TMG 2010 + 3CX + DIDs

Discussion in '3CX Phone System - General' started by wes1007, Mar 7, 2016.

Thread Status:
Not open for further replies.
  1. wes1007

    Joined:
    Aug 15, 2013
    Messages:
    16
    Likes Received:
    0
    Hi all.

    I've been trying to get 3cx to work for incoming calls on our DIDs with our trunk provider. most of the kinks are sorted out except for one.

    I can make outgoing calls fine. I get audio on both ends. On my incoming calls however I only get audio from the callee (outside) and the audio on our internal phones(connected to a local 3cx PBX) does not get sent out. IE if someone phones me I can hear them - they cant hear me.

    I have narrowed it down to the way TMG deals with sip/rtp. it seems to be randomizing the outgoing port.

    I was wondering if we could use the 3cx SBC on our DMZ network to tunnel the trunk through to our internal 3cx PBX. not only would this be more secure (as the internet would never actually see our internal network or PBX) but it would also solve the problem with other firewall solutions that have a similar problem (ISA and sonic wall I'm looking at you!)

    Any help would be greatly appreciated.
     
  2. 12494

    12494 Member

    Joined:
    Apr 16, 2010
    Messages:
    281
    Likes Received:
    20
    Do you pass the Firewall Checker?

    Port randomization will be a problem. Do you have SIP ALG disabled?

    The 3CX SBC is designed to talk from a remote location to the host pbx lan. I don't think there is any way to use it at the host network.

    Allen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. wes1007

    Joined:
    Aug 15, 2013
    Messages:
    16
    Likes Received:
    0
    Not 100% sure where I can disable that on TMG. I've look in most of the settings and haven't seen anything.

    RTP ports dont seem to have any filtering set on them. and this seems to be where the problem is.
     
  4. 12494

    12494 Member

    Joined:
    Apr 16, 2010
    Messages:
    281
    Likes Received:
    20
    Do you pass the Firewall Checker?

    Allen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. wes1007

    Joined:
    Aug 15, 2013
    Messages:
    16
    Likes Received:
    0
    It fails. Interestingly the 3cx tunnel works fine.
    Code:
    Testing SIP Port 5060 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (5060) does not match external port number (34010)
    
    Testing Tunnel Port 5090 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (5090) does not match external port number (37336)
    
    Testing External Audio RTP Port 9000 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (9000) does not match external port number (17312)
    
    Testing External Audio RTP Port 9001 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (9001) does not match external port number (16809)
    
    Testing External Audio RTP Port 9002 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (9002) does not match external port number (13972)
    
    Testing External Audio RTP Port 9003 using STUN server: stun.3cx.com:3478
    Resolving STUN server stun.3cx.com ... Resolved to: [198.50.247.220]
    [Test1] Reachability test ... FAILED.
    Internal port number (9003) does not match external port number (37205)
    
     
Thread Status:
Not open for further replies.