Sip Trunk Provider Configuration

Can someone guide on how to setup trunk for the following guidelines I have the ip address and the phone number for testing. Any help would be greatly appreciated.

CODECs Supported: G.711 u-law, G.729A/B

SIP Trunk Type: Peer-to-Peer Trunk(1)

SIP RFCs Supported: 2833, 3261, 3325, 5806

SIP METHODS Unsupported: NOTIFY, REFER, SUBSCRIBE, UPDATE

SIP HEADERS Supported : From, To, PAI, RPID, Privacy, Diversion, Via, Contact, Expire

SIP OPTIONS PING Support : Supported

Recommended SIP Session Timers: In accordance with RFC 3261

Transport Protocol: UDP PORT 5060(2)

RTP Port Ranges: 16384-65535

Call Forwarding, SIM Ring, Find-me/Follow-me: In accordance with RFC 5806

Max Forwards: Set to 70

DTMF Support: RFC 2833

Default Sampling Rate : 20ms

Default Max Calls per Second Per SIP Trunk: 10

FAX Support: T.38 with G.711u fallback

Transcoding Support: No

Inbound and Outbound Calling Party Presentation: 10 digits or E.164 Format(3)

Calling Privacy Support: In accordance with RFC 3325

Calling Name Support: Provider will accept when provided but does not deliver to Terminating Carrier.

Calling Party Override Support : Yes(4)

(1) No password, user name, or authentication is necessary or required. Authentication is currently not supported.

(2) Provider does not currently support TCP protocol over SIP commonly used for Microsoft’s Skype for Business.

(3) The default inbound calling party number format from Provider is presented with 10 digits (NPANXXYYYY) - E.164 format (+1NPANXXYYYY) is also supported but must be requested. The customer is expected to send a valid Provider SIP service 10 digit or E.164 formatted calling party number.

(4) Customer may override Calling Party Number on outbound traffic in the FROM header provided PAID, RPID, and/or Diversion is populated with a valid Provider DID built on the SIP service.

Note: Diversion is not supported for international calls.

Some additional details on calling party number requirements:

For outbound calls a valid Provider SIP service number is required in at least one of the following (in order of precedence):

Diversion header

P-Asserted-Identity header (PAID)

Remote-Party-ID header (RPID)

From header

For VoIP network admission calls are screened once – looking for a diversion header first, and if present that number will be evaluated. (If the diversion header is invalid the call will likely fail.)

From there, if there is no diversion header the switch will look for PAID and evaluate that if present. (If the PAID is invalid, again the call will likely fail.)

The process will continue looking for/at RPID and From with the same evaluation.

The only thing non-standard is the way they verify caller IDs that are not yours. You can get started without that capability – just set up your pjsip trunk with Authentication None (which implies Registration None). Set SIP Server to the IPv4 address they gave you and Force Trunk CID with your main number. If they send calls from multiple IP addresses, set Match (Permit) to a list of those addresses.

Once you can make and receive calls, try turning on Generate Diversion Headers in Advanced Settings, and set From User blank. With luck, that will allow sending e.g. the original caller’s number when forwarding to your mobile. If that doesn’t meet provider requirements, you can set up a hook to send the PAI or Diversion header they want. See

Ok that is what I thought so this is a new setup have system all working except the sip trunk.
I have a setup where I have two wan connections one for the sip and one for the internet and I see in the logging that it is trying to contact through my internet IP not the Sip IP is there a way to force through the Wan 2 Sip provider IP address?

[2023-08-28 15:11:46] VERBOSE[2488] res_pjsip_logger.c: <— Transmitting SIP request (429 bytes) to UDP:192.168.96.225:5060 —>
7139 OPTIONS sip: (Wan_IP_Sip_Provider) x.x.x.x:5060 SIP/2.0
7140 Via: SIP/2.0/UDP( My_Internet_Wan_IP) x.x.x.x:5060;rport;branch=z9hG4bKPjb95451bc-681e-4a6f-bf32-a1731fce9291
7141 From: <sip:provider@(Free_pbx_ip) x.x.x.x>;tag=82ed125a-95a2-492e-8a17-b54be6e96937
7142 To: <sip:Wan_IP_Sip_Provider x.x.x.x:5060>
7143 Contact: <sip:Frontier@ My_Internet_Wan_IP x.x.x.x:5060>
7144 Call-ID: 8c949cb2-c1e3-4148-9922-176902d78d8d
7145 CSeq: 23779 OPTIONS
7146 Max-Forwards: 70
7147 User-Agent: FPBX-16.0.40.4(18.19.0)
7148 Content-Length: 0

Current verison is
PBX Version:
16.0.40.4
PBX Distro:
12.7.8-2306-1.sng7
Asterisk Version:
18.19.0

If 192.168.96.225 is an on-site SBC from Frontier, it’s probably sufficient to just add 192.168.96.224/30 to Local Networks. After Submit and Apply Config, you must restart Asterisk.

If the SIP and/or media addresses are on a different subnet, but not NATted, also add those subnets to Local Networks.

If they are NATted, you need to set up separate transports for your two NICs and assign the proper one to the provider trunk and the other to your internal phones (and other trunks, if applicable). You also need to set up routes at the OS level to ensure that those packets are sent via the correct NIC.

If you must send SIP and/or media to provider public addresses, this could be a complex issue, depending on whether you need traffic to similar addresses to go via the internet NIC.

Thanks for all your help. I think we are getting close to resolving added 192.168.96.224/30 to the network and here are the results not sure if the Contact should be the local address Contact: sip:[email protected]:5060 also added the Endpoint info below.

[2023-08-29 08:36:55] VERBOSE[14029] res_pjsip_logger.c: <— Transmitting SIP request (429 bytes) to UDP:192.168.96.225:5060 —>
OPTIONS sip:192.168.96.225:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.200:5060;rport;branch=z9hG4bKPj76ed5ed7-687a-4681-a33e-2b20e32e1871
From: sip:[email protected];tag=6344ab6b-5d7a-483d-837e-5ef39993b8e5
To: sip:192.168.96.225
Contact: sip:[email protected]:5060
Call-ID: a51d7f9b-321d-4bb0-a81b-852c8558b1d8
CSeq: 54832 OPTIONS
Max-Forwards: 70
User-Agent: FPBX-16.0.40.4(18.19.0)
Content-Length: 0

Endpoint:  Frontier                                             Unavailable   0 of inf

Aor: Frontier 0
Contact: Frontier/sip:192.168.96.225:5060 d020a302ba Unavail nan
Transport: 0.0.0.0-udp udp 3 96 0.0.0.0:5060
Identify: Frontier/Frontier
Match: 192.168.96.224/30

I don’t believe that the Contact header matters on OPTIONS, but the Via header does and it’s also wrong.

In Asterisk SIP Settings, pjsip tab, try setting up separate transports, 192.168.2.200-udp and 192.168.96.226-udp. Assign the latter one to the Frontier trunk. Restart Asterisk, retest. If no luck, show what the OPTIONS request looks like now, and what (if any) reply is received.

Ok not sure if I am adding where needed here is what it looks like again thanks for the help

image1037×760 33.4 KB

image942×662 57.3 KB

I don’t know what is wrong here, but the udp section of transports should show something like:

udp - 0.0.0.0 - All
udp - 192.168.2.200 - eth0
udp - 192.168.96.226 - eth1

each with a Yes / No option; you could toggle off the first and turn the other two on, giving you two transports.

Try rebooting the server and see whether they appear. If not, I hope that a member with expertise in this area will chime in here.

Post the output of
ifconfig

Are you running the FreePBX Distro? If not, where did you get it / how did you build it? OS? If you are running in a VM, provide details. FreePBX version? All modules updated?

Here is the transport conf file if that helps
[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
external_media_address=192.168.96.226
external_signaling_address=192.168.96.226
external_signaling_port=5060
allow_reload=no
tos=cs3
cos=3
local_net=192.168.2.0/24
local_net=192.168.96.224/30
local_net=192.168.96.225/30
local_net=192.168.96.225/30
local_net=192.168.2.200

This is a hyper-v setup on a winosws server 2016

PBX Version:
16.0.40.4
PBX Distro:
12.7.8-2306-1.sng7
Asterisk Version:
18.19.0

image636×544 9.4 KB

Sorry, I had misinterpreted your networking setup. I had assumed that the Frontier connection was to a second NIC on the PBX (how most systems are set up), but it is actually a second WAN interface on your firewall.

If you are stuck with that situation, your choices are pretty limited, as the FreePBX GUI does not support it. I’m assuming that the second WAN interface on the firewall has address 192.168.96.226.

If you don’t plan on having any remote extensions using SIP over UDP (they could still connect via TCP or TLS, or over a VPN), and also won’t have any other trunking providers using SIP over UDP, just remove 192.168.96.224/30 from your local networks and define External Address as 192.168.96.226.

Otherwise, you need to use different ports for Frontier and the other connections. This implies separate transports. You could use pjsip for Frontier and chan_sip for other connections (or vice versa), but I don’t recommend that as chan_sip is unsupported and going away soon.

Another option is to have two pjsip UDP transports, but the GUI does not support that, so you would need to define the second transport with a manually generated config file, and override the trunk config to use the new transport.

I am guessing that Frontier requires your PBX to listen on port 5060, which (if you need two transports) implies using a different port for your extensions.

Ok thanks again I am not going to have any remotes these will be done through a VPN connection, also Frontier tells me that i need to use the 192.168.96.225 IP for the trunk so I setup with that IP and below are the results from log, also for the endpoint connection. I will confirm the connection info with them to make sure, I can telnet 5060 on the .225 address but not the .226 address.
Is there anything that I need to do with the Match (Permit) the endpoint shows Match 192.168.96.224/30 I have 192.168.96.225/30 entered on the trunk because without it the endpoint showed a Match: 192.168.96.225/32

[2023-08-30 08:21:37] VERBOSE[56659] res_pjsip_logger.c: <--- Transmitting SIP request (431 bytes) to UDP:192.168.96.225:5060 --->	

11127 OPTIONS sip:192.168.96.225:5060 SIP/2.0
11128 Via: SIP/2.0/UDP 192.168.96.225:5060;rport;branch=z9hG4bKPj19a52b0f-d9cc-490a-a576-324c7062e231
11129 From: sip:[email protected];tag=9cc5cb21-840c-4e45-88af-f23de58ead4e
11130 To: sip:192.168.96.225
11131 Contact: sip:[email protected]:5060
11132 Call-ID: e944f571-94cf-44ca-8c30-671e5c8e6cbc
11133 CSeq: 10453 OPTIONS
11134 Max-Forwards: 70
11135 User-Agent: FPBX-16.0.40.4(18.19.0)
11136 Content-Length: 0

endpoint: Frontier Unavailable 0 of inf
Aor: Frontier 0
Contact: Frontier/sip:192.168.96.225:5060 d020a302ba Unavail nan
Transport: 0.0.0.0-udp udp 3 96 0.0.0.0:5060
Identify: Frontier/Frontier
Match: 192.168.96.224/30

You can’t have the same IP address on both ends of a link. What is the IP address of the Frontier interface on your firewall? I assume it would be 192.168.96.226, either configured statically per Frontier’s instructions, or possibly from a DHCP server in Frontier’s device.

1. Confirm that you can ping 192.168.96.225 from the firewall.
2. Confirm that you can ping 192.168.96.225 from the PBX.
3. Set External Address on the PBX to match the firewall interface address, then retest OPTIONS.

Ok I confirmed that I can ping the address from the firewall and the pbx and set external address to the firewall interface.
Here is what I have now also provided the wire shark results from Frontier.

Frontier Wire Shark Results

  time           Source      Destination    Protocl Length      Info

1 0.000000 192.168.96.225 192.168.96.226 SIP/SDP 1257 Request: INVITE sip:[email protected]:5060 |
2 0.499034 192.168.96.225 192.168.96.226 SIP/SDP 1257 Request: INVITE sip:[email protected]:5060 |
3 1.499034 192.168.96.225 192.168.96.226 SIP/SDP 1257 Request: INVITE sip:[email protected]:5060 |
4 3.178991 192.168.96.225 255.255.255.255 UDP 46 37204 → 10001 Len=4
5 3.179998 192.168.96.225 255.255.255.255 UDP 189 57393 → 37204 Len=147
6 3.499034 192.168.96.225 192.168.96.226 SIP/SDP 1257 Request: INVITE sip:[email protected]:5060 |

Asterisk Log File

[2023-08-31 10:53:39] VERBOSE[2582] res_pjsip_logger.c: <--- Transmitting SIP request (430 bytes) to UDP:192.168.96.225:5060 --->	

93625 OPTIONS sip:192.168.96.225:5060 SIP/2.0
93626 Via: SIP/2.0/UDP 192.168.96.226:5060;rport;branch=z9hG4bKPje87faffa-496b-42d8-9826-e78e7fbc8671
93627 From: sip:[email protected];tag=9e4058e4-eaf5-4082-aa87-6da473530e4b
93628 To: sip:192.168.96.225
93629 Contact: sip:[email protected]:5060
93630 Call-ID: d9973322-1c52-4433-94a7-90617502e176
93631 CSeq: 1226 OPTIONS
93632 Max-Forwards: 70
93633 User-Agent: FPBX-16.0.40.4(18.19.0)
93634 Content-Length: 0

Endpoint: Frontier Unavailable 0 of inf
Aor: Frontier 0
Contact: Frontier/sip:192.168.96.225:5060 d020a302ba Unavail nan
Transport: 0.0.0.0-udp udp 3 96 0.0.0.0:5060
Identify: Frontier/Frontier
Match: 192.168.96.224/30

The Frontier capture shows an attempted incoming call, where the INVITEs were sent to the correct address but there was no response from the PBX. There are three likely possibilities: Your firewall was not properly set to forward UDP port 5060 from the Frontier interface to 192.168.2.200, Windows Firewall or other Hyper-V setting is blocking it, or FreePBX Firewall (or other iptables rules) is blocking it.

Run Wireshark on the Windows host (it captures ahead of any firewall rules), attempt an incoming call and see whether the INVITEs appear. If not, trace the path through your hardware firewall. If yes, check with sngrep or tcpdump on the PBX.

The OPTIONS packet sent from the PBX looks perfect, so I don’t know why it is not getting a response. You can check with Wireshark on the Windows host (outgoing packets are after Windows Firewall, incoming packets are before) and/or on the hardware firewall WAN interface, using whatever packet capture capability is has.

Thanks Again I sent the test from them prior to making firewall changes in router here is what they sent me today

The situation looks better, but still seeing issues.

1. Can successfully ping the client’s IP now.

MR01_Forreston.Mutual.car01.dklb.il#ping 192.168.96.226 source 192.168.96.225

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.96.226, timeout is 2 seconds:

Packet sent with a source address of 192.168.96.225

!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

2. Also see SIP OPTIONS messages from the clients PBX, and the FTR Cisco is responding :

Sep 1 13:31:34.671: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

OPTIONS sip:192.168.96.225:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.96.226:5060;rport;branch=z9hG4bKPje5d78ed1-5257-4a78-920e-ef384319c569

From: sip:[email protected]:5060;tag=e2f94900-b13b-4d82-a6e4-7499a531eeda

To: sip:192.168.96.225

Contact: sip:[email protected]:5060

Call-ID: ed00ecd9-3e61-4607-8e7f-80f5414bef36

CSeq: 54831 OPTIONS

Max-Forwards: 70

User-Agent: FPBX-16.0.40.4(18.19.0)

Content-Length: 0

Sep 1 13:31:34.672: //519345/A8A6C3B5B02C/SIP/Msg/ccsipDisplayMsg:

Sent:

SIP/2.0 200 OK

Via: SIP/2.0/UDP 192.168.96.226:5060;rport;branch=z9hG4bKPje5d78ed1-5257-4a78-920e-ef384319c569

From: sip:[email protected]:5060;tag=e2f94900-b13b-4d82-a6e4-7499a531eeda

To: sip:192.168.96.225;tag=E7371DD8-404

Date: Fri, 01 Sep 2023 13:31:34 GMT

Call-ID: ed00ecd9-3e61-4607-8e7f-80f5414bef36

Server: Cisco-SIPGateway/IOS-15.5.2.S2

CSeq: 54831 OPTIONS

Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER

Allow-Events: telephone-event

Accept: application/sdp

Supported: 100rel,timer,resource-priority,replaces,sdp-anat

Content-Type: application/sdp

Content-Length: 381

v=0

o=CiscoSystemsSIP-GW-UserAgent 9046 5005 IN IP4 192.168.96.225

s=SIP Call

c=IN IP4 192.168.96.225

t=0 0

m=audio 0 RTP/AVP 18 0 8 9 4 2 15 3

c=IN IP4 192.168.96.225

m=image 0 udptl t38

c=IN IP4 192.168.96.225

a=T38FaxVersion:0

a=T38MaxBitRate:9600

a=T38FaxRateManagement:transferredTCF

a=T38FaxMaxBuffer:200

a=T38FaxMaxDatagram:320

a=T38FaxUdpEC:t38UDPRedundancy

3. However, SIP OPTIONS and calls sent to the client PBX are not getting a response.

Session Initiation Protocol (OPTIONS)

Request-Line: OPTIONS sip:192.168.96.226:5060 SIP/2.0

Message Header

Via: SIP/2.0/UDP 192.168.96.225:5060;branch=z9hG4bKBF44C

From: sip:192.168.96.225;tag=E742D339-2003

To: sip:192.168.96.226

Date: Fri, 01 Sep 2023 13:44:02 GMT

Call-ID: [email protected]

[Generated Call-ID: [email protected]]

User-Agent: Cisco-SIPGateway/IOS-15.5.2.S2

Max-Forwards: 70

CSeq: 101 OPTIONS

Contact: sip:192.168.96.225:5060

Content-Length: 0

Test call to 8159382000 – not getting a response:

Sep 1 13:23:27.882: //519256/921DFA83AFCD/SIP/Msg/ccsipDisplayMsg:

Sent:

INVITE sip:[email protected]:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.96.225:5060;branch=z9hG4bKB82241

Remote-Party-ID: sip:[email protected];party=calling;screen=no;privacy=off

From: sip:[email protected];tag=E72FFC7F-2640

To: sip:[email protected]

Date: Fri, 01 Sep 2023 13:23:27 GMT

Call-ID: [email protected]

Supported: 100rel,timer,resource-priority,replaces,sdp-anat

Min-SE: 1800

Cisco-Guid: 2451438211-1208029678-2949496517-2088712731

User-Agent: Cisco-SIPGateway/IOS-15.5.2.S2

Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER

CSeq: 101 INVITE

Timestamp: 1693574607

Contact: sip:[email protected]:5060

Expires: 180

Allow-Events: telephone-event

Max-Forwards: 62

Content-Type: application/sdp

Content-Disposition: session;handling=required

Content-Length: 299

v=0

o=CiscoSystemsSIP-GW-UserAgent 7190 4498 IN IP4 192.168.96.225

s=SIP Call

c=IN IP4 192.168.96.225

t=0 0

m=audio 8710 RTP/AVP 0 18 101

c=IN IP4 192.168.96.225

a=rtpmap:0 PCMU/8000

a=rtpmap:18 G729/8000

a=fmtp:18 annexb=no

a=rtpmap:101 telephone-event/8000

a=fmtp:101 0-15

a=ptime:20

1. It shows that the physical link is working and the WAN interface on the firewall is properly configured, but not much else, because it’s the firewall, not the PBX, that is answering the ICMP echo request.

2. Good, but is the PBX receiving and processing the responses? At the Asterisk command prompt, check whether ‘pjsip show endpoints’ shows the trunk as Available. If not, find out why. If the responses are seen by pjsip logger, there should be entries in the Asterisk log showing why they are being rejected. If not seen by pjsip logger, check at various points in the chain to see where they are being lost. Make sure that any SIP ALG in the firewall is disabled.

3. If (2) is fixed and (3) is still causing trouble, confirm that UDP port 5060 is properly forwarded in the firewall. If you can’t spot the problem, capturing traffic on the Windows interface and on the PBX virtual interface should show who’s blocking the traffic.

4. If after fixing all of the above, incoming calls still get no response, check the Asterisk log for related errors. If nothing there, check whether the INVITEs are seen by sngrep or tcpdump on the PBX.

Sorry for the delay but was working more on the router end and still am stumped.
Here are the results from the router interface and wireshark results.
ROUTER CAPTURE ON ETH11

Router capture on eth11 ip address 199.168.96.226 gateway 199.168.96.225
parrishpc@EdgeRouter-12:~$ show interfaces ethernet eth11 capture
Capturing traffic on eth11 …
11:29:32.469904 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:29:36.470069 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:29:40.470300 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:29:44.471165 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:12.968609 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:13.468673 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:14.468661 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:16.468832 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:17.976705 ARP, Request who-has 199.168.96.225 tell 199.168.96.226, length 28
11:30:17.977198 ARP, Reply 199.168.96.225 is-at 80:2d:bf:70:c2:50, length 46
11:30:20.468878 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:24.468186 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:28.468292 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:32.468241 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:36.468695 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:40.468808 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:30:41.496703 ARP, Request who-has 199.168.96.225 tell 199.168.96.226, length 28
11:30:41.497177 ARP, Reply 199.168.96.225 is-at 80:2d:bf:70:c2:50, length 46
11:30:44.468503 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:12.968724 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:13.468837 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:14.468244 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:16.468394 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:17.976703 ARP, Request who-has 199.168.96.225 tell 199.168.96.226, length 28
11:31:17.977227 ARP, Reply 199.168.96.225 is-at 80:2d:bf:70:c2:50, length 46
11:31:20.468098 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:24.468094 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:28.469051 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:32.469544 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:36.470136 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:40.470915 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
11:31:41.496700 ARP, Request who-has 199.168.96.225 tell 199.168.96.226, length 28
11:31:41.497217 ARP, Reply 199.168.96.225 is-at 80:2d:bf:70:c2:50, length 46
11:31:44.470365 IP 192.168.2.200.5060 > 199.168.96.225.5060: SIP: OPTIONS sip:199.168.96.225:5060 SIP/2.0
^

WIRE SHARK SIP RESULTS
sip
626 8.369342 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
653 8.869682 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
754 9.869300 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
828 11.869343 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
991 15.868865 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1164 19.699654 192.168.2.200 192.168.2.151 SIP 467 Request: OPTIONS sip:[email protected]:5060 |
1165 19.705350 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
1168 19.869125 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1519 23.868948 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1725 27.868783 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1853 28.812800 192.168.2.200 192.168.2.150 SIP 467 Request: OPTIONS sip:[email protected]:5060 |
1854 28.817062 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
2051 31.868813 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2458 35.868689 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2650 39.868886 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5068 68.369750 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5096 68.870111 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5147 69.869456 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5214 71.869504 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5419 75.870186 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |

WIRE SHARK SCR RESULTS 199.168.96.225

ip.src==199.168.96.225
no packets recived

WIRE SHARK DST RESULTS 199.168.96.225

ip.dst==199.168.96.225

11787 128.869148 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
991 15.868865 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1168 19.869125 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1519 23.868948 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1725 27.868783 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2051 31.868813 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2458 35.868689 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2650 39.868886 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5068 68.369750 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5096 68.870111 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5147 69.869456 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |

ip.src==199.168.96.226
no packets recived

WIRE SHARK DST RESULTS 199.168.96.225

ip.dst==199.168.96.226
no packets recived

WIRE SHARK DST RESULTS 192.168.2.200 PBX

ip.dst==192.168.2.200

1165 19.705350 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
1854 28.817062 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
8281 79.704232 192.168.2.151 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
8996 88.815679 192.168.2.150 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
15661 139.703585 192.168.2.151 192.168.2.200 SIP 530 Status: 200 OK (OPTIONS) |
16067 148.816381 192.168.2.150 192.168.2.200 SIP 530 Status: 200 OK (OPTIONS) |
18480 199.703069 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
18927 208.815836 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
23601 259.702187 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
25822 268.816951 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
33916 319.702562 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
34719 328.815264 192.168.2.150 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
38306 379.702652 192.168.2.151 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
40039 388.814538 192.168.2.150 192.168.2.200 SIP 530 Status: 200 OK (OPTIONS) |
45787 439.701962 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
47317 448.814396 192.168.2.150 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
55576 499.701419 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
56410 508.814266 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
56581 510.237031 192.168.2.151 192.168.2.200 SIP 887 Request: REGISTER sip:192.168.2.200 (1 binding) |
56596 510.246738 192.168.2.151 192.168.2.200 SIP 888 Request: REGISTER sip:192.168.2.200 (1 binding) |
56613 510.306580 192.168.2.151 192.168.2.200 SIP 529 Status: 200 OK (NOTIFY) |
60700 559.701483 192.168.2.151 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
61464 568.814084 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
66999 619.701052 192.168.2.151 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
67592 628.813682 192.168.2.150 192.168.2.200 SIP 532 Status: 200 OK (OPTIONS) |
70003 666.760033 152.70.159.102 192.168.2.200 NTP 90 NTP Version 4, server
71055 677.724859 108.61.73.244 192.168.2.200 NTP 90 NTP Version 4, server
71549 679.699458 192.168.2.151 192.168.2.200 SIP 530 Status: 200 OK (OPTIONS) |
75525 688.813146 192.168.2.150 192.168.2.200 SIP 531 Status: 200 OK (OPTIONS) |
75980 692.680812 74.6.168.73 192.168.2.200 NTP 90 NTP Version 4, server

WIRE SHARK DST RESULTS 192.168.2.200 PBX

ip.src==192.168.2.200

626 8.369342 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
653 8.869682 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
754 9.869300 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
828 11.869343 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
991 15.868865 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1164 19.699654 192.168.2.200 192.168.2.151 SIP 467 Request: OPTIONS sip:[email protected]:5060 |
1168 19.869125 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1519 23.868948 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1725 27.868783 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
1853 28.812800 192.168.2.200 192.168.2.150 SIP 467 Request: OPTIONS sip:[email protected]:5060 |
2051 31.868813 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2458 35.868689 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
2650 39.868886 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5068 68.369750 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5096 68.870111 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5147 69.869456 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5214 71.869504 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |
5419 75.870186 192.168.2.200 199.168.96.225 SIP 473 Request: OPTIONS sip:199.168.96.225:5060 |

Where did 199.168.96.225 come from? Is there a typo somewhere that should be 192.168.96.225?

What is eth11? If that’s the connection to the SBC, the source address is wrong (the router should be doing NAT but isn’t). If it’s the connection to the PBX, that’s ok, but unless there is e.g. a cable issue, you’ll just see the same traffic as capturing on the PBX. You should capture on the SBC interface to see whether the router is behaving correctly.

that was at typo should be 199.168.96.225