Random Audio drop outs, Grandstream GXP 2140

Freepbx Distro version 6.12.65-32, Asterisk 11.21.2. grandstream GXP2140 version firmware. All the phones are on the same lan, but they register in the system with random ports instead of 5060. I have checked the settings for the network in Asteris SIp settings and that is correct. The network settings in Sys Admin is correct. The first DNS entry is For what it is worth the router used for the gateway is a Asus RTN16 with Tomato firmware. I do not know if the phones are on a Vlan. There is another router doing the DHCP and such. Phones that lose the audio are the called parties. I am fresh out of ideas. We found that the SIP trunk provider was trying to send the audio on ports that were outside our router port forwarding and also the system setup. We fixed that we hope. They still have problems with internal calls. There is no indication the phones are losing registration, but … I am fresh out of ideas. What else is there??

Please post your CLI log here

your comment “they still have problems with internal calls” leads me to believe that the pbx is not onsite. is that correct? the crappy router would also explain why you see all the weird ports being used for registration. need to know more about your network in order to provide any suggestions. you say “another router is doing dhcp and such”. what does that mean? what type of internet connection do you have?


The pbx is onsite there are 5 phones that are offsite. 2 from our office , one from a remote office of the customer, and two from a dealer of ours. We have on the network two routers. One for the data, this offers all the DHCP and such. The second is ours and it is used solely as a gateway for the system for the SIP trunk connections. The ISP for that is Comcast with a 50/5 connection. ONLY our traffic is going through this router. All the phones and the system are on the same network, the phones (except for the physically external ones) are registering as if they are offsite with random ports. All the IP settings are correct. There is a stun server entered in the Sip Settings. We found out yesterday that ClearFly is using UDP 20,000 to 30,000, we were set to use 10,000 to 20,000. We changed that. We did have an offsite phone to a local phone have a problem, after those settings were changed. The offsite phone called the onsite and the audio from the offsite was lost for about 10 seconds, then returned, without any user intervention.

Here is part of the pcap for that call:
Frame 10087: 1082 bytes on wire (8656 bits), 1082 bytes captured (8656 bits)
Ethernet II, Src: AsustekC_6d:44:11 (54:a0:50:6d:44:11), Dst: MitacInt_b5:1c:c9 (00:22:4d:b5:1c:c9)
Destination: MitacInt_b5:1c:c9 (00:22:4d:b5:1c:c9)
Address: MitacInt_b5:1c:c9 (00:22:4d:b5:1c:c9)
… …0. … … … … = LG bit: Globally unique address (factory default)
… …0 … … … … = IG bit: Individual address (unicast)
Source: AsustekC_6d:44:11 (54:a0:50:6d:44:11)
Address: AsustekC_6d:44:11 (54:a0:50:6d:44:11)
… …0. … … … … = LG bit: Globally unique address (factory default)
… …0 … … … … = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src:, Dst:
User Datagram Protocol, Src Port: 1024 (1024), Dst Port: 5060 (5060)
Source Port: 1024
Destination Port: 5060
Length: 1048
Checksum: 0x1402 [validation disabled]
[Stream index: 59]
Session Initiation Protocol (INVITE)
Request-Line: INVITE sip:[email protected]:5060 SIP/2.0
Method: INVITE
Request-URI: sip:[email protected]:5060
[Resent Packet: False]
Message Header
Via: SIP/2.0/UDP;branch=z9hG4bK660776702;rport
From: “LetoComOfc2” sip:[email protected]:5060;tag=977370806
To: sip:[email protected]:5060
Call-ID: [email protected]
CSeq: 380 INVITE
Contact: “LetoComOfc2” sip:[email protected]:5060
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2140
Privacy: none
P-Preferred-Identity: “LetoComOfc2” sip:[email protected]
SIP Display info: "LetoComOfc2"
SIP PPI Address: sip:[email protected]
Supported: replaces, path, timer
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 332
Message Body
Session Description Protocol
Session Description Protocol Version (v): 0
Owner/Creator, Session Id (o): 302 8000 8000 IN IP4
Session Name (s): SIP Call
Connection Information ©: IN IP4
Time Description, active time (t): 0 0
Media Description, name and address (m): audio 5004 RTP/AVP 0 8 18 9 2 101
Media Attribute (a): sendrecv
Media Attribute (a): rtpmap:0 PCMU/8000
Media Attribute (a): ptime:20
Media Attribute (a): rtpmap:8 PCMA/8000
Media Attribute (a): rtpmap:18 G729/8000
Media Attribute (a): fmtp:18 annexb=no
Media Attribute (a): rtpmap:9 G722/8000
Media Attribute (a): rtpmap:2 G726-32/8000
Media Attribute (a): rtpmap:101 telephone-event/8000
Media Attribute (a): fmtp:101 0-15
The phone system is at the 205 address.

I am still learning how to read these captures. I am concerned that the source port was 1024 with the destination port 5060. This capture was from the phone system using tcpdump, only capturing UDP packets.

Sorry which log? I tried to copy and paste the full log from the reports but it is to long.

i hate to say this but we see this all the time with comcast. some comcast sites work perfectly and others, regardless of the speed, just have issues. i don’t know enough about the internal workings of comcast but i have determined that some connections behave differently. i sometimes suspect the modem they are using. the older smc modems seem to work best, the newer cisco ones that include wireless seem to be the ones giving us the more problems. in those cases we usually put in a different modem, typically a Motorola Surfboard and the problems generally go away. in low volume concurrent call situations we have even had to move to an att dsl/uverse account if we could not get things to work with comcast.

i have never had much luck with the Asus stuff for voip. we migrated to edgewater products a few years back and have not regretted it.

I would try a different cable modem as the next step - you can pick up a cable modem for a few bucks on amazon or at a local computer store.

I have heard of guys having issues with the Comcast modems. So far I haven’t had any issues. Of course my area has Charter, but they aren’t without their issues either. This Asus router with Tomato has been pretty steady for us. We used it with DDWRT for a long time, we switched to Tomato for the Src filtering on the port forwarding. Haven’t heard of Edgewater, will have to look them up. I am still troubled about the registration of the phones with the odd ports tho.

101/101 D Yes Yes A 32981 OK (4 ms)
102/102 D Yes Yes A 19761 OK (6 ms)
103/103 D Yes Yes A 54991 OK (4 ms)
104/104 D Yes Yes A 30773 OK (3 ms)
105/105 D Yes Yes A 43339 OK (4 ms)
106/106 D Yes Yes A 19448 OK (4 ms)
107/107 D Yes Yes A 45488 OK (4 ms)
108/108 D Yes Yes A 57635 OK (5 ms)
109/109 D Yes Yes A 38392 OK (4 ms)
110/110 D Yes Yes A 46166 OK (4 ms)
111/111 D Yes Yes A 23314 OK (4 ms)
112/112 D Yes Yes A 20114 OK (4 ms)
113/113 D Yes Yes A 37864 OK (4 ms)
114/114 D Yes Yes A 55608 OK (4 ms)
115/115 D Yes Yes A 39992 OK (4 ms)
116/116 D Yes Yes A 57853 OK (4 ms)
117/117 D Yes Yes A 34302 OK (4 ms)
118/118 D Yes Yes A 49582 OK (4 ms)
119/119 D Yes Yes A 40876 OK (4 ms)
120/120 D Yes Yes A 16339 OK (11 ms)
121/121 D Yes Yes A 51628 OK (74 ms)

The source port on the remote device can be anything. As long as the device registers, you should be able to send connections to it. Once the handshaking on a reserved port (anything under 1025) is established, the port changes to a high-end port. This is a typical operation in networking when using reserved ports - it can redirect to any other port on the system. This is especially true if you do things like multi-host phones (2 lines, 2 servers).

Is there any type of VOIP proxy in the “remote” (205.190.x.x) network? That can also ‘scramble’ the port configuration.

Overall, I wouldn’t worry about the source ports - they are what they are.

If it was me, I’d set the network up differently. I’d have done a LAN on a non-routable address block just for the phones. This way, you limit the access to the system to devices that are internal to the network. If it helps, thinks of it (or even configure it) as a V-Lan for just the phones and the phone server.

Random dropouts that come back by themselves sound very “firewally” to me. It almost sounds like a NAT session is setting up and cleaning up, then reconnecting. Since you are using local (albeit routable) addresses and are connecting to the server in the same network, I can’t imagine why you’d have NAT set up.

Hi Dave,

No Voip proxy that I am aware of. The 205.190.x.x network is the local network. We didn’t set the network up. I am going to have to contact the IT guy and see what the setup is.

i think that your phones are registering using the external ip address. it is possible your IT boy has setup a local network using routable IP’s but unlikely. you can google non routable ips but the most common ones you will find start with 192 or 10. or 172.

that would explain why you are seeing random ports and may be the source of your initial issue. are using the epm on freepbx? if so what do you have set as your register server? and what is the internal ip of the pbx and what is the external ip of the pbx.

I think you may have somethng there. The whole network is the 205.190.x.x/24 The phone system is at, my router is at The external IP is I found out late today that the IT guy inherated a ADP system at a car dealership. The isp is Time Warner (sorry I didn’t know earlier) they have a 50/5 that is shared with the Data side. He is pushing to get a separate connection. We also are sharing the phones with the computers (yes the computer is plugged into the phone). I think maybe that the router knows the internal should be routed and hence does the routing within itself when it should not have to do that?

Just a question why do you use public ips for your local network? This is bad security plus you can have problems like this. If any of the ips from the ones that you posted is routable to the whole world then someone can access your phones and you will have other problems later like calls to foreign countries.

We inherited this network from ADP. We were just added to it. The IT guy has been struggling with issues with it. I don’t know the specifics of his problems, but he is sorry he got involved with it. I am going to push to use a non-routable IP scheme. I do not know if they will go for it though

but you are sure that the local ip addresses you get for computers, etc. are the 205. addresses? and if so what is the address of the gateway?

and do you know both the public and local ip address of the pbx

I do not have access to the PCs. I can tell you that the DNS and Gateway fro the phones are, The phones are pulling a 205.190.53.xx There are two different WAN addresses one for the router we installed and one for the Sonicwall. I think we are going to put all the voip on a static network and use out router for all our network

um, so the lan side address of the router you put in is if yes, what is the wan side address?

If you know who “CHRIS NICKEL AUTO” is you should apparently be talking to Jared Eller,

The SonicWall router for the network is at that address. I did a arp scan from the phone system at 53.4 I located 30 devices including phones in the 205.190.53.xx network. The wan for my router is at I do not know the WAN address for the Sonicwall at this time. There is a domain controller that is onsite as well. We did not setup this network, our dealer added the phones to it. Tomorrow we are going to set the VoIP devices to a Class C network and separate them as best we can.


You must think there is a connection between my issues here and Chris Nickel Auto? Who is Jared Eller? Is he on here?