No incoming voice - 3CX PBX behind 2 routers

Discussion in '3CX Phone System - General' started by lextar, Sep 16, 2012.

Thread Status:
Not open for further replies.
  1. lextar

    Joined:
    Aug 25, 2011
    Messages:
    3
    Likes Received:
    0
    Hi to all!
    I'm using the 3CX PBX since 2 years behind a ISP router, and it works perfectly,
    Now I added a load balance router behind the ISP router in my office network and opened all the ports needed by 3CX on the router.

    The problem is now that I can't hear the incoming voice from the phones!!
    This is the log of the firewall checker, as you can see there is a warning on the port translation.
    How can I disable the port trasnlation? I can't see no option in the routers!!

    Code:
    3CX Firewall Checker, v1.0. Copyright (C) 3CX Ltd. All rights reserved.
    
    <20:11:20>: Phase 1, checking servers connection, please wait...
    <20:11:20>: Stun Checker service is reachable. Phase 1 check passed.
    <20:11:20>: Phase 2a, Check Port Forwarding to UDP SIP port, please wait...
    <20:11:20>: UDP SIP Port is set to 5060. Response received WITH TRANSLATION 6369::5060. Phase 2a check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    
    <20:11:20>: Phase 2b. Check Port Forwarding to TCP SIP port, please wait...
    <20:11:20>: TCP SIP Port is set to 5060. Response received WITH TRANSLATION 6369::5060. Phase 2b check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    
    <20:11:20>: Phase 3. Check Port Forwarding to TCP Tunnel port, please wait...
    <20:11:20>: TCP TUNNEL Port is set to 5090. Response received WITH TRANSLATION 6401::5090. Phase 3 check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    
    <20:11:20>: Phase 4. Check Port Forwarding to RTP external port range, please wait...
    <20:11:39>: UDP RTP Port 9000. Response received WITH TRANSLATION 6433::9000. Phase 4-01 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <20:11:39>: UDP RTP Port 9001. Response received WITH TRANSLATION 6465::9001. Phase 4-02 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <20:11:39>: UDP RTP Port 9002. Response received WITH TRANSLATION 6497::9002. Phase 4-03 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <20:11:39>: UDP RTP Port 9003. Response received WITH TRANSLATION 6529::9003. Phase 4-04 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit
    I also found this problem in the 3cx log:
    Actually the router are set in this way:
    DSL router 1 (main DSL line, Static IP)-> all the ports opened to the Load balance router
    DSL router 2 (backup DSL line, dynamic IP)-> all the ports opened to the Load balance router

    Load balance router -> 3CX server (Win 2K8 enterprise) opened ports: 5060,5061,5090,5000 and the range between 9000 and 9050.
    I also set on the load balance router that the whole traffic generated by these ports should pass through DSL router 1, that has a static IP.

    How can I resolve this?
     
  2. lextar

    Joined:
    Aug 25, 2011
    Messages:
    3
    Likes Received:
    0
    I forgot to say that the load balance router I'm using is a TP-Link TL-R470T+.
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,375
    Likes Received:
    231
    Double "NATing" is going to give you a lot of headaches, some, you may not be able to get around. Is there any way to connect the new load balancing router in front of the other router, to allow it to pick up it's own public IP? Some providers allow you a couple of dynamic IP's. It requires that you are using a stand-alone modem so that you can insert a switch, then split to both routers.
     
  4. 3CXfoxhallsolutions

    3CXfoxhallsolutions New Member

    Joined:
    Sep 8, 2012
    Messages:
    211
    Likes Received:
    0
    Man! ... Not only double NAT but load balancing ... wow! You are in deep!!

    Double-NAT will kill VoIP easily just because there are too many addresses in the chain. To simplify, your device registration packets reference the local network address of the phone, and the Public IP of the system, so that a call coming in from outside knows where the system is, and the system knows what extension / device the call has to be passed to. Normally, if for some reason you have to chain routers, it is best to do it using routed IP's with NAT turned off ... in other words, with a public IP address on either side of the router.

    In regard to load-sharing ... I've never got this to work with a 3CX, again because the registration packet sent out by the 3CX will reference only one of the load-balanced DSL connections. At best you'll get traffic down only one path - but it is more usual to experience one-way audio! STUN server connects don't help because they just confuse the 3CX by giving it changing public IP addresses.

    About the only thing that I have got working is a load-balancing fail-over, where one DSL is dormant until the other fails. This needs a bit of careful configuration because regular STUN server interrogation, and short-timeout SIP Provider re-registration is required to re-align your connection to your provider to get the incoming calls back on target.

    Choose your ISP & router wisely is my advice - and go for one good quality DSL feed. Back it up with analogue or ISDN fail-over if you are nervous about loosing the DSL.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    If you opened the ports and still no voice you may want to remove the additional router and go another route if at all possible. Though I"m sure your business cannot operate without voice so I'd definitely always think twice about using SIP behind two routers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.