Why do some firewall work and other do not?

I have a Cisco ISA500w no port forwarding and I’ve tested it with SIP AGL on and off and it just works. I have 10 SIP phones, 2 SIP Gateways, PBXs from Panasonic, IAX trunks and IP trunks all working just fine.

But they stopped selling it and I need a new firewall/router to use.
I tried the Cisco RV120W and I get registered, but one way audio, no incoming audio. No need to check any setting as the phone will work with the ISA router.

What is in the ISA that allows it to NAT SIP so well and why can’t I find it as an option? I want to buy the new model with this option in it?

Any thoughts?
Anyone else using the ISA500 or 570 routers?

It somes down to how they handle sessions and natting. Cisco does SIP in their offerings so it makes sense they would handle things properly and automagically.

With any firewall I would look to see if they have sip stuff in the settings as some to QoS too. Outside of that it is just a matter of SPI and NAT settings.

Hi Posi,

I also have an issue with ISA(tmg 2010) see my post "freepbx 11 no audio.

I havent found a solution yet, but I think a goid start would be to check out rtp debug and see what the output is. If you’re not familiar on how to do it, here is a quick ref.

log into cli with ssh
type asterisk -r
enter
type set rtp debug on
enter

  1. Simulate an incoming call 7777 and check results
  2. Call from outside to your freepbx and check results. This may make you aware of where the problem resides.
  3. Rtp timeout perhaps? Check the logs and see if you can find something. Also post your configs perhaps someone sees something that needs an update. Also perhaps some network details.

I need to check that out.
It’s there a list of router that respects SIP traffic.

Anyone use PFsence firewalls?

if you want to stay with cisco, their asa’s work fine, if you want to go cheap then the rvxxx series works well as long as you have the latest firmware and know how to use the hidden screens to change the udp session timers. all the newer sonic walls work fine (the old ones worked fine too as long as they had the enhanced firmware). i have also used the cisco isr (2900), juniper, edgemarc is great as it is designed as a session border controller. i have made dlink crap work, netgear for the most part works.

I have edegwate SBC but they don’t support terminating IPSEC tunnels, so I’m looking for a firewall that supports SIP phones. Many devices connecting over port 5060 and NATing correctly. Like NAT does for port 80 traffic.
So I found the ISA500 and I couldn’t believe they just work out of the box
I have a Cisco RV120w and the RV042 at my feet and would like to see if I can make them work.
How to you get “enhanced firmware” is this Cisco engineering software or something else?
How do you get to the hidden screens and what are you changing for the UPD packets?

I have used several DDWRT based routers all with much success. Pick a router from their database and install the firmware. Do whatever port forwarding you need and they just work. Just my 2 cents

um with Edgewater are you using. i use IPsec tunnels with them all the time. a little quirky (like everything about the Edgewater routers) to setup but they do work.

the enhanced firmware i mentioned is only applicable to old sonicwalls - you used to be about to buy a version with the basic firmware but if you needed extra features you had to upgrade to the enhanced firmware. i think all new sonicwalls have just one firmware version these days.

the hidden screen on the rvxx router - https:///f_general_hidden.htm - put the ip address of the router after the first two //
example:
https://192.168.1.1/f_general_hidden.htm