Has anyone successfully connected their PBX through a Meraki device such as an MX65 Security appliance?
I’m running into issues with voice traffic being blocked on multiple phone scenario, but the first phone connected will work properly.
I’ve looked at creating 1 to many NAT rules to ports 5060 from the public IP, but nothing is working.
Not nearly enough information to help you. There are so many questions about your installation that I can’t even decide where to start. How about starting with a version number and some more network information.
My apologies for that. My intent was to find those who have had direct experience with the Meraki MX65 unit in particular, so as not to waste anyone’s time on rabbit chases.
We have a working PBX with about three hundred extensions. We are going to be providing service to a sister location in an off-site location which has an MX65 as it’s network firewall.
I’ve begun testing an identical setup to provide POC before implementation. It is in this testing that I’ve encountered the issue I mentioned above. I’m fairly certain that the issue is in the firewall because everything works as normal without it in place.
If anyone has experience with the MX65 or any Meraki cloud equipment, I’d appreciate any advice you could offer on setup or rules configuration.
I tried on a Meraki MX80 and had no luck. Decided to go the hosted route so I did not spend too much time on it. The same internal pbx worked fine when using my Peplink as the firewall with SIP ALG turned off so something with Meraki was not compatible.
Have you tried setting up VPN site to site? Other options are to set up firewall rules to allow ALL traffic from the other site (both ends) ONLY, and specifically the IAX port 4569 Specify the source IP so you don’t open up the whole world to these ports.
I use Meraki and FreePBX quite extensively and assure you your problem can be solved.
If I understand you correctly, you have a primary site where there is a FreePBX server and all clients are currently located there. You’re standing up a new site (with the Meraki MX) and you want users there to have VOIP services hosted by the PBX at the primary site.
There are a couple approaches here but I’d argue you should just create a VPN tunnel between the two sites. Meraki makes that super easy, especially if the other site has an MX and they’re in the same organization. What kind of firewall is at the primary site? Are you comfortable setting up VPN tunnels?
The bad news is that Cisco recommends using VPN. Another option, if you are insistent on keeping the meraki is to put in an Edgemarc SBC and put the meraki behind it. If you have 2 static IPs configure the wan of the Edgemarc with one and then setup the Edgemarc proxy arp with the second and set the wan of the Meraki with the second public up and connect the wan interface of the meraki to any Edgamarc lan port. This way the traffic shaper on the SBC will be able to manage both voice and data. Connect the phones to the Edgemarc and all data equipment to Meraki
Your Meraki rep will usually be happy to overnight you trial gear which you can keep (and pay for) or send back after a month. Meraki auto-VPN is about as easy as VPN gets. You’ll also want to enable traffic shaping such that your VOIP traffic gets prioritized. These articles should help: