external to internal problem

Discussion in '3CX Phone System - General' started by deGuile, May 3, 2007.

  1. deGuile

    Joined:
    May 3, 2007
    Messages:
    7
    Likes Received:
    0
    Hi all,

    I have ver 1.6.99 installed with linksys spa3102. Internal sip phones are working and also can receive pstn call direct to voicemail is working. External sip phones to any internal/external or routing to pstn line fails, after 1 ring, silence.
    External extensions have the external device checked in setup.
    Media server is not checked for any extension.
    Stun is enabled with 3cx.com on SJphones.

    I opened the required ports on both firewalls ( server & external sip connection), with port forwarding. I have a snippet of the server status log less the real originating external ip:

    15:33:39.343 StratLink::eek:nHangUp Call(C:1): got Hang-Up from Ext.204; reason: BYE
    15:33:36.281 CallLegImpl::eek:nConnected Established media channel for Ln:10001@SPAg3102: remote=192.168.1.121:16478; local=192.168.0.198:49154
    15:33:36.281 StratInOut::eek:nConnected Call from Ext.204 to Ln:10001@SPAg3102 is established
    15:33:36.281 CallLegImpl::eek:nConnected Established media channel for Ext.204: remote=192.168.0.198:49154; local=192.168.1.121:16478
    15:33:34.781 CallConf::eek:nIncoming Incoming call from Ext.204 to sip92025551212@80.121.222.51

    Both firewalls permit any internal ports to any external.
    I don't have ports 16478 forwarded on any firewall, but that port number appears in the spa3102 [sip menu page] rtp port range min (163840)- MAX(16482). Should that be changed to the 10000-10500 range as per the various forum posts?
    http://www.3cx.com/forums/viewtopic.php?t=1150&start=0

    Thanks
    deGuile
     
  2. Anonymous

    Anonymous Guest

    UDP Send/receive 5060 - 5062 these are your sip ports always open

    UDP send/receive 7000 - 7300 these are for your extensions ( you need to open them as you go external) If your extensions are tagged as external you need to open these.

    UPD send/receive 9000 - 9500 also for your extensions. Are used for conversations to externa parties.

    UDP send/receive 10000 - 20000 big range you can limit this but in general these work this is for your sound to pass through. Is for your sound so yep all these need to be open.

    That is part of your 10000 - 20000 range and is your RTC traffic which carriers your sound.
     
  3. archie

    archie Well-Known Member
    3CX Staff

    Joined:
    Aug 18, 2006
    Messages:
    1,309
    Likes Received:
    0
    You should just bound external extensions to media server, because, as it appears, you have no routing for UDP between 192.168.0.* and 192.168.1.* networks. So, Media Server will do the routing for you.
     
  4. archie

    archie Well-Known Member
    3CX Staff

    Joined:
    Aug 18, 2006
    Messages:
    1,309
    Likes Received:
    0
    Henk, one shouldn't open all those ports. 7000 range of ports is used by Media Server only to receive RTP/RTCP from LOCAL extensions, so that extensions should be in the network local to Media Server. 9000 range is truly used to receive from external extensions and/or VoIP providers, so they are the only range that should be opened for audio streams to come in and out. About 10000 range - I'm not aware of that range at all :) At least, PBX is not using it, for sure. Unless you set it in the configuration. But, still, default ranges for RTP/RTCP are 7000 (for local use) and 9000 (external use).
     
  5. Anonymous

    Anonymous Guest

    In the general settings it states 7000 - 7500 are for internal calls, but there is a BUT.

    These ports will be used for internal calls as calls to the PSTN via VOIP Gateways. These ports will not need to be opened on your internet facing router/firewall. If you are running a firewall on the phone system machine, you will need to open this port range as well.

    I disagree with that.

    MGCP uses a range for 10000 - 20000 now I agree with you that it is not that full range that needs to be open it only needs a sub set but that depends on the ATA you are using.

    So lets make a call/or receive a call.

    SIP MGCP 2002, 407, 2003, 100, 180, 2005 fit all within our statement and use port 5060 or what ever is configured.

    RTC MGCP 4000 opents a port on your 3cx between the range 7000 - 7500 and needs a port within the range 10000 - 20000 depending on what is configured on the ATA.

    For example the SPA's have RTP Port Min: 16384 RTP Port Max: 16482 wich will map to either 3cx 7000 - 7500 or the 9000 type range.

    Anyway
    SIP uses 2 ports in every call and these ports can sometime be randomly chosen by the system between port 1024 to 65535 in the worse case scenario.
     
  6. deGuile

    Joined:
    May 3, 2007
    Messages:
    7
    Likes Received:
    0
    There was also a port showing up in firewall logs for SJphone at port 5003.
    Essentialy things were still not working, and I found that opening up so many ports on both Firewalls would pose a security risk.

    I decided to try the MS-VPN. The only ports opened are the VPN ports.
    Now after making a vpn connection, the external sip phones work. The voice prompts work, and the voicemail works. I am also able to dial a pstn number from external but am getting the phone operator with a dialing error.
    At least it dials out. I think the SJphone is dialing the tones too fast and digits do not have time to register with the SPA3102 via 3cx.

    Thanks for all assistance
    deGuile
     

Share This Page