I've been reading this forum for over the past 4 years and have gained a wealth of knowledge. - Thanks to all! I don't post very often but I've just ran into a problem/condition that I simply can't figure out. - Hopefully some kind soul will help me. I've got an Asterisk server in a lab environment on my home LAN. - The LAN is "talking" to the Internet via a Linksys WRTG-54 router connected to my cable-modem. - On the home LAN, I've also got a couple of Cisco phones (7940's) and they work fine talking back and forth with each other via Asterisk. In fact, I've also got a Broadvoice account with a 7960 logged in all the time and it works fine. So I know SIP works through my router. On the router, I've turned on "DMZ" to point to my Asterisk box's static IP address. My home (real world) IP address is static. The Problem: When I grab one of my Cisco 7940's and take it to my office, it does not "see" or "register" with my home Asterisk server after I change it's proxy to point to my home IP address. Any Ideas? - Is this a router issue (sure seems like it)? - Much thanks in advance. Gary G.
Steve Totaro
2009-Feb-28 15:23 UTC
[asterisk-users] Remote connection to an Asterisk server
On Sat, Feb 28, 2009 at 9:53 AM, Gary <gary at guthary.com> wrote:> I've been reading this forum for over the past 4 years and have gained a > wealth of knowledge. - Thanks to all! > > I don't post very often but I've just ran into a problem/condition that I > simply can't figure out. - Hopefully some kind soul will help me. > > I've got an Asterisk server in a lab environment on my home LAN. - The LAN > is "talking" to the Internet via a Linksys WRTG-54 router connected to my > cable-modem. - On the home LAN, I've also got a couple of Cisco phones > (7940's) and they work fine talking back and forth with each other via > Asterisk. > > In fact, I've also got a Broadvoice account with a 7960 logged in all the > time and it works fine. So I know SIP works through my router. > > On the router, I've turned on "DMZ" to point to my Asterisk box's static IP > address. > > My home (real world) IP address is static. > > The Problem: When I grab one of my Cisco 7940's and take it to my office, > it does not "see" or "register" with my home Asterisk server after I change > it's proxy to point to my home IP address. > > Any Ideas? - Is this a router issue (sure seems like it)? - Much thanks in > advance. > > Gary G. > >I suggest using port forwarding instead of DMZ. I have seen this issue before, where DMZ would not work. It is also more secure to just open the required ports. Some more thoughts. Set externip in sip.conf. Set all phones to nat=yes, "it just works" whether the phone is NATed or not (and is more secure). Get on the Asterisk CLI and turn of sip debugging and post some output if you are still having problems. -- Thanks, Steve Totaro +18887771888 (Toll Free) +12409381212 (Cell) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090228/1cfcfb8c/attachment.htm
Gary wrote:> > On the router, I've turned on "DMZ" to point to my Asterisk box's static IP > address. > > My home (real world) IP address is static. > > The Problem: When I grab one of my Cisco 7940's and take it to my office, > it does not "see" or "register" with my home Asterisk server after I change > it's proxy to point to my home IP address. > > Any Ideas? - Is this a router issue (sure seems like it)? - Much thanks in > advance. >My first thought is that your office network is probably also behind router with NAT. Though you __may__ be able to get the SIP from your office to your home IP, does the reverse also work? You set your home router to forward SIP packets to your * server. Does your office network forward SIP packets to your phone? If you are in charge of the office network, perhaps you can set that up, if not, it may be more difficult. There is also the issue of a firewall that the office network probably has setup so that all SIP traffic is blocked, both inbound and outbound. If your desire to place your personal phone on your office desk is a company sanctioned project, you could possibly get these issues addressed by whomever is in control of the office network. If not, chances are you may be out of luck. BTW: Does the 'DMZ' setting on your home router/firewall forward all incoming traffic to that address or just specific ports? Unless you have hardened your Asterisk server, that would make me a bit nervous. I would recommend against that and instead use 'forwarding' of the SIP traffic on UDP port 5060. This will limit your exposure. But, keep in mind good ID and passwords on the SIP connection because you may end up with a very large telephone bill if not careful. In such a case, iptables can be your best friend. Dale