I'm trying to setup a Cisco ATA 186 which has a public IP address but sits behind a firewall and connects to an Asterisk server with a NAT IP address sitting behind a BSD firewall. The Cisco registers with the Asterisk server without any problems, and I can place calls without any problems and the phone on the other end rings correctly. However, I cannot hear anything through the Cisco after the connection is made. Where should I begin looking for the problem? This is the sip.conf entry for the Cisco: [6184341501] callerid="GlobalEyes" <6184341501> canreinvite=no context=from-internal dtmfmode=rfc2833 host=dynamic mailbox=xxxxx nat=yes port=5060 secret=xxx type=friend username=xxxxx allow=all
> I'm trying to setup a Cisco ATA 186 which has a public IP address but > sits behind a firewall and connects to an Asterisk server with a NAT IP > address sitting behind a BSD firewall. The Cisco registers with the > Asterisk server without any problems, and I can place calls without any > problems and the phone on the other end rings correctly. However, I > cannot hear anything through the Cisco after the connection is made. > Where should I begin looking for the problem? > > This is the sip.conf entry for the Cisco: > [6184341501] > callerid="GlobalEyes" <6184341501> > canreinvite=no > context=from-internal > dtmfmode=rfc2833 > host=dynamic > mailbox=xxxxx > nat=yes > port=5060 > secret=xxx > type=friend > username=xxxxx > allow=allYou've picked _the_ most difficult of all configurations to get working (two nat's). You will likely hear about as many opinions about that on this list as their are active list members. There is no way for anyone to truly help you with this config unless you use a packet sniffer at various points to see exactly what is happening with the rtp port numbers and ip addresses. The reason for stating that is there are far too many variations in exactly how each firewall/nat box implements the nat function, and about as many variations in terms of what you are allowed to configured on each vendor's firewall. The bottom line is that you've apparently successfully map'ed the sip udp 5060 ports, but the voice is transported on rtp ports that are dynamically selected at the time the call is set up. If you look in /etc/asterisk/rtp.conf you'll see where asterisk selects from a large range of udp ports (for the rtp session). Each phone manufacturer has chosen their own range of rtp ports, and I've not seen two vendors actually use the same range. (Some phone vendors allow you to change that range while others don't.) So, when asterisk (as one example) begins the rtp setup (for audio), it might select udp port 12345, the phone might select 23456. If the nat boxes don't allow those two ports through (or if the nat box decides to map those ports to some other ports), the rtp session will never be established. Thus no audio. Even if you told us the exact model's of nat boxes you have installed, it won't do any good unless by chance someone in this world happens to have your exact same configuration. Not likely. So, _you_ really need to use a packet sniffer on both sides of your asterisk nat box and on both sides of your ata186 nat box to "see" what each of those boxes are doing to you.
Craig Waddington
2004-Dec-08 09:03 UTC
[Asterisk-Users] Firewall traversal anomalies - AJA
It's the RTP Stream Asterisk by default uses ports UDP 10,000 to 20,000 RTP = Audio Open them on your firewall. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Andrew Aken Sent: 07 December 2004 15:21 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Firewall traversal anomalies - AJA I'm trying to setup a Cisco ATA 186 which has a public IP address but sits behind a firewall and connects to an Asterisk server with a NAT IP address sitting behind a BSD firewall. The Cisco registers with the Asterisk server without any problems, and I can place calls without any problems and the phone on the other end rings correctly. However, I cannot hear anything through the Cisco after the connection is made. Where should I begin looking for the problem? This is the sip.conf entry for the Cisco: [6184341501] callerid="GlobalEyes" <6184341501> canreinvite=no context=from-internal dtmfmode=rfc2833 host=dynamic mailbox=xxxxx nat=yes port=5060 secret=xxx type=friend username=xxxxx allow=all _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users