Scott Wolfe
2005-Apr-02 17:03 UTC
[Asterisk-Users] xlite regestration fails but calls to thru
While on my network I can register ok with xlite but outside my firewall my Xlite says that regestraion has failed but I am still able to make calls through it. I have opened ports: 5060 udp/tcp and 10000-20000 udp/tcp is there another port Xlite needs for proper regestration? Is is this a network configuation error on Astrisks part? My Asterisk server is running a IP of 10.0.1.x and my Cisco firewall is passing the public IP address to it from the outside. Thanks for any advice. -Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050402/590a14e3/attachment.htm
Robert Keller
2005-Apr-02 17:12 UTC
[Asterisk-Users] xlite registration fails but calls to thru
Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14380 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050402/67120760/attachment.jpeg
Scott Wolfe
2005-Apr-02 17:21 UTC
[Asterisk-Users] xlite registration fails but calls to thru
Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 14380 bytes Desc: not available Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20050402/e04f3d4e/attachment.jpeg
Rich Adamson
2005-Apr-03 06:21 UTC
[Asterisk-Users] xlite regestration fails but calls to thru
> While on my network I can register ok with xlite but outside my firewall my Xlite says thatregestraion has failed but I am still able to make calls> through it. I have opened ports: 5060 udp/tcp and 10000-20000 udp/tcp is there another portXlite needs for proper regestration? Is is this a> network configuation error on Astrisks part? My Asterisk server is running a IP of 10.0.1.xand my Cisco firewall is passing the public IP> address to it from the outside.Registration should occur across udp 5060 only. I don't use a cisco pix, but I believe their is a config command like "sip fixup" (or something like that). Supposedly, the pix will look inside the sip packets and watch for the rtp port negotiation, and then open those udp ports as appropriate. You might check the pix documentation to see exactly how the sip fixup is to be used/defined. In asterisk, you might need "nat=yes" for the external use of xlite. To get more detail as to why the registration is happening correctly, you might want to try "sip debug" and pay attention to IP addresses, error messages, etc.
Alex Vishnev
2005-Apr-03 07:37 UTC
[Asterisk-Users] xlite regestration fails but calls to thru
Scott, First, you need to get the most recent os for the pix, otherwise you will have a lot of problems with udp packets and translations (including bad checksum on your udp packets). I am running both pix515 and pix501 without a problem with sip and h323. you don't need to open any ports on the pix, because the firewall is an ALG( Application layer gateway). If you have fixup sip enabled on the firewall (there by default), all packets entering port 5060 is examined and rtp ports are open dynamically as needed. The same is true for trusted calls (from inside interface) and untrusted calls (from outside, dmz interfaces). You will need to perform "conduit permit" commands on the public ip address of Asterisk to allow traffic from untrusted outside interface to come to trusted inside interface on port 5060 with both tcp and udp(all traffic is disabled by default). Please check on the exact syntax of "conduit" permit with cisco docs. I don't believe you will need to perform this for each RTP port, that should be done automatically by pix ALG. Hope this helps Alex _____ From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Scott Wolfe Sent: Saturday, April 02, 2005 7:03 PM To: Asterisk-Users@lists.digium.com Subject: [Asterisk-Users] xlite regestration fails but calls to thru While on my network I can register ok with xlite but outside my firewall my Xlite says that regestraion has failed but I am still able to make calls through it. I have opened ports: 5060 udp/tcp and 10000-20000 udp/tcp is there another port Xlite needs for proper regestration? Is is this a network configuation error on Astrisks part? My Asterisk server is running a IP of 10.0.1.x and my Cisco firewall is passing the public IP address to it from the outside. Thanks for any advice. -Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050403/31bd9dfd/attachment.htm