Separate network connection for SIP trunk

Discussion in '3CX Phone System - General' started by banditos300, Oct 11, 2017.

Thread Status:
Not open for further replies.
  1. banditos300

    Joined:
    Oct 11, 2017
    Messages:
    2
    Likes Received:
    0
    Hi!
    I would like some advice regarding configuring a second network card to handle only SIP traffic to the provider.
    Currently the PBX has a single network connection to our voice/data network and uses a common internet uplink shared with all other devices.
    I want to add a separate NIC and connect it to another LAN that has a dedicated ISP connection.
    What would be the best way to configure the system for this?
    I read the supported network configurations, but can't find the exact match for my requirements...
    Thanks
     
  2. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    [​IMG]
    Pretty close? NIC 2 is connected to the gateway or interface that connects to the VoIP networks of the ISP.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Nothing special in your configuration or requirement.
    Configure a second LAN card with IP address and mask only, without gateway and add static routing to the provider via this card.
    The IP address configured to LAN card must be expected by the provider and should be specified and used into SIP trunk settings (SDP).
    This is valid both for Windows and Linux. Please comment, if you need examples how to configure these settings.

    If address on the provider is a public one, not in the private ranges (i.e. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), you may need to add that network to localsubnets parameter in parameters settings menu, otherwise 3CX PBX will NAT the traffic on this card too. If address of the card and address of the provider are in the private address ranges, you don't need to define anything.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 sip.bg, Oct 12, 2017
    Last edited: Oct 12, 2017
  4. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,036
    Likes Received:
    153
    Purchase a router with two or more wan ports - this way you get the router to route the SIP traffic down the required ISP link

    If one ISP fails, you can configure the router to switch down another route if your SIP provider allows it (requires username and password)
     
  5. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    Depends, whether ITSP authorizes the PBX by IP address, if so, you need a second LAN card definitely, the router will not do the job (except using SIP ALG on Cisco routers / ASA, most other brands will not handle SIP ALG properly).

    In most cases where providers authorize the PBX by IP address, that address is usually a private one, available via separate connectivity to the provider, either VLAN or VPN, not through public internet.

    By the way, on Linux is quite easy to add a VLAN interface (as second LAN connection), if needed.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 sip.bg, Oct 13, 2017
    Last edited: Oct 13, 2017
  6. banditos300

    Joined:
    Oct 11, 2017
    Messages:
    2
    Likes Received:
    0
    This is what I have in mind, please let me know if it should work.

    The subnet with the phones (let's call it PHONE subnet) is 10.1.1.0/24
    PBX IP is 10.1.1.10
    Gateway is set to 10.1.1.1

    Subnet with ISP connection (let's call it ISP subnet) is 10.2.2.0/24
    PBX IP is 10.2.2.10
    As suggested no gateway on this. The actual gateway on the subnet is 10.2.2.1

    There is 1:1 NAT on ISP subnet, with PBX having a public static IP assigned.

    The ISP uses public IP for registration.

    So according to the suggestions, I just need to add a static route on the PBX to route traffic for ISP IP towards 10.2.2.1 and also make sure I have the PBX public IP configured in the SIP trunk settings.

    Am I correct?

    Thanks
     
  7. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    The LAN with your phones is 10.1.1.0/24 -- OK, the address of the PBX cannot be changed after installation of 3CX.

    On second interface to your provider, try it this way, depends which address sees the provider, either internal (10.2.2.10) or public one -- this must be specified into SDP field of the SIP trunk. NAT 1:1 may do or may not do the job, as it replaces addresses of the packets only, not the addesses in the SIP messages inside the packets. For this, if needed (test it first), you need a SIP ALG capable router (not all work properly). Depends on provider which address is important (of the packet, as result of NAT, or from SIP messages).

    If you have troubles (like one-way voice or no incoming calls or not hanging up), better put the public IP directly on the second LAN card, no gateway, define static routing to the provider and don't use the router, except as a firewall. The address of the provider or better his whole network may be defined as localsubnet in settings | parameters menu. Try it first without adding to parameters. If you still experience problems with voice or calls, add it, this will eliminate NAT. Still the public address of the second LAN card needs to be defined in SIP trunk configuration. You must restart 3CX services.

    You may wireshark the traffic, if any problems continue. Later today I can help you with Teamviewer, if necessary. Send me a private message.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.