SIP Trunk via SIP registration - Forwarding Firewall Ports?

DungeonMaster3000 · November 14, 2012, 5:47pm

Asterisk: 1.8.15.0
FreePBX: 2.10.58

Hello All,

When you have a SIP Trunk via SIP registration instead of IP-based authentication - are you still required to forward ports from your firewall to the freepbx (udp/5060 & udp/10000-20000 [assuming you are using the default ports])?

Thanks,
Tarran

SkykingOH · November 14, 2012, 6:41pm

No, you should not have to with most modern firewalls.

I am sure Dicko is going to argue but look at it this way, if you plug a Vonage or net2phone adapter in at your house do you have to open ports?

As long as the keepalive frequency is set right you should be fine.

dicko · November 14, 2012, 6:10pm

yes

dicko · November 14, 2012, 6:54pm

No argument here, it depends on your router as Scott says, pragmatically do what works. Forwarding specifically will not do any harm either way but will save many users angst.

DungeonMaster3000 · November 22, 2012, 10:35am

I figured I didn’t need to as am pretty sure last time I played around with a sip trunk (about a year or so ago), I don’t recall opening any ports on the firewall (ASA 5505)… and I’m using the same firewall however last time was a trixbox installation.

Well, I’ve clearly screwed something up this time around as am having issues with inbound calls connecting with no sound on either side and logs show the “Retransmission timeout reached on transmission” message… I know smells of NAT/RTP misconfiguration and surely I’ve done the NAT wrongly but from my understanding (which is most likely wrong), I haven’t… I think.

NAT: Yes
IP Configuration: Static IP
External IP: 8.8.8.8
Local Networks:
192.168.100.0 / 255.255.255.0 ; Office
192.168.101.0 / 255.255.255.0 ; VPN to office
192.168.40.0 / 255.255.255.0 ; Other office
192.168.200.0 / 255.255.255.0 ; Other office

Do I need to tweak something else or have I just simply done incorrectly?

DungeonMaster3000 · November 16, 2012, 8:40am

Anyone? Any guidance will greatly appreciated.

demani · November 16, 2012, 4:59pm

Check the UDP time outs on the firewall vs the ones on the server- with Sonicwall, the timeouts are 30 seconds but Asterisk uses 60 seconds, so the firewall closes the connection while the server thinks it should still be open. Fun ensues.

Also make sure consistent NAT is in place so the firewall doesn’t switch ports on the next renewal.

DungeonMaster3000 · November 17, 2012, 8:45am

thanks, I’ll give that a try and let you know.