Public IP's, Firewalls and VoIP Phones

Discussion in '3CX Phone System - General' started by cjammer, Jun 28, 2007.

  1. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    Has any one used a VoIP phone at home to connect to a IP PBX elsewhere?

    I have tried with a hard phone and a softphone. I have set my firewall to allow inbound and outbound traffic on ports 5060, 7000-7500 and 9000-9003.
    When ever I try, I get a device time out error.

    I have something like this

    Home network to internet to internal network.

    What else and I missing?


    Cjammer
     
  2. dyntech

    dyntech New Member

    Joined:
    Mar 28, 2007
    Messages:
    160
    Likes Received:
    0
    Did you check "Device is External" in the extension setup?

    You may need a NAT policy for the home router.

    Is the IP address on the PBX server publicly accessible?

    Do you put in the correct IP address for the proxy in the phone?
     
  3. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
    for me it was easy,

    Router configure 5060 to forward to internal softphone ip.
    In the softphone, fill in a stunserver (google for public stunserver to find one in your country)
    did not need to make extension external, no need to bind to mediaserver all registers and works as a charm.
     
  4. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I have done everything listed except set the extension to external.

    I will check that and then verify everything else.

    The 3CX IP PBX server has a private IP, but the Firewall should pass the info to it Via NAT from a public IP. I did not put the IP in both places Server and Proxy.

    It sounds as if I have a series of small mistakes on my part.

    Cjammer.
     
  5. mujalli

    Joined:
    Jan 31, 2007
    Messages:
    25
    Likes Received:
    0
    Help Dakhalli

    Hi dakhalli, please could explain better step by step how did you configure your home laptop to see your 3Cx server in the office, are you using a public IP in the server?

    You said in another post that no use vpn just a port forward, i tried for many ways but no sucess...

    My 3CX server has a router IP and cannot configure my home IP phone to see it.

    thanks for any light...
     
  6. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    Still No worky

    I made the changes on the external Extension, checked my firewall at the office and checked them at home...added 5060 to be forwarded at home also. it still does not work. I am suspicious that my NA translations are not working well or I am just not working well...LOL.

    Anyone have more suggestions to try.

    Cjammer
     
  7. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
    cjammer: have you tryed a STUN server yet (xlite softphone (i use) i can put in at the sip account settings) This WILL resolve any nat related problems.

    @ mujalli:

    Server side has all correct ports (5060 etc) forwarded to the pbx box.
    also put in a local public stun server in the voip gateway settings.

    On my laptop i have downloaded the x-lite softphone (havent tryed with another yet) and added the account details i had.

    So: server: public ip of my pbx
    sip login details
    To get audio to work: STUN server adress

    Extension is bound to mediaserver but NOT set to external. All works perfectly.

    Oh i forwarded port 5060 on my home router to my laptop ipadress too.
     
  8. sittsh

    Joined:
    May 2, 2007
    Messages:
    19
    Likes Received:
    0
    your hard and soft sip phones also use an rtp port you may have to foward them at both sides as well
     
  9. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    added that one to my list, checked my NAT policy and it still wont work.

    Cjammer
     
  10. erich_richker

    Joined:
    Jun 7, 2007
    Messages:
    10
    Likes Received:
    0
    I have been able to do this. But the only way I was able too solve this issue is a publicly addressable IP on the 3cx side of things. Once I did that all my issues where resolved. I have even successfully got 2 network interfaces too work with this configuration. So all my phones on my private network could access the 3CX system local and the remote ones can access it from the public network side


    Thank You,
    Erich Richker
     
  11. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I think I am going to split this problem. I am going to put the phone on a public IP and see if it will work. From there I will at least have a Idea of which way to work the problem. I may have a problem on both ends. fixing either, but not both will give me the same problem.

    Time to think this thing thru. I am missing something simple I bet.

    Cjammer
     
  12. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
    i made a firewall faq, maybe you can check the configs again to see if you missed out any ports.
     
  13. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I brought my phone in and put it on a public address and it still does not work.

    I have another firewall I am going to try to configure and see if it may be a brand issue or a ID 10 T issue I am having. I figure it is the later. I have a call in to the Mfr to have them walk me thru it to see if I have missed anything.

    I have port 5000-5100, 7000-7500, and 9000-9003 opened and forwarded. Thats a big enough hole to drive a Trojan through.
    That should cover RTP, SIP, internal and External call ports.

    Cjammer
     
  14. dyntech

    dyntech New Member

    Joined:
    Mar 28, 2007
    Messages:
    160
    Likes Received:
    0
    What brand of routers are you dealing with? On some of them you need to specify TCP or UDP ports to forward, have you checked that?

    Just a thought.
     
  15. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
     
  16. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I have a Zywall and a Adtran Router
     
  17. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I have Adtran and Zywall Routers.

    I added the other port and still no.

    Check my default gateway on the pbx and the phone.
    Verified No Firewall on the PC was enabled
    I have STUN configured on the phone and on the PBX

    Then I told it to forward ALL UDP ports and it still wont work.

    It about time to drag out the big hammer...LOL


    Cjammer
     
  18. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
    strange very strange, you sure theres no other sw or hw firewall in between, maybe your providor is blocking certain ports, some providors do that you could check up on that.
     
  19. cjammer

    cjammer New Member

    Joined:
    Dec 21, 2006
    Messages:
    109
    Likes Received:
    0
    I am the provider, everything is local to me.

    In my last experiment the only thing between my phone and the PBX was the firewall with a public IP. the phone is on the same public subnet as the firewall/Router.
    So today I have moved the phone on the inside to see if it will ever register on the account, it does, I also down graded the firmware to resolve that registration issue (Thanks for finding that problem). The phone seems to be working. So I am fresh out of Ideas.

    There has got to be something I am missing.....

    Cjammer
     
  20. DaKhalli

    DaKhalli New Member

    Joined:
    Jun 2, 2007
    Messages:
    123
    Likes Received:
    0
    if the only thing in between you and the phone was the firewall somehow
    it HAS to be the firewall, how else you explain the registering on the lan without problems?
     

Share This Page