SIP trunk is a private IP address

Discussion in '3CX Phone System - General' started by shadjimichael, Dec 8, 2014.

Thread Status:
Not open for further replies.
  1. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    Hello,

    Our currently configuration of 3CX phone system with our ISP is working fine. Our manager has decided to change our ISP.
    So with our current ISP provide us with two public IPs , one for the Internet and the other for the SIP trunk, everything is working fine.
    However, our new ISP will provide us with one public IP for the internet and a private IP for the SIP trunk.

    My main concern is with the the remote phones (on laptops and mobiles). I don’t understand how it will be able to connect with our SIP server since we will be use Private IP instead of Public IP.

    I tried to make a test with our current infrastructure by creating a port forwarding of MIP the Internet Public IP point to private IP of our 3CX server so the remote phones will be using the Internet Public IP to setup a connection with our SIP trunk server.
    So, my 3CX phone for Windows has been connected successfully (ON HOOK) but The issue I came across is that from my 3CX windows phone I can receive calls but I cannot make calls with error message FORBIDDEN.

    Please i will really appreciate your help. I don't know if the above scenario is the correct way of configure your infrastructure when using a Private IP on SIP trunk.

    Thank you very much for your time.
     
  2. pj3cx

    pj3cx Active Member

    Joined:
    Aug 1, 2013
    Messages:
    645
    Likes Received:
    1
    Hi there,
    The real problem to investigate here is the FORBIDDEN error you are getting on outbound calls.
    This is usually caused by wrong Local SIP Domain in Settings / Advanced.
    Ensure you have in this field the public IP of PBX or public FQDN, matching the one used by phones to register on PBX.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    Hello,

    First of all thank you for your response.

    I tried it but didn't work.

    I am still wondering , if my test scenario is the correct way by doing a port forwarding in the firewall But since my 3CX windows phone is connected , then i guess that my test scenario is seems to be working.

    Today after working hours, I will do a firewall checker. In the meantime if you have any suggestions I will be grateful
     
  4. pj3cx

    pj3cx Active Member

    Joined:
    Aug 1, 2013
    Messages:
    645
    Likes Received:
    1
    Are you a 3CX partner? if so we can look further through support ticket.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    No , I am not.
    I have support and maintenance from a 3CX partner but until now we are still searching for the solution
     
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    Could you provide a copy of the 3CX log showing an outbound call origination, up to the point of failure. You can X out part of any public IP address.
     
  7. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    09-Dec-2014 09:49:14.250 [CM504001]: Endpoint Extn:xxx: new contact is registered. Contact(s): [sip:xxx@192.x.x.x:5062 / xxx,sip:xxx@Puplic IP of internet:2486 / xxx]
    09-Dec-2014 09:49:14.138 [CM504002]: Endpoint Extn:xxx: a contact is unregistered. Contact(s): [sip:xxx@192.x.x.x:5062 / xxx]
    09-Dec-2014 09:49:13.810 [CM504001]: Endpoint Extn:xxx: new contact is registered. Contact(s): [sip:xxx@192.x.x.x:5062 / xxx,sip:xxx@Public IP of Internet:1561 / xxx]
    09-Dec-2014 09:48:54.153 [CM504002]: Endpoint Extn:xxx: a contact is unregistered. Contact(s): [sip:X1@192.x.x.x:5062 / xxx]
     
  8. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    I think my test scenario cannot be work with the current configuration on my 3CX phone system.
    Because I am using the Public IP of Internet and MIP it to the private IP of 3CX server BUT in the 3CX console in Settings -> Phone Provisioning -> External/Public IP Address is the Public IP of SIP trunk.
    So i guess if i change it to the public IP of Internet , it would be work ?

    I will test it after working hours because I don't want to interrupt the remote users.

    ps. I am new in 3CX and firewall configurations so I appreciate your understanding.
     
  9. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    I changed the External/Public IP Address of 3CX phone provisioning but the issue still exists :(
     
  10. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    Perhaps you can clarify this for me as I'm not certain as to how this is working.

    Does your new ISP also provide the SIP trunking? If so, is it that their server address is a private IP?

    In many set-ups it is... (Public IP)--> (router/firewall)--> private IPs 192.168,XXX.XXX etc --> 3CX server/local SIP devices

    How is your VoIP provider configured? they should have provided a server address IP or Domain name/port, User name and password. Is this where the private IP comes in?
     
  11. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    My current set up is as you mentioned.

    just to clarify that with our current ISP, we have public IP for the SIP trunk service , my remote extension is working fine.
    but the new ISP , for the SIP Trunk service they will provide me with a /28 Private IP subnet. The first usable IP of the subnet will be on their router and the second usable will go on my Firewall.

    So with my local IP phones I will not have any issue but my concern is with the remote phones.
    what i will have to do to establish the connection since the IP for the SIP trunk service will be a private IP and not public IP ?

    The ISP engineer suggest me to use the second NIC of 3CX server (is a physical server so it has two NIC) for the remote phones connection to 3CX via tunnel protocol. NIC 2 will have default gateway to be accessible to the internet. NIC 1 will only have 2 static routes for ISP SIP Proxy and media. NIC 1 IP will not have reverse path back to internet via the SIP trunk connection that ISP will provide. This is a managed dedicated connection for the SIP trunk only.

    so since I am a little bit confuse with what he suggested me. I tried to do the above scenario with the way I mentioned on my first post. But since my test scenario is not working, I will try what he suggest me.
    I will add an additional private IP on my 3CX server 192.168,XXX.XXX , and I will do a port forwarding by mapping an internet public ip to the second private IP of 3CX server.
    then assign the internet publi IP to the remote phones.
    Do you think that this is possible to work for my remote phones ?

    Sorry but since I don’t have experience with SIP trunk, I have confused how things will be working with Private IP instead of Public IP for SIP trunk service
     
  12. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    Still not entirely clear on why your provider is doing things this way, if I even understand the whole set-up correctly.

    If you currently have a public IP to a router with the proper ports forwarded to the private IP of the 3CX server, then I don't see a reason why any remote extensions would not register. That scenario should be no different from any (most) standard 3CX installations.

    I'm assuming that the private IP that your provider has given you, to register the SIP trunks to, does not come from some on-site "box", but you simply use the same Ethernet connection as the public IP? If that is the case, then, if you can use the second NIC set to the same subnet as the Providers private IP...connect it to a switch placed in front of your router...perhaps.

    Just a thought...
    If the provider requires that you have a device set with an IP in the same subnet, then I'm wondering if a second router (DHCP disabled) given a fixed WAN IP would work. So...internet to switch, then split to two routers. One with the public IP and a second with a fixed private IP. on the LAN side, one could be 192.168.1.XXX and the second 192.168.3.XXX with the 3CX server subnet set as 255.255.0.0 to allow traffic to either.
     
  13. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    I decide to proceed with VPN connection using PPTP.
    Since the IP for SIP trunk service is not a public , I will let my users to establish PPTP connection and then connect to the local IP of 3CX server
     
  14. shadjimichael

    Joined:
    Dec 8, 2014
    Messages:
    13
    Likes Received:
    0
    I decide to proceed with VPN connection using PPTP.
    Since the IP for SIP trunk service is not a public , I will let my users to establish PPTP connection and then connect to the local IP of 3CX server
     
Thread Status:
Not open for further replies.