3cx on sbs with draytel

Discussion in '3CX Phone System - General' started by christianbroadley, Jul 13, 2009.

Thread Status:
Not open for further replies.
  1. christianbroadley

    Joined:
    Jul 13, 2009
    Messages:
    3
    Likes Received:
    0
    i have managed to setup a 3cx server on sbs and have setup 3 extensions which work with internal calling and voicemail is fine, i did have to use the sbs server internal ip rather than the second nic to get it to work even though i have mapped a couple of ports in RAS firwall on the second nic, my problem at the moment is i cannot call out through my voip provider "draytel" they have a simple config wich i use ok in x-lite :
    * Registrar : draytel.org
    * SIP port : 5060
    * Username : 8xxxxx (the numeric part of your DrayTEL account)
    * Outgoing Proxy : nat.draytel.org:5065 - Note : This should not be used unless your VoIP device is behind another firewall - only use it if that is the case and try without first. The Port number and outgoing proxy name might be entered separately, depending on the VoIP device you're using.
    and this works fine.
    yet my 3cx will not call out with these details

    can anyone shed light on this or have experience with an sbs 2003 2 nic setup
     
  2. sipero123

    Joined:
    Nov 24, 2008
    Messages:
    94
    Likes Received:
    0
    Hi,

    Login to the 3CX management interface. Can you tell me what network interface is being used in settings - network - stun server under Select Network card interface

    When you say you had to set SBS server internal IP rather than the second NIC where are you referring to/

    Under Voip providers - trunks draytel if you select advanced what IP is shown in the registration section. You should see 3 options under which IP to use in conact field

    External (stun resolved)
    Internal
    specified IP

    These are my initial thoughts on what to look at to resolve this.


    Jonathan Hamon
     
  3. christianbroadley

    Joined:
    Jul 13, 2009
    Messages:
    3
    Likes Received:
    0
    i dont seem to have a menu for this?

    i have the clients directed to the server internal lan address 192.168.1.2 instead of the firewalled 192.168.1.3 outside internet interface (sbs recomends the 2 NIC config for firewall reasons)

    External (stun resolved)
     
  4. zanthexter

    Joined:
    Jun 30, 2009
    Messages:
    11
    Likes Received:
    0
    It looks like you have SBS configuration problems as your "internal" and "external" NICs are on the same subnet.

    The reccomendation you are referring to is was Microsoft's attempt to position SBS2003 as the EVERYTHING solution, when in fact it's generally considered a pretty BAD idea to put all of your most sensative data on your firewall. Really. Bad. So, Microsoft said that you should set things up with the ISA feature acting as the firewall/router/gateway for your network. Never personally met anyone that did.

    In their scenario you have the following PHYSICAL configuration:

    Internet (DSL, Cable, T1, etc) --> wire ----> NIC 1 on SBS --> NIC 2 on SBS --> wire --> Network Switch --> wires - devices on your LAN.

    NIC 1 - Configured with the PUBLIC IP - MAY be behind another router/firewall, but in which case why set it up this way? NEVER on the same subnet as internal LAN - Double NAT and/or being behind two firewalls has LOTS of potential for problems with VOIP.
    NIC 2 - Configured with a PRIVATE IP, usually .1 or .254, it is the DEFAULT GATEWAY for your LAN.

    SBS now act's as a router between your LAN and the internet. SBS turned off, entire LAN goes down. BAD. (What insane person at Microsoft....ahem)

    If you are doing VPN's using the SBS, it IS still reccomended to assign the VPN's to their own NIC (any static) so that the SBS is less likely to have issues firewalling some stuff on that IP, and not others. Most people that do VPN's, that I know of, do them in their firewall. Not on their SBS.

    This doesn't sound like your scenario, whether it's just acting as a firewall or that you have VPN's.



    If you aren't doing a lot of VPN'ing (and VPN's are a security risk, allowing possibly infected, unmanaged, remote users on to your network and to talk to your server...Shudder...) or using your SBS as a firewall, and I strongly suggest that you do not use it as a firewall, redo things to a single NIC no ISA solution.


    Now, don't just rip everything apart because some nutcase on the internet said to. Sit down, and look at what the reasoning for your current setup is, and why you have two NICs on the same subnet. It can be a REALLY good idea to actually draw out the information flow on paper. Ya know, arrows, triangles, the whole chart thing.You might have things set up to meet a particular need. Or incorrectly set up to meet a need that must be met. If it's just set up incorrectly, plan the changes needed to fix it carefully. (Most likely just remove the 2nd NIC and run the wizard.), do a backup, and by all means take things slowly and one step at a time.

    Also, for VOIP to really be reliable, you need Quality of Service at the network perimiter. In other words, you need a firewall/router/gateway that lets all your phone traffice jump to the head of the line. You DON'T need a virus scan on the SBS making your voice mail playback like some crazy DJ going nuts with a turntable.

    Anyway, the simple answer is, looks like your server's networking is the problem. SBS networking support is outside the scope of a 3CX forum.
     
  5. christianbroadley

    Joined:
    Jul 13, 2009
    Messages:
    3
    Likes Received:
    0
    thanks for the reply the NIC are actually on diferent subnets server internal is 192.168.1.33/27 external is 192.168.1.2/27 but presumed some people might not understand me if i posted that any way all seems to be working at the moment as i has nat'ed the router to 192.168.1.33 :5060-5066 and 9000-9015 althought the router shouldnt send the data as its in 192.168.1.0 network not the 192.168.1.32 its still sending it through not an ideal situation as now my sbs is open to the world on these ports
     
Thread Status:
Not open for further replies.