Yes, that would appear to be a logical next step. Is it possible the local router firewall could be causing a problem also?
You can forward ports without issue at any site as long as done correctly.
The issue for a remote site when there is more than one device behind the router is that some routers are not as adept at keeping NAT/PAT tables correctly. So, consider that if you have 5 devices behind the remote router and all are trying to communicate to a single UCM, once the messaging leaves the router they all look similar as they all use the same IP and ports. When the UCM replies back, it will use that same info as received and will send the message back as instructed, but the router may have an issue in directing the correct message back to the correct phone as all the phones are using the same ports.
So, to overcome the issue, there are some phone and router settings that can be used to make each phone unique and help the router keep things straight-
- In the remote router, set aside a different SIP port and a different range of RTP ports for each phone. So, if you have 3 phones, for instance, set the port forward for phone 1 to be 5060 UDP and 5004 to 5053 UDP, phone 2 5062 and 5054-6003 and phone 3 to 5064 and 6004-6053. The 50XX is the SIP port and the ranges are RTP.
Whatever port and ranges you set, they need to match between the phones and router forwarding rule(s). As an aside, a 200 RTP port range per phone is way more than what is really needed, so lower it as much as you like - 50 is fine and is what I have shown. The above also assumes that each phone has its own static/reserved IP.
In each phone, you will need to set the local SIP port accordingly to what I indicated above. The local SIP port is what the phone uses to tell the UCM which port to use when communicating back.
By setting a different/unique SIP and RTP port range for each phone and matching these to the router forwarding rules, each message to each phone is now unique from other messaging to the other phones and the router should be able to handle this with ease.
In the NAT IP section as shown further above and also highlighted, enter in the public IP of the remote site. This allows the phone to tell the UCM what IP to use without the need for STUN. STUN might be needed otherwise if you did not have a static IP at both locations. You indicated static at both.
In the extension settings for the remote phones:
a) NAT should be enabled
b) can direct media should be disabled.
In the UCM, security settings, check to insure that the remote IP is not blacklisted and at the same time, add the remote static IP to the whitelist (fail2ban).
In the remote phones - put into place some security in order to prevent “ghost calls”.
As a further aside, the setup for sites with multiple phones (or any for that matter) is better served with the use of a router that supports a site-to-site VPN. In this manner, you avoid the remote setup and forwarding issues as they all look like one local site and you further gain the security aspect.
These all seem like logical steps. The way you presented these recommendations will be easier for me to follow (given my limited experience). I will try to free up some time today and this evening. Thank you for the time you devoted to this. It is nice to know there are people, such as yourself, who are willing and able to help out!
Still no luck registering. I just noticed that when I initiate a remote desktop session (remote router to ucm router), the pc stalls at the welcome screen of the ucm pc. I must then disconnect and retry the remote desktop session a second time. It then establishes a connection every time.This is happening consistently. Is this a clue?
Also noted on the ucm that the Terminal Type of the extensions I’m trying to register are SIP(WebRTC) vs SIP.