IP Phone over WAN to Asterisk

I have a dozen or so IP phones set up on a LAN using Asterisk/FreePBX which work just fine, when I try to connect one externally (WAN, not VPN) it doesn’t get connected. I’ve put in the Company’s public IP as the Proxy in the IP Phone’s settings and directed traffic on UDP 5060 to the PBX on the router/firewall but it can’t get though. Is there anything else to set or anything I can check in my configuration which might indicate why it fails to connect?


Please be more specific as to what isnt working.

My IP phone just doesn’t connect, it says “Failed” on the status menu. It won’t connect to the PBX, I don’t know if this is a routing problem or a firewall probelm, or if I have to set up some extra permissions in some configuration files somewhere, I don’t know what’s wrong. Is there any way I cna check to find out?

Logs would help

have you confiured your sip_nat.conf file ???


2.9.3 When asterisk is behind a NAT do not forget to specify:
in sip_nat.conf
externip = X.X.X.X ;(substitute your public ip address)
localnet = 192.168.X.0/ ;(substitute your lan subnet address)

Ports to forward on router:
4569 TCP/UDP - iax
5004-5082 TCP/UDP - sip
10000-20000 TCP/UDP - sip

My sip_nat.conf:


I’ve opened all the ports you mentioned but it dint’ make a difference

as bubba mentioned, your going to have to do some debugging (and post the logs here if you want our help). In the asterisk cli type:

core set verbose 5
sip set debug 5

if you know the IP address that you trying ot connect from, then type:

core set verbose 5
sip set debug ip xx.xx.xx.xx

then, using the Asterisk Logfile module, post the relevant portion of the log file

What type of phones are you using?

They’re Linksys IP Phones (SPA942)

I tried:

core set verbose 5
sip set debug 5

Nothing happens on the console when I try to connect the phone and fail so I’ve nothing to post.

I DO see it outputting information when I answer/make calls, etc. but it doesn’t do anything when I attempt to connect a phone and fail (even if i sucessfully connect a phone on the LAN that CLI screen doesn’t show anything) Have I checked this right?

not sure what else to try, anyone?

would it be better to use a VPN? How are IP phones usually connected remotely? By VPN or just using public IP address of the server.

Any time I have done it I have just connected to the public IP.

I know with my Aastra phones I had to go into the phone config and set the nat ip to the public ip of the server to get them to register.

Is your phone sitting behind a router or firewall at the remote end?

Set the phone back to factory defaults. And then set up the phone from scratch. I assume it asks for a server IP and such. Maybe it has some stuff stuck in the config on the phone.

Here is what the configuration on my phone looks like:
I can’t figure out what’s wrong with it.

And the phone will be on a firewall but it’s not yet. The pbx server is on a firewall

First under Nat settings change nat mapping to yes. Under proxy and registration put in the servers public IP in both proxy and outbound proxy. Change use outbound proxy from yes to no.

See if that helps.

Okay thanks, it still didn’t do anything differently though :frowning:

Is there a log in the phone that you can access? What is the phone saying.

good point unfortunatly i cna’t seem to find any log, it’s a Linksys SPA942 and i tried googling to find out if it has one and i looked around the configuration menus but doesn’t seem to.

Do you have it set for DHCP. Is it getting the proper info?

The pbx is static, the phone is on DHCP. If it try the phone on the internal network using the pbx’s internal IP it works even though the phone is still using DHCP there too. I just can’t get in using the public ip.

I’m starting to think it is a network issue.

You do have the correct entries in your sip_nat.conf file right?

This is all I have in mine

externip= <-- Your External IP provided by your provider. Not the gateway IP.
localnet= <----- Make sure this is correct and that the netmask is the same as on your net

On firewall

Ports 5060 open UDP/TCP
Ports 10001 - 20000 open UDP/TCP

Download the xlite softphone and try it and see if it connects. It’s very simple to setup

as I said here’s my settings in sip_nat.conf


and i’ve forwarded and opened:
4569, 5004-5082, 10000-20000 on TCP/UDP

I have just tried xlite and if i connect using the local network IP of the PBX it connect just fine, if i use the public IP I get Registration error 403 - Forbidden (Bad auth), bearing in mind I’m using the exact same SIP login extention/password. I guess it must be something in the asterisk configuration not the linksys phone since xlite responds the same way.

If the phone is hitting the remote server, the [b]has[/b] to be something in [code]sip set debug 5[/code] that can help.

Also, what router do you have back at the office?