Adding VOIP to a legacy PBX


I have a FreePBX as well as a Mitel SX-200. The onsite FreePBX server died last week and I moved it into a Vultr cloud server (something I’ve been meaning to do for a while anyway). I have an Adtran TA924e (2nd Gen) that I have been using to connect the two systems together via a SIP trunk from FreePBX to the Adtran and then a PRI from the Adtran to the Mitel. The challenge I am having is with the SIP trunk and the Adtran. When you call from the Mitel to FreePBX, Asterisk sees the request from the Adtran as “PJSIP/anonymous” and rejects the call. I have the Adtran set to register the the FreePBX sip trunk and it shows on the Adtran side as registering successfully.

When I had the server onsite I added something to one of the .conf files (either sip_custom.conf or extensions_custom.conf) that somehow allowed anonymous calls only from the IP address of the Adtran. This worked great, however, the backup that I used to restore the server to the cloud was prior to me adding the Adtran into the setup so I am having to rebuild the sip trunk and Adtran setup from scratch.

Has anyone done this kind of setup with a FreePBX and and Adtran before? If so any pointers would be great! Happy to provide any configs, logs, etc that may be helpful.

Thanks in advance,

At a guess you have both chan_pjsip and chan_sip enabled. chan_sip gets a non-standard port number in that case, It sounds like the wrong channel driver is taking the call and isn’t configured for it. You should be aiming to only use chan_pjsip.

Assuming that the Adtran trunk is configured for chan_sip, the likely problem is that the Adtran is configured to send calls to pjsip’s Port to Listen On (defaults to 5060), instead of chan_sip’s Bind Port (defaults to 5160).

If you are trying to use pjsip, the Adtran is likely sending caller ID in the From header, while pjsip is trying to match on username.

The Asterisk log (with pjsip logger enabled) should show what is happening.

The anonymous endpoint in chan_pjsip isn’t in any way related to CallerID. It means that there is no endpoint that matches so use it. Unlike chan_sip where you just set guests to yes, chan_pjsip requires an actual anonymous endpoint to be configured. This is done in FreePBX but setting “Allow Anonymous”. So basically this system is setup to allow any incoming request to come in.

Anonymous endpoint, again, is about allowing any request into the system with out matching to an endpoint.

Sure it is. The default way pjsip matches an endpoint is by username, though there are other options. If the Adtran registered to Asterisk as a pjsip trunk “Registration: Receive” with username ta724, but then sends a call with a caller ID in the From header, pjsip won’t match it and will treat it as anonymous.

This is a common problem with ATAs that have both FXS and FXO interfaces. There are various solutions, including configuring the remote device to send its username in From and the calling number in PAI.

However, in this case, I suspect that the OP’s Adtran is registering to chan_sip on port 5160, but is misconfigured so calls from Adtran to Asterisk are being sent to port 5060 and hitting pjsip.

Hi all,

Thank you for your responses!

This is a PJSIP trunk and chan_sip is disabled on this system. For security I am using a custom port numbers for PJSIP (xx60 for UDP and xx61 for TLS - and no XX does not stand for 50) and can confirm that the Adtran is configured to use these custom port numbers on the trunk from what I am seeing in the Adtran GUI.

I would really prefer to not allow anonymous/sip guests if possible.

Attached is the pastebin with a call log with PJSIP set logger on here:

For context the IP address of 155.XXX.XXX.XX is the server and has a domain of
The IP address 104.XX.XXX.XXX is the static IP of the site where the Adtran and the Mitel are installed.
All the extensions on the FreePBX are 4 digit extensions. All the extensions on the Mitel are 3 digit extensions (102 is the phone on the Mitel that I was making the test call from).

Thanks again,

You need a tyype=identify for static address (“match(permit)” i the GUI). As it is this call will be identified as coming from extension 102, which, presumably doen’t exist. Given there is a static address, there is no need to register at all.

Well the default is ip, username, anonymous, auth_username, header. In that order unless you go in and change the default order. If you have endpoint [2000] that registered but endpoint [1000] that matches on IP and they both are behind the same IP, all requests from 2000 would be matched to 1000 because IP is first, username is second.

I tried putting an IP address in the March permit field on the trunk, but then the other IP phones that I have on site stopped working as well.

I haven’t had time to take another capture yet.

Btw if anyone wants to DM me I’d be happy to pay for someone to resolve this if you have done this with an Adtran TA900e series device before.

Any other ideas on how I might be able to make this work?

Find time.

I don’t really need to do another capture as I know why the Match Permit field broke the rest of the IP phones. The site has the Adtran and the IP phones all behind the same external static IP. If I was able to have multiple static IPs I would put the Adtran on it’s own static, but unfortunately I can only get the one.

I think the real answer is because the Adtran is not sending the username in the from header as @Stewart1 mentioned, unfortunately, I don’t know how to make the Adtran do that as he mentioned above.

Again, if anyone is good with Adtran’s and has done this before I’d greatly appreciate any assistance.


There is little need to use any authentication on a secured LAN.

But you didn’t provide that information to us before.

It sounds at though the device is designed to be used on an intranet, not to cope with NAT.

Either you need to put Asterisk, or a proxy, in the same intranet, as the device, or you need to merge the intranets, by using a VPN.

However, match isn’t restricted to IP addresses:

so, as long as there is only one ADTRAN_Total_Access_924e_2nd_Gen/R14.1.0.E in your system, there may be another way of identifying it.

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.