AT&T IP Flex Reach and 3CX

Discussion in '3CX Phone System - General' started by jayfromit, Aug 10, 2015.

Thread Status:
Not open for further replies.
  1. jayfromit

    Joined:
    Aug 10, 2015
    Messages:
    12
    Likes Received:
    0
    Hello,

    My company has a 3CX server we use, with a T1 PRI. Most of the time it's fine however every time it rains it has issues because it's just copper wires. So we have decided to switch to the ATT flexible Reach service.
    I'm fairly a newbie with VOIP/SIP. To my understanding how sip technology function is when configuring your PBX server all you need is 1 IP address then USER and PASS.

    However the guys at ATT is giving me 4 IPs (Public Media Address, Public Signaling Address, Customer Media Address, and Customer Signaling Address). I have no idea what to do with these IPs. I can't find anywhere in the 3cx settings where it will accept 4 IPs and let alone not allow it to have a USER and PASS because ATT doesn't have any auth.

    If someone can lead me to the right path that would be great.
    I already googled ATT flex and 3cx and not much help popped up other then how easy it was to set it up. So googled 3cx and asterisk configuration and got this.
    http://pbxinaflash.com/community/index.php?threads/how-to-at-t-ip-flex-trunk-configuration.9155/
     
  2. pj3cx

    pj3cx Active Member

    Joined:
    Aug 1, 2013
    Messages:
    645
    Likes Received:
    1
    Hi there,
    Please try the following :
    - as a first step, ensure the Settings / Firewall checker passes all green, if not please adjust firewall/router configuration as per admin manual. Ensure your firewall allows SIP traffic from "Public Signaling Address" and RTP traffic from "Public Media Address.
    - confirm that the "Customer Signaling Address" and "Customer Media Address" are your pbx public IP if not please adjust at AT&T.
    - go in VoIP Providers/Add Provider, name the provider as you wish, Country: US, Provider: AT&T, Next
    - SIP server hostname or IP, enter the "Public Signaling Address" provided, Next
    - External number: your main number, Maximum simultaneous calls: the number of calls allowed on trunk, Next
    - Define a default inbound rule, Next
    - Define an outbound rule, Finish
    - go in Ports/Trunks status, confirm the provider appears green
    - test inbound/outbound call.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. JayP

    Joined:
    Aug 27, 2017
    Messages:
    1
    Likes Received:
    0
    jayfromit,

    I am having the exact same problem. Did follow the posted instructions from 3CX get it working? if not, did you get it working and how?
     
  4. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Hi,

    I'll be working with a customer soon to convert to AT&T Flex with SIP trunking. Does @pj3cx 's procedure from 2015 still work? @JayP, what problems did you encounter and what was the solution?

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    940
    Likes Received:
    152
    I actually worked with 3CX to get AT&T in as a supported VoIP provider so I'm very familiar with the setup. As far as the how though depends on the actual circuit. For all of our older installs AT&T would give you one of two options. Separate ethernet hand-off for the voice only portion which would require a second NIC but we would typically ask them to put it on the same NIC as the data. If you do it that way then you just treat it as a regular SIP trunk with IP authentication. This was when they were using Cisco routers. However, on the most recent installation using their newer (Business In a Box) which is their own router solution they wouldn't let my tech put everything on a single interface. Now whether this was because the guy didn't know how to or they just won't do it I'm not sure. And this was actually a move for the customer which was previously using the Cisco with a single interface. But the PBX had two NICs so we just did the standard 2 NIC setup.

    Keep in mind that AT&T will put an ACL in by default blocking 5060 from the outside world so if you want remote phones via STUN you'll need to request them to remove this. Sometimes they will make you fill out the form and other times they will just do it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    mcbsys likes this.
  6. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Thanks @cobaltit for the major heads-up. Adding a NIC could take some work especially since we're on a virtual machine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    940
    Likes Received:
    152
    Yep, that can be a hurdle. But like I said, they used to let us run VoIP over the single ethernet hand-off prior to the Business In A Box change. I'd talk to the rep and see if that is an option before you invest time into the 2nd NIC.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Thanks, we'll be checking with them for sure.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Customer's server has an unused NIC if we need it (still checking on that). If we do go that way, do we need to follow the last section of Network configurations supported by 3CX Phone System, "Multiple internet gateways (used by ISPs that offer VoIP Services)"? I was surprised by the requirement for RRAS and a static route. In fact, I thought I remembered putting multiple IPs on the same NIC many years ago...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    940
    Likes Received:
    152
    No RRAS need. Multiple NICs yes and static route maybe (Depends on where the SIP server IP is). My guy who did the business in a box install doesn't remember anything and I don't have remote access to that box to check. But typically you have your internet NIC with a default gateway and no default gateway on your VoIP NIC. The SIP server is either the local device in which case you won't need a static route because the SIP server is the local device or if it is remote then you will setup a static route to that IP or IP block out via the VoIP interface.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    mcbsys likes this.
  11. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    @cobaltit, thanks for that. It looks like static routes would get configured in RRAS but in this case, AT&T has given us one non-routable internal IP (172.x.x.10) for both the VoIP Media and VoIP Signal. So it sounds like we won't need static routes. Depending on whether the customer uses their own router after the Business in a Box (BIB), they might not even need a second physical NIC.

    These are the procedures I'm developing. Feedback welcome.

    Option 1: Use BIB for all routing

    1. Run one CAT6 cable from the BIB router to physical switch, which feeds NIC 1 of the Hyper-V host and all other local devices.

    2. In Hyper-V manager, add a second NIC to the 3CX guest. Connect it to the existing Virtual Switch, which ties to physical NIC 1.

    Option 2: Use LAN router after BIB

    1. Run one CAT6 cable from the BIB router to the customer router WAN port. Run another cable from customer router LAN port to physical switch, which feeds NIC 1 of the Hyper-V host and all other local devices.

    2. Run one CAT6 cable from the BIB router to NIC 2 of the Hyper-V host, BYPASSING the customer router and switch.

    3. On Hyper-V host, enable the second NIC. In Hyper-V manager, configure a new Virtual Switch called VoIP and map it to physical NIC 2. This NIC does NOT need to be visible to the host; it's only used by the guest [just leave it set to DHCP?].

    4. In Hyper-V manager, add a second NIC to the 3CX guest. Connect it to the new VoIP Virtual Switch, which ties to physical NIC 2.

    Both Options: 3CX Config

    1. In the 3CX guest machine, the first NIC remains unchanged. This has a gateway for Internet connection. It is already working for data, for an external SIP trunk, for connecting local phones, for the dashboard, etc.

    2. In the 3CX guest machine, configure the new NIC for with static IP = 172.x.x.11, Mask = 255.255.255.0, no gateway. Does it need DNS? I guess it wouldn't hurt to point it to the internal DNS server.

    Update With Option 2 above, there is no access to the internal DNS server, which is behind the LAN router on the 192.168.x.x subnet. Leave DNS blank in this NIC's configuration.

    3. In the 3CX management console, set up a new SIP trunk for AT&T with host = 172.x.x.10.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #11 mcbsys, Sep 28, 2017
    Last edited: Sep 29, 2017
  12. cobaltit

    cobaltit Active Member

    Joined:
    Mar 22, 2012
    Messages:
    940
    Likes Received:
    152
    So you don't need RRAS for routes. route add .... -p will do what you need.

    I don't think option 1 is possible because I don't believe AT&T will give you access to the BIB router. They want to hand off a public IP to your router. So with the option 2 method, you'll just create a new switch and uncheck the option to share the interface with the management operating system. This will hide the NIC from the host completely (no DHCP or anything). For the VM config, no DNS needed on the 2nd interface. You are talking directly to the BIB router so the interface just needs an IP on the same subnet as the IP AT&T gave you which is the 2nd interface on the BIB.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    accentlogic likes this.
  13. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Thanks again, cobaltit, especially for clearing up the question on DNS. The one strange thing left is that AT&T is giving conflicting info about the IP address for VoIP services. The order portal shows it as 172.x.x.10, which makes sense since that is a non-routable subnet. However some emails indicate that it will be 1.1.x.x (something about a way to map IPv4 to IPv6), which has me confused since 1.1.x.x is a routable address and points to an actual IP range in China, so what is to keep that from routing through the data side?

    Re. the Business in a Box, in this case it's an Edgemarc 4808. They sent a user guide which has instructions for customer login to configure firewall, port forwarding, VPN, etc.: http://carecentral.att.com/downloads/bib_next_gen_user_guide.pdf. I recall seeing that you can put your own router behind it (my option 2), but it looks like you could instead use it as your primary router (option 1).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    @moniputerPBX, thanks for jumping in. This customer already has a BIB with a PRI line. I realized I could to a tracert from his current setup to the 1.1.x.x address. Sure enough, that hops once through is LAN router and ends at 12.167.74.17, an IP owned by AT&T. Very different from the public routing I see when I tracert from my network.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. mcbsys

    mcbsys New Member

    Joined:
    Oct 8, 2008
    Messages:
    179
    Likes Received:
    15
    Thanks all for your help! System is up and working.Followed option 2 with a cable from 2nd NIC to port 8 of AT&T BIB router.

    Router expects SIP and audio traffic from IP 1.1.x.21, so that address goes in 2nd NIC, netmask 255.255.255.0, no default gateway, no DNS.

    Router IP is 1.1.x.1, so that is the hostname in 3CX. Confirmed with tracert from 3CX machine that it's one 1ms hop to 1.1.x.1.

    No static route needed because both SIP and media are on same, local IP.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    matthank likes this.
Thread Status:
Not open for further replies.