When you have a SIP Trunk via SIP registration instead of IP-based authentication - are you still required to forward ports from your firewall to the freepbx (udp/5060 & udp/10000-20000 [assuming you are using the default ports])?
No argument here, it depends on your router as Scott says, pragmatically do what works. Forwarding specifically will not do any harm either way but will save many users angst.
I figured I didn’t need to as am pretty sure last time I played around with a sip trunk (about a year or so ago), I don’t recall opening any ports on the firewall (ASA 5505)… and I’m using the same firewall however last time was a trixbox installation.
Well, I’ve clearly screwed something up this time around as am having issues with inbound calls connecting with no sound on either side and logs show the “Retransmission timeout reached on transmission” message… I know smells of NAT/RTP misconfiguration and surely I’ve done the NAT wrongly but from my understanding (which is most likely wrong), I haven’t… I think.
NAT: Yes
IP Configuration: Static IP
External IP: 8.8.8.8
Local Networks:
192.168.100.0 / 255.255.255.0 ; Office
192.168.101.0 / 255.255.255.0 ; VPN to office
192.168.40.0 / 255.255.255.0 ; Other office
192.168.200.0 / 255.255.255.0 ; Other office
Do I need to tweak something else or have I just simply done incorrectly?
Check the UDP time outs on the firewall vs the ones on the server- with Sonicwall, the timeouts are 30 seconds but Asterisk uses 60 seconds, so the firewall closes the connection while the server thinks it should still be open. Fun ensues.
Also make sure consistent NAT is in place so the firewall doesn’t switch ports on the next renewal.