Need advise for NAT settings pbx62XX VoIp trunk issue


#1

Hi, need advise/help with settings for NAT in VoIp trunk.
PBX have external IP, in trunk setup when I marking NAT checkbox, and making outgoing call through this trunk, it making connection and phone ringing, but, when I pick up the phone in a office, I’m hear nothing, silence, and in a same moment voip office phone keep make waiting signal in a handset. If I calling to trunk number/pbx from cellphone all working, good connection and sound. When I’m turning NAT off, all working perfect in a both way receiving and calling with good sound on both sides. So, any idea how to setup NAT (change ports) or RTP (change ports) or whatever?
For test, I was used my cellphone and Grandsteram GXP1760 phone in local net with pbx in a office.
Thanx.


#2

apart from the correct Nat to be done on Firewall / router, UCM side in the NAT section you entered ip-audience: 5060?

the same on the settings of the trunk


#3

Thank you for your answer, maybe I explained wrong, The UCM is this Firewall, it have a public IP, first point on a route. No any devices restrict internet connect access to it. So any idea what it could be? RTP 10000 - 20000 STUN, TURN is on, ICE Support is on, in NAT and rest of it = UDP 5060. TLS - for domen.


#4

@StrizhM, this is an aside, but you should be aware that almost everyone here recommends that you do not use the UCM as the firewall. The general consensus is to leave the UCM as the phone device only, and have a separate firewall do it’s specialized function.

I ten d t use a GWN7000 for this purpose, but there are other more expensive, more full featured firewalls out there if you have that requirement.


#5

Thank you. But still problem with NAT settings in PBX. :frowning:


#6

Unmark NAT in Trunk if you set NAT.


#7

There are two places that mess with NAT settings in the PBX

On the trunk there is a checkbox for NAT
uncheck this

In PBX-SIP-NAT
your external host should have your public IP
the checkbox for use SDP should be checked
(this tells the sip provider what address to reply to)

Be sure your provider isn’t subnetting you to begin with.
Your public IP shouldn’t start with a 192, a 172, or a 10.(with some exceptions)


#8

Thank you for your answer, I have a one quick question, we have a domain name (we don’t use IP address) and TLS, pbx denied/add to black list all connection accept connection from domain name. What are you think, In this case “Use IP address in SDP” options will be working properly?
Thanx.


#9

You can use a FQDN that resolves to your external IP without a problem. That is what people using DDNS vs a static IP do all the time.


#10

That what i’m exactly using. thank you. But what exactly is the value to mark “Use IP address in SDP” it will send IP or domain name?


#11

It will essentially include whatever is in external host as a return address.


#12

Thank you sir.


#13

So any Idea gentleman, what could be problem? I repeat this issue, it happens only if NAT checked in Trunk Setup>> NAT check box. Any call from internal extension to any number through this trunk doesn’t connecting if someone pick up handset from first time, But, if reject call or hang up call in a first time, it begin ringing again (by self, no action from local extension it keep make same beeping sound) and if pick up handset in a second time, it properly connecting.
It freak me out, help!


#14

It must be off. You check this for peer trunk only i think.


#15

This is what show me when I pointing on check box:
Turn on this setting when the PBX is using public IP and communicating with devices behind NAT. If there is a one-way audio issue, it is related to NAT configuration or SIP/RTP port support in the firewall.The setting needs to be tested by the installer since it will rewrite the Contact header of the received message, which may affect the ability to establish calls when behind the NAT. We may need to configure the SIP NAT settings instead.


#16

The setting is not an all or nothing one as it depends on some other settings in the PBX.

You will note that the description also indicates that it needs to be tested and that it may affect and may need to configure.

To test the connection requires that you do a network capture of a call with NAT on and NAT off. This will show the headers and if being written correctly or not. This is the only sure fire way of knowing, but you can also do test calls and see if one-way audio or other issues arise. In most cases, if the call results in two way audio and the calls lasts longer than 32 seconds and when you disconnect the call at the remote/external end and it disconnects at the UCM and phone behind the UCM, then it is likely set correctly.


#17

Thank you.