Strange connection & sound issues

Discussion in '3CX Phone System - General' started by hades, Aug 19, 2010.

Thread Status:
Not open for further replies.
  1. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    Hi there

    I'm having a few problems after upgrading from 3CX Phone system 8 to 9.

    Current Setup:
    3CX Phone System 9 running on Windows Server 2008 (Win Firewall disabled)
    Firewall - Cisco ASA 5055

    From my current (Static) WAN-IP to the server all ports through the Cisco firewall are open.
    Local PC has no software firewall
    Local PC is connected to internet on a static WAN-IP via a NAT router. All outbound ports are open. NAT will allow inbound replies.

    I am trying to configure the 3CX VOIP Phone to connect to our new 3CX Phone system 9 installation. I installed the softphone from the provisioning URL sent out by the PBX (and 3CX Assistant).

    3CX Assistant connects ok with the following settings:
    Use provisioning URL: NOT CHECKED
    Local Server host/ip: our servers local IP on it's LAN
    Public server IP/host: works with both a domain name and the WAN-IP of the server
    Use Tunnel: NOT CHECKED

    If I tick to use the provisioning URL it will not connect via the tunnel!

    3CX Phone connected ok once without using the tunnel and I was able to get audio in both directions but after closing the application and opening it again it now will not connect.. I took a screen capture of the working settings before restarting the app and no settings have changed yet it now will not connect.

    3CX phone attempting to connect via the tunnel fails with "Status 408"

    I am literally tearing my hair out here... can anyone help me please?
     
  2. abc123

    abc123 Active Member

    Joined:
    Nov 9, 2009
    Messages:
    712
    Likes Received:
    1
    I am a bit confused by the set up you mention.

    Are you saying your setup is:

    Internet --> Cisco ASA -->3CX --> Nat Router --> PC with 3cx softphone and assistant?

    It sounds like the tunnel is being blocked or there are incorrect settings in the provisioning template.

    Can you Telnet on port 5090 (tunnel default port) from the PC to the 3cx? If you cannot then there is a firewall issue somewhere on the line. If you can then there is a provisioning template problem.

    If you can report back on the results we can take it from there.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    No ... we are hosting the 3CX system on a remote server in a datacenter

    So...

    Office PC running 3CX Phone/Assistant ----> NAT Router ----> Internet ---> Cisco Firewall ---> Server running 3CX Phone system 9 SP1

    Our office IP is completely open in the cisco firewall.. no ports blocked at all.

    Our NAT router is set to allow all outbound connections and I've DMZ'd the office PC in question for the moment while we get this working to ensure that there is no firewall issue.

    Neither server or office PC are running windows firewall.


    Since posting the initial question I've reinstalled the server system and I can now get a connection to it from the softphone when not using the tunnel but any attempt to dial results in a "Forbidden" error.

    When using the tunnel it continually either "disconnected by remote end" or I get a "Status 408"
     
  4. abc123

    abc123 Active Member

    Joined:
    Nov 9, 2009
    Messages:
    712
    Likes Received:
    1
    OK now i am with you.

    Firstly there is a big difference with Cisco ASAs between "no ports blocked" and "xx port allowed".

    So I would explicity open ports 5090 for the firewall, and then your ports (5060, 5090 and the external ports 9000 - 9049 is the default)

    Then i would telnet from the local pc to the 3cx on port 5060 and 5090. That will make sure you can connect.

    Then we can try calls after that.

    Have you also run the firewall checker on the 3cx?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    I have access to open individual ports for either TCP or UDP etc

    OR

    I can set an "IP Allow" rule which allows all ports to and from the specified IP.

    I have the latter configured for my office IP to allow traffic on any port between my office IP and my server running 3cx.

    Note, I have it connecting now but get forbidden when trying to call voicemail.
    That is without the tunnel

    With the tunnel I keep getting "disconnected by remote end"

    All I can find about that on these forums is that it means the tunnel passwods don't match but I've triple checked them and they do.
     
  6. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    Ok, after a full reinstall here's where we stand

    At the office we can connect and get audio in both directions without the tunnel.

    Had to install the "Desktop Experience" on the server to get it to play mp3's but it works.

    CANNOT get audio between extensions in the office - probably that we are not using tunnel
    CANNOT connect via tunnel from anywhere - status 408
    CANNOT get audio from other external extensions not in the office (even if they have a firewall rule set to allow all ports for their IP like the office does)

    Ideally I'd like to get the tunnel working for all extensions.

    Currently I get the following:

    Code:
    Translation file OK
    Attempting to connect <IP & PORT REMOVED>
    Tunnel got as listening port 50855
    Tunnel got as local SIP port 50856
    Phone got as local port 50857
    Integration with 3CX Call Assistant is ON
    RTP engine OK
    SIP engine OK
    Sound mic device OK [{5BCA6EA9-8E4E-43A3-AB8C-0223AE35A9B8}]
    Sound ring device OK []
    Sound play device OK [{9C98A082-621D-4304-ACFF-0C67B54A857C}]
    Attempting to start the tunnel
    Tunnel required cfg file:C:\Users\Lee\AppData\Local\3CX VoIP Phone\3CxVoipPhone.ini
    Tunnel logfile output:C:\Users\Lee\AppData\Local\3CX VoIP Phone\Logs
    Tunnel logging: off
    Tunnel connection created OK
    Tunnel started
    Tunnel is attempting to connect remote end 123456 [<IP & PORT REMOVED>]
    Tunnel connection established
    Tunnel send from phone to PBX: REGISTER
    Tunnel received from PBX status 408
    This produces no log at all on the 3CX server end.

    I have tried thigns suggested in other posts...
    - Globally open port 3478 on server for STUN
    - Double checked that server local IP is used in tunnel field
    - Double checked tunnel password is correct

    As I understand it Status 408 is a timeout... how can the tunnel time out if I can get a connection without it?

    I'm really grateful for all the help so far... we are actually planning to buy a license within the next 12 months but we need to be 100% certain that it is going to work and be easy enough to add new soft-phone extensions to as we grow and getting these problems sorted out will go a long way towards ensuring that.
     
  7. Vali_3CX

    Vali_3CX Well-Known Member
    Staff Member 3CX Support

    Joined:
    Dec 12, 2008
    Messages:
    1,502
    Likes Received:
    69
    Hi
    This sequence

    means that on remote side tunnel service is started but it cannot "talk" with the PBX. Most probably, the reason is 3CXphone's "Local IP of remote PBX" is not properly specified - it should be the valid IP of PBX in its own internal network (such as 127.0.0.1). For instance, if you specify this as 127.15.22.2 (invalid one) you will get the same behavior as you described.

    Hope it helps. Regards
    vali
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    Our server has two internal IP addresses... one is 192.X.X.X the other is 10.X.X.X (masked for security)

    I've tried both... how it is currently uses the 192 address.. if I switch it to the 10 address I get the same.

    Even using 127.0.0.1 gives the same problem.

    Any more ideas?
     
  9. hades

    Joined:
    Oct 31, 2009
    Messages:
    33
    Likes Received:
    0
    Does anyone have any other ideas :?:

    I'm completely stumped :cry:
     
Thread Status:
Not open for further replies.