I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX but I cannot work out which ports I need to open up on my firewall. I have opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off all access lists on the firewall. I have searched all the Asterisk documentation but cannot find the answer. Any help will be greatly appreciated. Simon Brown ----- This mail was content checked for malicious code and viruses by GFI MailSecurity.
> I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX > but I cannot work out which ports I need to open up on my firewall. I have > opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off > all access lists on the firewall. > > I have searched all the Asterisk documentation but cannot find the answer.Depends on how you've set up asterisk... using iax: open udp 5036 using iax2: open udp 4569 (most common) (not sure whether iax or iax2, open both) using sip: need more info... a. sip uses udp 5060 to set up a call, and, b. other udp ports (generally above 16,000) to transport the voice (rtp protocol). Both a and b are required for sip phones to function. The sip protocol is used to negotiate the rtp ports. Some firewalls are aware of the sip protocol and will monitor that port negotiation while other firewalls do not. It's my understanding (although possibley incorrect) that certain versions of PIX do monitor the sip protocol; don't have a clue which versions though. Depending upon whether asterisk is behind the firewall, or a sip phone is behind it (or both), the parameters needed within the sip.conf file can be a little tough to get right. The exact parameters are pretty much dependent upon your exact implementation, and a packet sniffer (ethereal) can be a big help. Iax and iax2 are very straight-forward and easy to implement since they use the same port number in both directions. Even the cheapest firewalls can usually handle that.
On Mon, 2004-03-22 at 20:42, Simon Brown wrote:> I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX > but I cannot work out which ports I need to open up on my firewall. I have > opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off > all access lists on the firewall.4569 is IAX2, 5036 is IAX, 5060 is SIP Signaling. Remember these are all UDP. Looks at the logs from your Cisco, they will tell you exactly which packets are being blocked. Assuming you put deny "ip any any log" at the end of your access list (having the router log to a syslog server somewhere is also helpful. -- Useful Asterisk Docs (BOOKMARK THEM!): http://www.digium.com/index.php?menu=documentation (look at the "Unofficial Links") and http://www.voip-info.org/wiki-Asterisk and http://www.fnords.org/~eric/asterisk/ (my site) and http://asteriskdocs.org/
I have found the problem and it is now working. I did not have my access list specified correctly. Thanks for the help from those who responded. Simon Brown -----Original Message----- From: Simon Brown Sent: Tuesday, 23 March 2004 13:42 To: 'asterisk-users@lists.digium.com' Subject: Asterisk behind firewall and IAX I have my Asterisk server behind a Cisco firewall. I am trying to set up IAX but I cannot work out which ports I need to open up on my firewall. I have opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off all access lists on the firewall. I have searched all the Asterisk documentation but cannot find the answer. Any help will be greatly appreciated. Simon Brown ----- This mail was content checked for malicious code and viruses by GFI MailSecurity.