mikec Posted November 27, 2012 Report Share Posted November 27, 2012 Hi all - im sure youve seen it before but im still having issues...hope someone can help We have a SnomONE with 760 handsets - all behind NAT SG-560 firewall, all working ok... adding a remote user to contact the PBX... so all ports opened on firewall, SIP registers ok, no audio - ah hah i thought!...'ill just add me 192.168.4.0/255.255.255.0/192.168.4.100 0.0.0.0/0.0.0.0/(my external public ip)' in the route replacement section on the admin and great - external calls all working.... ...but.. it seems also all internal calls are going via the internet as calls between extentions are dropping /jutter am i best to put this pbx on a DMZ? thanks Quote Link to comment Share on other sites More sharing options...
Vodia support Posted November 27, 2012 Report Share Posted November 27, 2012 Well.. if you use the DMZ you might want to start adding all of the remote users IP address and internal IP as well and then lock the key by adding 0.0.0.0 for more info check access list. http://wiki.snomone.com/index.php?title=Access_List Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted November 27, 2012 Report Share Posted November 27, 2012 I would just use TLS... Firewalls are a pain in the neck when they are seeing SIP traffic and want to do everyone a favor by mangling the SDP content! Quote Link to comment Share on other sites More sharing options...
mikec Posted November 28, 2012 Author Report Share Posted November 28, 2012 thanks for the update chaps.... as far as i can tell we are using TLS - the outbound proxy on the 760 is : sip:pbx.domainname.com:5061;transport=tls so thought it would work. Also i setup the internal DNS server (windows 2008) to point pbx.domainnam.com to resolve to 192.168.4.100 (our SnomOne), the name also resolves externaly to the firewall but intrestingly when i cot a PCAP from the external user i see that the SIP is going to the correct location but RTP traffic is trying to go to 192.168.4.100 which i guess where its failing? any other thoughts?? thanks again Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted November 29, 2012 Report Share Posted November 29, 2012 192.168.4.100 for RTP sounds right to me... Typo? Quote Link to comment Share on other sites More sharing options...
mikec Posted December 3, 2012 Author Report Share Posted December 3, 2012 192.168.4.100 for RTP sounds right to me... Typo? ...not sure (not a typo), as this is an external phone would i not see the external IP address (like the sip traffic?) Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted December 3, 2012 Report Share Posted December 3, 2012 Typo or not, I am not a big fan of the split-brain DNS setup because it is confusing. I would use one DNS entry for the internal address and another one for external. Ah, and please use PnP. Manual setup, including DNS outbound proxy, is usually just causing unnecessary headaches. The PnP automatically figures out what IP address to present. Quote Link to comment Share on other sites More sharing options...
mikec Posted December 3, 2012 Author Report Share Posted December 3, 2012 Typo or not, I am not a big fan of the split-brain DNS setup because it is confusing. I would use one DNS entry for the internal address and another one for external. Ah, and please use PnP. Manual setup, including DNS outbound proxy, is usually just causing unnecessary headaches. The PnP automatically figures out what IP address to present. thanks for your time on this! , not sure where i find the outbound DNS proxy.... thanks again i feel like this install given to us is a friday pm job 1/2 done Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted December 4, 2012 Report Share Posted December 4, 2012 The point is: Don't use DNS as outbound proxy. Use DNS only for provisioning the phones, so that it points to the PBX IP address. Then the PBX should figure out what IP address to present to the phone which is being provisioned. If you set up the phones manually, try to use IP addresses; at least to see if that solves the problem or we have a more fundamental problem with the routing. Quote Link to comment Share on other sites More sharing options...
mikec Posted December 11, 2012 Author Report Share Posted December 11, 2012 The point is: Don't use DNS as outbound proxy. Use DNS only for provisioning the phones, so that it points to the PBX IP address. Then the PBX should figure out what IP address to present to the phone which is being provisioned. If you set up the phones manually, try to use IP addresses; at least to see if that solves the problem or we have a more fundamental problem with the routing. many thanks for help! this all seems to be good, looks like a mix of dns resolving incorrectly by server. added it correctly to the server (the phones dns server)so it resolved internally. added the routing replacment IP as per the wiki and away it goes many thanks!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.