How do I configure a CISCO router for to allow connection to a VOIP provider?

If you are using a VOIP provider, then you will have to configure your firewall correctly in order to get reliable results. Your firewall must support STATIC PORT MAPPING.

3CX Phone System needs the following ports mapped on the router or firewall to operate properly:

• Port 5060 (TCP and UDP) - Used for SIP protocol transmission – must be a static mapping, no port translation
• Port 5090 (TCP) - Used for 3CX tunnel (if tunnel is enabled)
• Port 9000-9015 (UDP) - Used for RTP protocol for incoming and outgoing calls

For business grade results you will also need a static/dedicated IP. Note that many cheap routers do not correctly port forward, and this will lead to problems when making calls. Run the firewall checker if in doubt.

Configuring the Cisco Router

A Cisco router has a firewall (ACL’s) and also NAT. If you have the firewall enabled you need to configure both NAT and access for NAT to work on the firewall. If you do not have firewall enabled follow step 1 documented procedure below. To configure both NAT and firewall follow steps 1 and 2 in the documented procedure below.

Step 1. Configuring NAT on a Cisco Router

1. Login to the SDM (Web interface) of the Cisco router. E.g. if the router IP is 192.168.1.3, using a web browser access the following URL: http://192.168.1.1 (use HTTPS if Cisco Web Interface is running on a secure-server).
2. Click on Configure button to start configuring the router.
3. Click on NAT button on the left hand side menu and on Edit NAT Configuration tab to start publishing ports on the router for the 3CX Phone System.
4. Add the following NAT entries to a new or already existing NAT table:
       a. Inbound UDP ports 9000 to 9015 mapped to the PBX internal IP.
       b. Inbound UDP and TCP access for port 5060 mapped to the PBX internal IP.
       c. Inbound TCP access for port 5090 mapped to the PBX internal IP (if tunnel will be used).
5. Click on Add to add a new NAT rule.
6. To start mapping ports, follow the options below:
       a. Tick Static.
       b. Set Direction to From Inside to Outside.
       c. Set IP address of Translate from interface to the 3CX Phone System Internal IP.
       d. Set the Network Mask to the 3CX Phone System subnet mask.
       e. Set Translate to interface Type to IP address or interface (if you have more than 1 IP bound to
       the same interface, and want the 3CX Phone System to  listen on a particular IP,
       choose IP address).
       f. If in step e you chose IP interface, input the external IP you want the 3CX Phone System 
        to listen on.
       g. If in step e you chose Interface, from the interface drop down menu choose the interface
       where 3CX Phone System should be published.
       h. Tick Redirect Port.
       i. Tick if it is TCP or UDP (depending on the Port being configured).
       j. Input the original port and translated port (preferably these should be the same port number).
       k. Click on OK to apply the NAT entry.
   
   
   
   
7. Repeat Step 5 to map every port 3CX Phone System needs.
8. When all default ports are configured, the final NAT table should look like the below.
   
   

Step 2. Configuring Firewall and ACL’s on a Cisco Router

1. Add the following ACL’s to the existing or new ACL (if firewall is enabled):  
       a. Inbound UDP access for ports 9000 to 9015
       b. Inbound UDP and TCP access for port 5060
       c. Inbound TCP access for port 5090 (if tunnel will be used)
2. To add rules to the Firewall, click on the Firewall and ACL button on the left hand side menu.
3. Click on the Edit Firewall Policy / ACL tab.
4. Tick Originating traffic and from the Access Rule Window click on add to add new rule.
5. In the new rule window, insert the following options:  
       d. Set Select Action to Permit.
       e. Description is not mandatory.
       f. Set Source Host/Network Type to Any IP Address.
       g. Set Destination Host/Network Type to A Host Name or IP Address.
       h. Insert the internal IP of the 3CX Phone System in Set Host Name/IP.
       i. Tick UDP or TCP (depending on which port is being configured) from Protocol and Services.
       j. Set Source Port to any.
       k. Set Destination Port to the port number the rule is being applied for.
       l. Click on OK.
   
   
   
   
6. Repeat Steps 11 and 12 to allow access to every port 3CX Phone System needs
7. When all default ports are configured, the final firewall table should look like the below.
   
   
   
   
8. Once ready, click on File menu and select Write to Startup Config so next time the Cisco is rebooted, the configuration is not lost.
9. Exit the configuration.

Conclusion

The PBX is now set to receive both incoming and outgoing calls. Run the firewall checker to check that the configuration is OK For 3CX Phone System to function properly, make sure all specified ports are used solely from 3CX Phone System.

General 3CX Phone System FAQs 

• How do I disable the dual Ring Tone?
• Can hotels with Micros Fidelio use 3CX Phone System?
• How can I translate the Prompt Sets?
• What phones, gateways and firmware have you tested 3CX Phone System V5.1 with?
• How can I setup integration between 3CX and Salesforce.com?
• How can I view SIP traffic with a Network Capture tool?
• Is Microsoft ISA server supported as a firewall?
• Why does 3CX require static port mappings (Full Cone NAT)?
• What operating systems does 3CX Phone System support?
• How can I use the 3CX Tunnel with a SIP hardphone?
• How do I configure my Linksys router for 3CX Phone System?
• How to use fax if using multiple network interfaces
• How can I localize 3CX Phone System?
• How does Phone provisioning work?
• How do I create a phone provisioning template?
• How does 3CX Phone System decide whether a call is internal or external?
• What is the firewall checker and why do i need it?
• What is the cause of Installer error 2738, when installing 3CX?
• How to solve Source identification errors
• What is a SIP domain and how do I configure it correctly?
• How can I launch a call from a web based CRM package?
• How does 3CX know its an external extension?
• Does 3CX Support SIP trunking/ SIP trunks?
• 3CX Phone System Commercial & Free editions support page
• How can I adjust the configuration for unsupported VOIP providers or gateways?
• How do I configure direct SIP Calls?
• Configuring Exchange Server 2007 Unified messaging with 3CX Phone System
• What SIP Phones can I use with 3CX Phone System?
• What VOIP Gateways can I use with 3CX Phone System?
• Does 3CX VOIP Phone System work with Vonage?
• How to request support from 3CX
• How to convert a Cisco 7940 from SCCP to SIP
• What VOIP Providers have you tested 3CX Phone System with?
• Build History
• Does 3CX Phone System work with BroadVoice?
• Analyzing a SIP call