The most common cause of these issues is a ‘poisoned’ NAT association in the router. It comes about as a result of a brief network outage or an IP address change. The aggressive retries in the PBX and/or the qualify (OPTIONS) probes keep the bad association alive, so registration continues to fail.
To confirm this, when you have the trouble, shut down the PBX, wait 10 minutes, then bring it up again. If it registers ok, that’s your issue. You can fix it by setting the qualify frequency and registration retry intervals to 20 minutes each. Or, if the router supports it, set a short ‘unassured’ UDP timeout and a longer assured one.
If your trouble is something else, please report how the registration fails (no response, fails to authenticate, etc.). Also, do you have a way to capture traffic on the router’s WAN interface to see whether it is misbehaving? Or, do you have an alternate modem to try?
It is not surprising that the softphone works when the PBX doesn’t. It has a different IP address (and possibly a different local port), so the router is creating a separate NAT association.
Thank you for replying. The WAN is a single static IP, FreePBX and HW phones are on static IP outside DHCP address pool. The router and ISP logs do nor show an Internet outage.
Thank you for your reply. As far as the IPS and the router logs are concerned no Internet outage is recorded. A ‘poisoned’ NAT would account for the fairly regular occurrence, I’ll investigate your suggestions. It may take two or three weeks for the next failure to occur
I haven’t found ‘unassured’ UDP in Zyxel but of course it could be under a different guise.
Would it be feasible and safe to bypass NAT (I thing one IP can be nominated DMZ) and enable FreePBX firewall instead?
