Freepbx on multihomed setup


I’m new to this forum and i’ll try to make it simple as possible.

I’ve setup a freepbx and its behind a firewall. Need remote extensions over internet and a SIP trunk is established with SIP provider over a private network.
freepbx has two network interfaces, one for SIP trunk ( and other for network connectivity to firewall (

With No NAT configuration, SIP trunk works good (signalling and RTP is good) but remote extension over internet does not work (no RTP) as the contact URI in the SIP message header is SIP trunk IP (
However With NAT configured with external IP given as public IP, remote extension over internet works good, but calls over SIP trunk does not work (no RTP) as the contact URI is the public IP.

NAT configuration
externip =
localnet =
localnet =
nat = yes

Wonder if anyone has done a workable solution to a similar setup.

Many thanks in advance

Look at the local networks under Asterisk SIP settings.

Hi Alan

I’ve defined the local network and external IP but failed and doesn’t work as explained initially.

You need to insure your firewall is routing RTP traffic, if you can “watch” the traffic being blocked or not on the firewall that well help you troubleshoot if it’s related to that versus something else. When I say this, it’s evident you are routing RTP with internal calls, BUT with some routers/firewalls they have helper configuration that understands if there is a SIP connection to also route RTP but with remote calls you will need to insure you are allowing that traffic.

Hi VoIPTek

Thanks for your response. As per my understanding, how the RTP shall route defines in the Contact URI in SIP message header and this is where i’m stuck. the external IP definition defines it but since the two end points are on different subnets I can only define the external IP for only one.

Thanks all for your input.

I’ve managed to fix the issue and it works fine now.
The problem was that the definition of local network did not cover the entire subnet. Hence it was change to allowing to accommodate the proxy IP.

Pedantically, that network should be:-

( whois|grep CIDR) is shared with T-Mobile and others