SIP Trunk via SIP registration - Forwarding Firewall Ports?

FreePBX: 2.10.58

Hello All,

When you have a SIP Trunk via SIP registration instead of IP-based authentication - are you still required to forward ports from your firewall to the freepbx (udp/5060 & udp/10000-20000 [assuming you are using the default ports])?


No, you should not have to with most modern firewalls.

I am sure Dicko is going to argue but look at it this way, if you plug a Vonage or net2phone adapter in at your house do you have to open ports?

As long as the keepalive frequency is set right you should be fine.


No argument here, it depends on your router as Scott says, pragmatically do what works. Forwarding specifically will not do any harm either way but will save many users angst.

I figured I didn’t need to as am pretty sure last time I played around with a sip trunk (about a year or so ago), I don’t recall opening any ports on the firewall (ASA 5505)… and I’m using the same firewall however last time was a trixbox installation.

Well, I’ve clearly screwed something up this time around as am having issues with inbound calls connecting with no sound on either side and logs show the “Retransmission timeout reached on transmission” message… I know smells of NAT/RTP misconfiguration and surely I’ve done the NAT wrongly but from my understanding (which is most likely wrong), I haven’t… I think.

NAT: Yes
IP Configuration: Static IP
External IP:
Local Networks: / ; Office / ; VPN to office / ; Other office / ; Other office

Do I need to tweak something else or have I just simply done incorrectly?

Anyone? Any guidance will greatly appreciated.

Check the UDP time outs on the firewall vs the ones on the server- with Sonicwall, the timeouts are 30 seconds but Asterisk uses 60 seconds, so the firewall closes the connection while the server thinks it should still be open. Fun ensues.

Also make sure consistent NAT is in place so the firewall doesn’t switch ports on the next renewal.

thanks, I’ll give that a try and let you know.