wouldn't work! Checked and confirmed with TAC!

Edited to add, I know this because after install I had a fault with no speech on one phone. Changed it's ports and hey presto fixed!
 
Last edited:
Keep in mind that a few years back NEC was having an issue with the SV9100 getting hacked because it was exposed to the internet. I had a conversation with NEC because I had a customer who wanted a SV9100 they could use remote phones and NEC advised against doing it. You can do it but you better keep track of the logs and be prepared to shut it down fast if you run into an issue.
 
@CoralTech Sorry but been there done this and each phone needed different ports and if you had 2 on the same port, at least one wouldn't work! Checked and confirmed with TAC!

Edited to add, I know this because after install I had a fault with no speech on one phone. Changed it's ports and hey presto fixed!
Interesting. I have literally hundreds of remote phones using NAT and never had to do that. Now, the UX5000 that was another story and you have to do that.
 
Keep in mind that a few years back NEC was having an issue with the SV9100 getting hacked because it was exposed to the internet. I had a conversation with NEC because I had a customer who wanted a SV9100 they could use remote phones and NEC advised against doing it. You can do it but you better keep track of the logs and be prepared to shut it down fast if you run into an issue.
If you set it up right you should be ok. Def need to have geolocation on your firewall.
 
Actualy @CoralTech it may have been a complicating factor in that they wanted to be able to take their desk phones home as and when they felt the need so they had to be able to turn the nat traversal on or off as needed. maybe the differing ports were for on premises? However the fault I had with a phone set to the same port as another was an off site phone (the customer had three sites in close proximity, each with their own internet connection).
 
Keep in mind that a few years back NEC was having an issue with the SV9100 getting hacked because it was exposed to the internet. I had a conversation with NEC because I had a customer who wanted a SV9100 they could use remote phones and NEC advised against doing it. You can do it but you better keep track of the logs and be prepared to shut it down fast if you run into an issue.
I have the remote WAN IP whitelisted as the only valid IP that can get through the firewall. Hopefully it is enough to keep the hackers away. Tough to stay one step ahead these days it seems.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top