Poivy trunk not working

After messing with TrixBox and not being able to fix my trunk registration issue, i installed PBX In A Flash and made the basic setup. I was told on one of the forums that TrixBox is a outdated product with no active user base, hence no answer to my problems on their forum.

My problem:
Can not get Poivy trunk to register. i would like to use this trunk for making international calls. I do not know if this is due to Peer setting or firewall issues, as i have not managed to register with any external SIP trunk.

when trying to place a call using this trunk i get the “all circuits are busy now …” message

My PBX Setup:
so right now i have 2 extensions which work fine, a trunk pointing to Linksys SPA400 FXO. this also works fine and i can make calls to the old PBX system.

I have created a SIP trunk to Poivy.com which i would like to use for making international calls. my trunk setting look like this

Trunk Name
POIVY

Peer details
disallow=all
allow=ulaw&alaw&gsm
authuser=XXXX
context=from=pstn
dtmfmode=inband
fromdomain=sip.poivy.com
fromuser=XXXX
host=sip.poivy.com
insecure=very
nat=yes
qualify=yes
secret=PASS
srvlookup=yes
type=peer
username=XXXX

register string
XXXX:[email protected]/XXXX

A outgoing route was also created for this trunk.

I have tried multiple combinations of peer settings for Poivy based on info i have found on forums.

My Firewall:
In our network I am using a NetScreen25 firewall, firmware 5.4.0r14.0 (Firewall+VPN). I have assigned a Public IP to my PBX server, this was done using MIP.
further i have created the following rules:

Trust >untrust
Source: 192.168.3.61/32(IP of my PBX server)
Destinatio: ANY
Services: ANY
NAT. Source translation enabled

Untrust > trust
Source: ANY
Destinatio: MIP (public IP)
Services: ANY

i have used ALG on and off to test. I have also tried placing the PBX in DMZ zone , still no lunk.

EXTRA Info about SIP Peers:
this is the SIP Peer info i get from freePBX

Name/username Host Dyn Forcerport ACL Port Status
100/100 192.168.3.51 D N A 5060 OK (11 ms)
101 (Unspecified) D N A 0 UNKNOWN
SPA400 192.168.3.243 N 5060 Unmonitored
poivy/XXXX 77.72.169.131 N 5060 UNREACHABLE
4 sip peers [Monitored: 1 online, 2 offline Unmonitored: 1 online, 0 offline]

This is what i am getting in the log files:
[2012-02-26 20:18:16] NOTICE[20650] chan_sip.c: – Registration for ‘[email protected]’ timed out, trying again (Attempt #10020)

any idea? i am desperate guys!

Welcome to FreePBX. The logs says unreachable. Can you ping your provider from the Asterisk box?

Also your policies don’t look right in the Juniper. You need an inbound and an outbound to go from the trusted to the untrusted.

You may also want to do a traffic monitor in the juniper (with db flow) to see if you indeed have an active flow for this traffic.

Thnaks SkykingOH,
i dont quite get what you mean by inbound and outbound! isnt my un-trust>trust inbound and trust>un-trust outbound?

i have enabled logging and it seems that my trust>un-trust flow is not going through my rule of

Trust >untrust
Source: 192.168.3.61/32(IP of my PBX server)
Destinatio: ANY
Services: ANY
NAT. Source translation enabled

it seems that the rule of LAN > Any is over taking this rule, and the traffic is being logged here.

furthermore my un-trust>trust policy is showing the following msgs:
2012-02-24 01:06:01 87.211.128.138:50147 XX.XX.XXX.205:5060 87.211.128.138:50147 192.168.3.61:5060 SIP 21 sec. 206 0 Close - AGE OUT
2012-02-24 01:05:57 87.211.128.138:50196 XX.XX.XXX.205:80 87.211.128.138:50196 192.168.3.61:80 HTTP 5 sec. 1670 4951 Close - TCP FIN
2012-02-24 01:05:51 87.211.128.138:50171 XX.XX.XXX.205:80 87.211.128.138:50171 192.168.3.61:80 HTTP 4 sec. 1669 6708 Close - TCP FIN

i guess this is where the problem could be, but why?

ok ignore my previous post. i just had to move my SIP/VOIP rule above the general trust > untrust rule, and it seems to work. Now i can register from remote location with my SIP server and place calls to internal extensions. No problems there!

but my trunk still does not work. im starting to think it might be due Peer Details or SIP server config! So now i am pretty sure that it is not my firewall setting and something else!

BTW yes i can ping sip.poivy.com and other servers from my SIP box.

ANY IDEAS guys? i really need some help

Remember when configuring rules in any access list or policy always start with the most specific and end with the lease specific. Some devices put an implicit ip any any at the end of an access list.

I don’t know anything about poivy. Debugging SIP trunks can be very challenging.

If you turn verbose logging off and sip debug on you should be able to see the exchange and what errors you are getting.

rules and policies are all correct on firewall.

i was just messing about with my old PBX (TrixBox v2.8.0.4) and i realized that both my VoipBuster and Poivy trunks are registered! i was shocked as i was trying to make them work for so long and it didn’t work. even funnier i have no MIP and untrust>trust rules for this box on firewall any more. but it works!

Strangely the same Peer Details doesn’t work on my PIAF (freepbx 2.8.1)! any idea if i should re-arrange these for version 2.8.1 in a different way? i have also check my .config files and changed them to how it is on the TrixBox.

Here are my PEER settings (that work on TrixBox and not on PIAF)

username=USERNAME
type=friend
secret=XXXXXX
qualify=yes
nat=yes
insecure=invite
host=sip.poivy.com
fromuser=USERNAME
fromdomain=poivy.com
dtmfmode=rfc2833
disallow=all
canreinvite=no
allow=alaw

register string:
USERNAME:[email protected]