After spending a month fighting with the “FreePBX” Voice Server Application, I’ve finally gotten it to run smoothly using an old Pentium II processor with 128MB of memory and calls are “very” clear. I’m currently running it behind a CISCO 871w router I’ve had for a few years. If you’re wondering why I used such an “underpowered box,” this was my first attempt, so nothing lavish was required (i.e., dual core processors, 8GB memory, etc…).
The problem I initially ran into was that I put the PBX server behind an old (yet solid) Linksys WRV54g router; everything ran fine, to include zero conversation dropouts. If I put the box behind the 871w (using exact same Peer Details Configs) conversation on my two configured trunks dropped. The issue turned out be the “sip_nat.config” file in FreePBX. Apparently, the 871w is considered to run a “symmetrical firewall” whereas the Linksys didn’t (non-symmetrical). In short the Linksys let’s “damn near everything” through the front door whereas the CISCO does not. Yeah, jury is out on that explanation 
Anyhow, below are the steps I took to correct the issue:
Sip_nat.conf:
nat=yes
canreinvite=no
srvlookup=yes
externip=74.xxx.xxx.xxx (Your ISP Assigned IP Address)
localnet=172.16.3.0/255.255.255.0 (Your Local LAN IP Address)
Initially, I had “nat,” “externip,” “externrefresh,” and “localnet” in this directory, but once I removed “externrefresh” and added the above settings to sip_nat.config, call dropping.
Here’s the process I followed (CISCO 871w router was used for the below port forwarding):
Step 1 - Create Access List (Port Range Forwarding Method):
access-list 130 permit udp any any range 8000 8766
access-list 130 permit udp any any range 10000 20000
NOTE: Ports 5000 - 5084 are open/transmitting “without” any direct configuration; if needed, just add the range as an additional access-list statement:
access-list 130 permit udp any any range 5000 5084 (optional)
I found an old post by David Davies (a router guy) that shed some light on using the “port range forwarding” option. Man, that cuts down on typing, I’m here to tell you
Step 2 - Create Route-Map:
route-map freepbx permit 1
match ip address 130 (This line refers to the access-list created in the step 1)
Step 3 - Apply “One-to-One” NAT Mapping With Route-Map:
ip nat inside source static [internal ip] [external ip] route-map freepbx
Here’s a better example of the above:
ip nat inside source static 172.16.3.4 74.55.43.3 route-map freepbx
The above statement tells the router to create a “one-to-one” mapping from the “internal ip address” of your PBX server to your “external ip address” assigned to you by your ISP, along with saying that any VoIP related issue is to be handled by the route-map statement (freepbx)
Next are the trunk settings seen below (CallCentric for Stateside Calls/VoipTalk for UK Calls):
VoipTalk Trunk/Peer Details
call-limit=5
username=818xxxx
type=peer
secret=[password]
qualify=yes
nat=yes
insecure=invite,port
host=voiptalk.org
fromuser=818xxxx
fromdomain=voiptalk.org
outboundproxy=nat.voiptalk.org
dtmfmode=inband
disallow=all
context=from-trunk
canreinvite=no
authuser=818xxxx
allow=ulaw,alaw,g729,gsm
CC Dial Patterns-1NXXXXXXXX, 011.
CallCentric Trunk/Peer Details:
username=1777xxxxxxx
type=peer
secret=[password]
qualify=yes
nat=yes
insecure=invite,port
host=callcentric.com
fromuser=1777xxxxxxx
fromdomain=callcentric.com
dtmfmode=inband
disallow=all
context=from-trunk
canreinvite=no
authuser=1777xxxxxxx
allow=ulaw,alaw,g729,gsm
CallCentric Dial Pattern - 001. , 0|Z. , 044+XXXXXXXXXX
I figured starting with a Linux distro application such as this would be a good way to “ease” into the CISCO voice certification track after I finish my CCNP.
While I’m nowhere near an expert, the last month has broadened my experience with telephony and I found “plenty” of resources to assist…
Jay Johnson