UCM6200 - two peer trunks with same IP but different ports

ip-communications

#1

I need to run two peer trunks to same provider. The provider has setup two peer trunks, same IP address, but different ports (5060 and 5070).

I have respectively setup two peer trunks on UCM6202, and in ‘host’ field added port numbers this:
XXX.XXX.XXX.XXX:5060
XXX.XXX.XXX.XXX:5070.

All successfully saved and applied, but only trunk on port 5060 is working.

Has anyone come across this?


#2

done the correct NAT and in the ACL of both the 5060 and the 5070 and RTP?


#3

Yes, same settings for ports 5060 and 5070 on the router


#4

be careful not to confuse the registration SIP port with the listening SIP port.


#5

Which part is not working ?


#6

Incoming/outgoing calls to/from trunk with port 5060 are working
Incoming/outgoing calls to/from trunk with port 5070 are not working

Played with various settings on Mikrotik router and UCM. Trunk on 5070 works only when trunk on 5060 is disabled, and also firewall rule to forward 5060 to UCM’s LAN IP is disabled


#7

you probably have to record 5060 and listen to 5060 and the second record to 5070 and listen to 5070?


#8

what settings on the Mikrotik ? show the nat table


#9

ALG is disabled ?


#10

Yes. sure


#11

Here it is:

/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface=ether1-WAN
add action=dst-nat chain=dstnat comment=SIP_Telecom in-interface=ether1-WAN
protocol=udp src-address=195.5.0.XX src-port="" to-addresses=192.168.0.10

Basically, all traffic from SIP provider’s IP 195.0.XX goes to LAN IP 192.168.0.10


#12

Doesn’t look right…

Why not just use the following in terminal:

/ip/firewall/nat
add src-address=192.168.5.X dst-address=192.168.0.10 dst-port=5060 protocol=udp chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=5060 comment=“SIP 5060”

add src-address=192.168.5.X dst-address=192.168.0.10 dst-port=5070 protocol=udp chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=5070 comment=“SIP 5070”

add src-address=192.168.5.X dst-address=192.168.0.10 dst-port=10000-20000 protocol=udp chain=dstnat action=dst-nat to-addresses=192.168.0.10 to-ports=10000-20000 comment=“RTP Audio”

192.168.5.X where x = the ip of the provider

Then in your UCM, declare the sip port accordingly to the above in your trunk settings and it should work.


#13

Thanks, this is most logical config I tried this is the first place. And re-tried just now.

What I see from connection lists on Mikrotik is that UCM sends only on 5060, there is no single packet coming from it on 5070.

I think the last thing to try would be connect UCM directly to WAN and see what happens then. Bizarre.


#14

In the trunk for the UCM you would need to set it to 5070 at the end … eg 192.168.5.2:5070 if 192.168.5.2 was the providers router…

Like the picture - does that then work ?


#15

Yes, my settings are exactly the same.

And I also tried 192.168.5.2:5060 on gen2 trunk on your picture, which made no difference


#16

Catch packets when 5070 is used.
I remember that UCM do not recognize port and use first trunk rules.


#17

Ok, after some experimentation these are rules with which incoming calls go through:

add action=dst-nat chain=dstnat comment=“telecom 5060” dst-port=5060
protocol=udp src-address=195.5.0.XX to-addresses=192.168.0.10 to-ports=
5060
add action=dst-nat chain=dstnat comment=“telecom 5070” dst-port=5070
protocol=udp src-address=195.5.0.XX to-addresses=192.168.0.10 to-ports=
5060
add action=dst-nat chain=dstnat comment=“telecom RTP Audio” dst-port=
17000-20999 protocol=udp src-address=195.5.0.XX to-addresses=192.168.0.10
to-ports=17000-20999

Still no luck with outgoing on 5070 trunk


#18

Ah yes, your PBX have 1 sip port :slight_smile:

outgoing: logs on PBX and WAN router port. Then check if you see outgoing call and what reply it get.


#19

This is capture on LAN.
194.183.1XX.X - WAN IP
192.168.0.10 - LAN IP of GS
195.5.0.XX - SIP trunk IP

In bold is what I think creates the issue.

Frame 37: 1176 bytes on wire (9408 bits), 1176 bytes captured (9408 bits)
Ethernet II, Src: Grandstr_21:09:82 (c0:74:ad:21:09:82), Dst: Routerbo_f8:fd:13 (6c:3b:6b:f8:fd:13)
Internet Protocol Version 4, Src: 192.168.0.10, Dst: 195.5.0.XX
User Datagram Protocol, Src Port: 5060, Dst Port: 5070
Session Initiation Protocol (INVITE)
Request-Line: INVITE sip:5015628@195.5.0.XX:5070 SIP/2.0
Method: INVITE
Request-URI: sip:5015628@195.5.0.XX:5070
Request-URI User Part: 5015628
Request-URI Host Part: 195.5.0.XX
Request-URI Host Port: 5070
[Resent Packet: True]
[Suspected resend of frame: 16]
Message Header
Via: SIP/2.0/UDP 194.183.1XX.X:5060;rport;branch=z9hG4bKPj9ab630d9-51a7-4532-9d23-23bf1cc7b0f1
Transport: UDP
Sent-by Address: 194.183.1XX.X
Sent-by port: 5060
RPort: rport
Branch: z9hG4bKPj9ab630d9-51a7-4532-9d23-23bf1cc7b0f1
From: “9800” sip:0442903333@192.168.0.10;tag=9e144dac-e71a-4822-a877-b979bbd078ea
SIP from display info: “9800”
SIP from address: sip:0442903333@192.168.0.10
SIP from tag: 9e144dac-e71a-4822-a877-b979bbd078ea
To: sip:5015628@195.5.0.XX
SIP to address: sip:5015628@195.5.0.XX
Contact: “9800” sip:0442903333@194.183.1XX.X:**5060**
SIP C-URI display info: “9800”
Contact URI: sip:0442903333@194.183.1XX.X:5060
Call-ID: b463cad3-2484-48da-8688-911343d8b86d
[Generated Call-ID: b463cad3-2484-48da-8688-911343d8b86d]
CSeq: 14591 INVITE
Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE, REGISTER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 90
Max-Forwards: 70
User-Agent: Grandstream UCM6202V1.7A 1.0.20.38
Content-Type: application/sdp
Content-Length: 383
Message Body

No response on LAN is coming in. So basically it is broken on the level of SIP packet and looks there is no way around. But will also look on LAN and post it here


#20

This is on WAN port. Same, actually

Frame 167: 1155 bytes on wire (9240 bits), 1155 bytes captured (9240 bits)
Ethernet II, Src: Routerbo_f8:fd:12 (6c:3b:6b:f8:fd:12), Dst: JuniperN_a6:b8:49 (78:4f:9b:a6:b8:49)
Internet Protocol Version 4, Src: 194.183.1XX.X, Dst: 195.5.X.XX
User Datagram Protocol, Src Port: 5060, Dst Port: 5070
Session Initiation Protocol (INVITE)
Request-Line: INVITE sip:5015628@195.5.X.XX:5070 SIP/2.0
Method: INVITE
Request-URI: sip:5015628@195.5.X.XX:5070
Request-URI User Part: 5015628
Request-URI Host Part: 195.5.X.XX
Request-URI Host Port: 5070
[Resent Packet: True]
[Suspected resend of frame: 36]
Message Header
Via: SIP/2.0/UDP 194.183.1XX.X:5060;rport;branch=z9hG4bKPj229f9945-bdef-47fd-b7cc-20631820487a
Transport: UDP
Sent-by Address: 194.183.1XX.X
Sent-by port: 5060
RPort: rport
Branch: z9hG4bKPj229f9945-bdef-47fd-b7cc-20631820487a
From: “9800” sip:0442903333@194.183.1XX.X:5060;tag=6cc96eeb-f4b2-4792-8306-b6c3c76038e5
SIP from display info: “9800”
SIP from address: sip:0442903333@194.183.1XX.X:5060
SIP from tag: 6cc96eeb-f4b2-4792-8306-b6c3c76038e5
To: sip:5015628@195.5.X.XX
SIP to address: sip:5015628@195.5.X.XX
Contact: “9800” sip:0442903333@194.183.1XX.X:5060
SIP C-URI display info: “9800”
Contact URI: sip:0442903333@194.183.1XX.X:5060
Call-ID: 7bc514b5-fdcc-493b-943f-92111ac9fce6
[Generated Call-ID: 7bc514b5-fdcc-493b-943f-92111ac9fce6]
CSeq: 12193 INVITE
Allow: OPTIONS, INFO, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE, REGISTER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 90
Max-Forwards: 70
User-Agent: Grandstream UCM6202V1.7A 1.0.20.38
Content-Type: application/sdp
Content-Length: 382
Message Body