Sota Solutions Posted April 9, 2008 Report Share Posted April 9, 2008 Has anyone had any experience of setting up phones behind a CISCO PIX. We have 2 x SNOM phones at a customer location, behind a CISCO PIX firewall, registering to a hosted PBX. The SNOM phones are registering successfully, however in the phone log the phones register every 1800 seconds instead of the usual 15 secs on working phones. [2]9/4/2008 09:56:46: Registered at registrar as 3551@pbx.domain.co.uk (Expires: 1800 secs) This is typical where the phone is behind a device with a SIP ALG, and usually disabling the SIP ALG solves this. We have tried the following command on the PIX no ip nat service sip but continue to have problems with incoming calls. So if anyone has any experience/suggestions they would be gratefully recieved! Thanks Tim Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 10, 2008 Report Share Posted April 10, 2008 That is probably because the firewall is SIP-aware. Sometimes the firewall wants to help, but just makes things worse. You can bypass the firewall using TLS (well, if that's okay with your security guidelines). Or just turn that part of the firewall off (actually, in this case the help is not needed). Quote Link to comment Share on other sites More sharing options...
Sota Solutions Posted April 11, 2008 Author Report Share Posted April 11, 2008 Yes the CISCO does seem to be altering the SIP REGISTER packets, there seems to be SIP fixup enabled in the CISCO config fixup protocol sip 5060 fixup protocol sip udp 5060 Disabling these has not made a difference though, however we have been able to get incoming calls working by reducing the "Maximum Registration Time" to 1 minute. Whether this is advisable or not as a long term solution though I'm not sure! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.