Mask SIP trunk Peer IP

Hi All,

We have a Sales office in middle east(Site-B) and a factory in a Asia country(Site-A). in both location we do have freepbx installed and SIP trunk connecting two sites.
At Site-B(middle east) we do have a SIP trunk from one ISP as our outgoing line and internal users can make calls and we don’t have any issues. even factory users(Site-A) can call sales users at Site-B by selecting the trunk, all are working fine.

The issue is: If someone from Site-A(factory) need to call a sales user’s mobile phone by selecting correct trunk and then outgoing line of middle east ISP sip trunk, call is failing.
Site-B ISP is rejecting the call. Reason is SIP Trunk Provider not allowing any calls from outside IP address. (in this case my trunk peer Site-A IP address).
Site-B ISP will not allow any remote IP as of security reasons and they want us to hide any remote/public IP address if we want to call via their SIP Trunk from external location.

Please be kind to give me any guide to resolve this issue.


Your description of the network is really confusing.

Do you have an ISP for each location? If so, you have IP traffic going to the Internet.
Do you have a dedicated network like between the two sites? If you do, you will need to set up a trunk between the two sites that uses that network.

Let me see if I can restate what you said.

The Sales office is where all of your VOIP services are processed.
The Factory office does NOT have its own VOIP connection.

This part has me confused:

I don’t understand how or why you would make this statement. The user should never be in the position to choose how a call is routed. This bit alone makes me not understand how your system is set up.

What I would consider doing is this:

In the PBX at the Factory, set all of the instruments up as extensions. Give them a unique range (500-599, for example). If this PBX is connected to a VOIP provider (which I would not do) set up the system so that it sends local calls through that provider.

In the PBX in the Sales Office, set all the instruments up as extensions. Give them a different unique range (300-399, for example). This PBX IS connected to a VOIP provider.

This way, no one is “choosing a trunk” and you control how all of the phone traffic is delivered.

Now, when someone from the Factory calls. The call goes from PBX-A through the intersite trunk (which runs over the Internet, I assume) to PBX-B. If the call is local (to an extension), the call goes to the extension. If it is not, it is processed AS IF IT ORIGINATED ON PBX-B.

It solves almost all of your problems, including the concern about using remote IP devices over the "local ISP’.

First of all, thank you very much for the having a time and trying to help me. !!

Yes we do have ISP’s in both locations. we don’t have dedicated network like a VPN between sites but we do have SIP trunk connecting both sites each other. .

Yes sales office is connected to SIP trunk provider for National calls and factory has its own analog lines for local calls within the country.

As you explained yes we do have different extension range’s configured on both PBX sites and calls between sites are fine (ex: 500 to 300 or vise-versa)

Problem start if a factory user 500 want to make a call to sales user at Site-B by using Site-B VOIP provider/PBX (To reduce international call charges by dialing IDD call from factory)

Only thing is I need to give freedom to factory users to dial sales users mobile phone at middle east by using Site-B voip provider(NOT using factory analog telephone lines). So call will be appear as its generating from Site-B PBX and call cost will go to sale office.(site-B)

But if 500 extension from factory make a call to a sales user’s mobile at Site-B using Sales Office VOIP provider, Call will reject by Site-B Voip Provider. reason is voip providers are not allowing calls generating from different IP address other than Sales office PBX or LAN. (may be as a security reason or to restrict illegal VOIP traffic)

So how I will MASK or HIDE Factory office PBX/Trunk IP when factory user dial-out using sales voip provider’s trunk service.

Hope this will help you to understand my setup and requirement.


OK - the trick is to NOT have the people at the Factory call the cell phones directly.

There are two ways to accomplish this:

  1. Use Do-Not-Disturb or FindMe-FollowMe for your sales-peoples’ cell phones.
  2. Set up extensions that automatically forward a call to the sales person’s cell phone.

Both of these have the advantage of originating the outgoing call from the Sales PBX instead of originating at the caller’s instrument.

Personally, I’d use 1. Set the system up so that, when DND is turned on or they are out of the office, all calls go to the sales’ cell phones automatically. If you want to get tricky, you can modify the basic setup of the DND process to only allow “internal” calls to connect to FM/FM.

If you decide to go with 2, just set up custom destinations with the extensions you want the Factory people to call and have the automatically forward the call to the sales’ cell phones.

Like I said, FM/FM would be the first thing I’d try.

Oh, and this keeps the people in the Factory from using your Sales PBX for outgoing calls to anyone except your sales staff.

Hi Dave,

Thanks for the informations,

Im preferred if we could use sales PBX as a gateway to call out any outside number, so anybody who use our telephony service(sales or factory users) can call middle east any destination.(sales office located at)

In the end my main requirement is to allow calls from our factory users to call out using Site-B PBX_(may be we can control using prefix to limit to dial only local land phone and mobile Codes in that country)_. But in real-world SIP providers have restriction and they will not allow remote public IP’s to use their SIP Trunk service.
Our sales staff can make call to gsm or any national number by their desk phone’s but when factory user calls sales user’s mobile SIP Provider see the IP address of our factory pbx and drop the calls.

Due to this I WANT TO HIDE TRUNK PEER IP address of inter-site sip trunk when it trying to access SIP SERVICE PROVIDER.


call gsm–> FACTORY-PBX---------->sip trunk over internet>---------> SALES-PBX1 >----->sip trunk in same lan>-------->SALES-PBX2>------->-SIP VOIP PROVIDER-----------> gsm incoming call

any advice!!.


There is no step in that picture where the external provider should see your internal addresses on anything. All of your instruments should be talking to your PBXes and nothing else.

Even without the second “Sales” PBX, I don’t see how your ISP could be seeing any of the addresses for any of the instruments anywhere, unless you’ve set up your servers to pass the addresses. Allowing the foreign addresses out would cause an open-jawed route and will mess up your connectivity.

All of the traffic to your provider should be coming from your Sales PBX. As long as the Factory PBX is not trying to use the SIP provider’s address, it should all be traffic from your Sales PBX. The only way any foreign addresses could be making their way into the VOIP provider’s connection is if there is a misconfiguration in your network.

Now - to further hide the traffic, you could try adding a firewall in front of your PBX (instead of Sales-PBX-2) and NAT all of the phone traffic to and from the VOIP provider. This will definitely hide those remote addresses.

By the way - I’m sorry that you don’t understand what I’m saying, but yelling is not going to change the answer.


What if I add directmedia=no in sip.conf file of Sales office PBX !

That might help with the RTP addresses not getting out.

1 Like

and “canreinvite=no”