Jump to content
Vodia PBX forum
mikec

snomone external users...760 1 way audio

Recommended Posts

Hi all - im sure youve seen it before but im still having issues...hope someone can help

 

We have a SnomONE with 760 handsets - all behind NAT SG-560 firewall, all working ok...

 

adding a remote user to contact the PBX... so all ports opened on firewall, SIP registers ok, no audio - ah hah i thought!...'ill just add me 192.168.4.0/255.255.255.0/192.168.4.100 0.0.0.0/0.0.0.0/(my external public ip)' in the route replacement section on the admin and great - external calls all working....

 

...but..

 

it seems also all internal calls are going via the internet as calls between extentions are dropping /jutter

 

am i best to put this pbx on a DMZ?

 

thanks

Share this post


Link to post
Share on other sites

I would just use TLS... Firewalls are a pain in the neck when they are seeing SIP traffic and want to do everyone a favor by mangling the SDP content!

Share this post


Link to post
Share on other sites

thanks for the update chaps....

 

as far as i can tell we are using TLS - the outbound proxy on the 760 is :

sip:pbx.domainname.com:5061;transport=tls

 

so thought it would work. Also i setup the internal DNS server (windows 2008) to point pbx.domainnam.com to resolve to 192.168.4.100 (our SnomOne), the name also resolves externaly to the firewall but intrestingly when i cot a PCAP from the external user i see that the SIP is going to the correct location but RTP traffic is trying to go to 192.168.4.100 which i guess where its failing?

 

any other thoughts??

 

thanks again

Share this post


Link to post
Share on other sites

192.168.4.100 for RTP sounds right to me... Typo?

 

 

...not sure (not a typo), as this is an external phone would i not see the external IP address (like the sip traffic?)

Share this post


Link to post
Share on other sites

Typo or not, I am not a big fan of the split-brain DNS setup because it is confusing. I would use one DNS entry for the internal address and another one for external.

 

Ah, and please use PnP. Manual setup, including DNS outbound proxy, is usually just causing unnecessary headaches. The PnP automatically figures out what IP address to present.

Share this post


Link to post
Share on other sites

Typo or not, I am not a big fan of the split-brain DNS setup because it is confusing. I would use one DNS entry for the internal address and another one for external.

 

Ah, and please use PnP. Manual setup, including DNS outbound proxy, is usually just causing unnecessary headaches. The PnP automatically figures out what IP address to present.

 

 

thanks for your time on this! , not sure where i find the outbound DNS proxy.... thanks again i feel like this install given to us is a friday pm job 1/2 done

Share this post


Link to post
Share on other sites

The point is: Don't use DNS as outbound proxy. Use DNS only for provisioning the phones, so that it points to the PBX IP address. Then the PBX should figure out what IP address to present to the phone which is being provisioned.

 

If you set up the phones manually, try to use IP addresses; at least to see if that solves the problem or we have a more fundamental problem with the routing.

Share this post


Link to post
Share on other sites

The point is: Don't use DNS as outbound proxy. Use DNS only for provisioning the phones, so that it points to the PBX IP address. Then the PBX should figure out what IP address to present to the phone which is being provisioned.

 

If you set up the phones manually, try to use IP addresses; at least to see if that solves the problem or we have a more fundamental problem with the routing.

 

 

many thanks for help! this all seems to be good, looks like a mix of dns resolving incorrectly by server. added it correctly to the server (the phones dns server)so it resolved internally. added the routing replacment IP as per the wiki and away it goes

 

many thanks!!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...