External IP phone, one-way connection

Discussion in 'Windows' started by Baphijmm, Jun 2, 2012.

Thread Status:
Not open for further replies.
  1. Baphijmm

    Joined:
    Jun 2, 2012
    Messages:
    6
    Likes Received:
    0
    We started using 3CX in our office in the past week in the hopes of replacing our old system; at the moment we have it mostly working, but we're having difficulty with two of our phones.

    These phones are outside our network behind another network's firewall. (This is a m0n0wall system on both their and our end.) They are registering just fine with the PBX box and calls can be made from them to the other extensions, but not the other way around. Every attempt thereof provides us with a 408: Request Timeout error.

    All ports are open to the two phones on the opposing firewall, and we have tested with all ports open to the 3CX box through our firewall; this has not solved the problem. We've been able to connect another external phone to our system that is also behind a firewall with no problems, though it is a very different model; the two phones in question are Grandstream BT-200 models. As all IP addresses involved are static and communicated to the outside world with properly-mapped ports, no STUN servers are being used; everything has been manually entered. When we tried using STUN servers, everything behaved in the exact same manner. The phones can very easily be accessed via HTML from our end, so it's not a sudden loss of communication either. We've tried providing audio through the PBX, but this doesn't change the situation either.

    Any tips in the correct direction would be greatly appreciated.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,767
    Likes Received:
    286
    This is one of the most common problems.

    Check the 3CX logs to see how the remote set is registering when first powered up. It should show the remote PUBLIC IP and the phones port number. If it shows a private IP, then it might be a STUN issue (setting in the phone). If you are using more than one set at the remote location you have to be sure to assign each a unique ports number (this is the port 3CX contacts the set on). One set can use 5060, the second 5061...etc.

    In some cases. it may be the router (make/model/settings), or firewall that the sets are behind, some do not "play well" with SIP.

    The router at the remote location should not require any port forwarding.

    If you are planning on using more than a couple of sets at one remote location, consider using the 3CX Proxy Manager, it would probably save you some grief.
     
  3. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,325
    Likes Received:
    253
    Would be helpful if they had a Mac version of the tunnel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Baphijmm

    Joined:
    Jun 2, 2012
    Messages:
    6
    Likes Received:
    0
    The registration is showing the phone's public IP and port number. The phones having individual SIP ports is not the solution, as with just one of the two registered, it responds in the exact same manner. I doubt it's the firewall, as they can very easily reach us via their phones using just our extensions, meaning there is a working connection; we just can't reach them. When we call their phones, they hear the phones ring, but the request times out on our end and they can't hear any further audio. The proxy server will not work with our firewalls because of the way it functions on the receiving end; we've already attempted this. We've got an additional external phone working from an associate to test things, and this phone is capable of connections in either direction; there are no different (relevant) settings involved. We'd had these phones working with a previous PBX server, so I know it's not the firewalls "not playing well" with SIP.
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,767
    Likes Received:
    286
    Now you are making an assumption, that fact that you can't reach them points to a configuration or firewall issue.

    That fact that you are having issues/compatibility problems, with a firewall raises red flags.

    So...this set (working)is behind the same router/firewall, or at a different location?

    Again, an assumption, that you have yet to confirm. When you convince yourself that the router/firewall could not possibly be causing a problem, then you close your mind to , what could be the solution. You may need to try using the set(s) at a different location, perhaps from behind a simple home router.

    The fact is, in the current set-up, the SIP packets are not reaching the remote sets, for some reason. They are either being misdirected, or blocked.
     
  6. Baphijmm

    Joined:
    Jun 2, 2012
    Messages:
    6
    Likes Received:
    0
    The reason I say that this is unlikely to be a firewall issue is that at the moment, with the way things are presently set up, the firewall might as well not exist for the parties involved and we are still having this problem. Yes, I am making an assumption, and that assumption is based on how our network is presently configured. I'm not sure I would call this a compatibility problem; rather, the problem with the proxy server existed because in order to use it the PBX box apparently needs to be able to speak to its own external address according to our network monitor, which is not possible with our firewall.

    I am not 100% ruling out the firewall; if there is convincing evidence that it is the issue (i.e., if there is something brought forth that seems like a viable solution instead of telling me what I already tried), then absolutely, that is the issue. Fact of the matter is, right now I have no idea what's actually causing our problem. Any solution will be considered (and thus far has), but don't take offense when I say that said solution didn't work.
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,767
    Likes Received:
    286
    A process of elimination is one of the best trouble shooting methods, and, the easiest, if you have access to another network (perhaps your home?). Trying the set behind a simple router with no "extra" corporate firewall would be a very easy way of determining if your present environment is the cause of your problems.
     
Thread Status:
Not open for further replies.