Disallow use of extension outside the LAN

Discussion in '3CX Phone System - General' started by fcbg, Aug 10, 2013.

Thread Status:
Not open for further replies.
  1. fcbg

    Joined:
    Aug 10, 2013
    Messages:
    4
    Likes Received:
    0
    Hi

    I am trialling the Demo version of V11. I have an issue where I cannot get any local extensions to register with the 3CX server unless I untick the option "Disallow use of extension outside the LAN" which is under Extensions\xxx\Other.

    My extension is on the same subnet as the server and uses DHCP. If I untick the option the extension register successfully.

    Is there any reason why this option is blocking registration from LAN connections? I thought this was used to block registrations from External WAN connections only?

    Thanks
     
  2. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,061
    Likes Received:
    56
    Your understanding of how it should work is correct. My experience with the system is that the function works exactly as advertised, so I can only think of few possible reasons -

    1. Is it possible that the server has more than one NIC card?
    2. Is it possible that the phones have an old proxy or setting installed from prior use, did you do a factory reset on them and were they provisioned by 3CX?
    3. Did you start off using one network address on the system and subsequently change mid-stream..after the phones were deployed? If so, then maybe the phones still have the original settings.

    I would start off by doing a factory reset and then manually provision a phone so that I know that it was clean and the provisioning correct and see what happens.

    We likely will need a log to see what is actually happening and even then may need more.
     
  3. bardissi

    bardissi Member

    Joined:
    Jan 31, 2012
    Messages:
    318
    Likes Received:
    0
    Your network setup more be more complicated (vlan possibly)

    If so by checking this box it will modify the sip traffic to allow outside of the network segment
     
  4. fcbg

    Joined:
    Aug 10, 2013
    Messages:
    4
    Likes Received:
    0
    Hi lneblett & bardissi

    Thank you for your replies.

    In response to your questions. I only have one Physical network card installed in the PC however I noticed 3CX was detecting an IP address of a incoming VPN connection. This IP was also apparent in an ipconfig. I deleted the IP of this VPN and restarted 3CX. Now it only detects the one IP however I still cannot provision phones unless I enable the External LAN option.

    The PC is a physical machine and not a VM.

    Currently I'm only using soft phones. (No Hardware Phones.) I have tested with iPad, iPhone and Windows phone. I have tried Auto provisioning and Manual provisioning. The result is always the same and I cannot connect phone until External LAN is allowed.

    Below is the error seen in Server Event Log during Connection attempt:

    SIP request (SUBSCRIBE) from 195.114.114.103 was rejected. Reason: Block WAN requests is ON.
    Message:
    SUBSCRIBE sip:105@195.114.114.2:5060 SIP/2.0
    Via: SIP/2.0/UDP 195.114.114.103:5077;rport=5077;branch=z9hG4bKPjS5ib.g7IgBaXS7IEgp8kf0lPXGmxYzwy
    Max-Forwards: 70
    Route: <sip:195.114.114.2:5060;lr>
    Contact: "ls"<sip:105@195.114.114.103:5077;ob>
    To: "ls"<sip:105@195.114.114.2:5060>
    From: "ls"<sip:105@195.114.114.2:5060>;tag=6YtYH3LbZSlXBwBRA7FHQ3mJKk8k1pNT
    Call-ID: wvrd7WpHXBFuFfqmX09PJUqzY8lDi3zL
    CSeq: 7391 SUBSCRIBE
    Expires: 3600
    Accept: application/simple-message-summary
    Proxy-Authorization: Digest username="105",realm="3CXPhoneSystem",nonce="414d535c081a6d0066:daa2ce679d38003dbfac7605341141d4",uri="sip:105@195.114.114.2:5060",response="4ab6280fd1e9c0e8665558694fea7a95",algorithm=MD5
    Supported: replaces, 100rel, timer, norefersub
    User-Agent: 3CXPhone for iPhone 3.0.41
    Event: message-summary
    Allow-Events: presence, message-summary, refer
    Content-Length: 0

    As you can see an attempt to connect is made from phone on IP 195.114.114.103 to Server on IP 195.114.114.2 which are on the same subnet.

    Any other Ideas?
    Thanks in Advance.
     
  5. CentrexJ

    CentrexJ Member

    Joined:
    May 5, 2009
    Messages:
    385
    Likes Received:
    52
    In 3CX Management Console, "Extensions", check each extensions configuration under "Phone Provisioning" and check and see if the "select interface" properly shows the IP address of the 3CX phone system and not blank or the IP of the VPN connection you mentioned. This tells 3CX which interface to expect the phone to register against and I'm pretty sure this is blank or incorrect.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. fcbg

    Joined:
    Aug 10, 2013
    Messages:
    4
    Likes Received:
    0
    Hi lifeline

    I have checked this setting for all extensions and they all show the correct IP of the Server. Previously this setting had the option of the Server NIC IP or the server VPN IP but since I have removed the VPN there is only the one IP address available to select (195.114.114.2)

    I have also tried creating a brand new extension with all defaults selected but it does not work.

    Thanks for the suggestions.
     
  7. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,061
    Likes Received:
    56
    Well, my final thought on the matter is that you have selected a WAN (public IP range) address range to be your internal LAN. My guess is that 3CX has coded the software such that for a local port it is expecting to see an IPV4 private network address on the LAN side - 192.168.x.x or 10.x.x.x or 172.16.0.0 - 172.31.255.255.

    My suggestion is to reset the IP in one phone and the 3CX system and see if it works correctly then. If so, then that would seem to confirm my thought and you can then react accordingly.
     
  8. fcbg

    Joined:
    Aug 10, 2013
    Messages:
    4
    Likes Received:
    0
    Hi lneblett

    Well Done! You nailed it!

    Thanks for the suggestion, I had never really thought about the IP being in the Public Range but it made perfect sense so I changed the network into a private range and now the system works as it should.

    I deleted the old profiles on the phones and they auto provisioned First go.

    Thank you once again for taking the time to reply.

    Cheers
     
  9. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,061
    Likes Received:
    56
    Great. Glad I could help.
     
Thread Status:
Not open for further replies.