<div>Bob, you're dealing with a double NATted environment with both your Asterisk server and phones behind firewalls. Personally I think this is going to do nothing but give you headaches. I would add a 2nd NIC card to your asterisk server and assign it a public IP address. Now just have your softphones and hardphones register to the public IP address. You will still need to set nat=yes for those remote extenstions in users.conf</div>
<div> </div>
<div>I'm sure others will chime it that this a major security risk but if you use iptables to block all ports except those required by asterisk (SIP, IAX, & RTP) and set secure sip passwords you should be ok.<br>
<br></div>
<div class="gmail_quote">On Thu, Apr 2, 2009 at 2:57 PM, Bob Crandell <span dir="ltr"><<a href="mailto:bob@assuredcomp.com">bob@assuredcomp.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>I have NAT=yes through out.<br>I have both externip and localnet set.
<div>
<div></div>
<div class="h5"><br><br>On Thu, 2009-04-02 at 00:03 -0700, Marvin Whitfield wrote:
<blockquote type="CITE"><pre>Bob,
Definately a NAT issue. Had the same issues when I first started
setting up remote extensions. Look in your sip.conf for externip=...
and localnet=.... You'll use the to tell asterisk what's internat and
what's external. Also remember to at NAT=yes to extensions that will
be remote. The last thing you might need to modify is your firewall
and phone settings. These vary widely by manufacturer but the general
idea is that you need asterisk to be able to reach the phone that will
be behind a NAT firewall so you'll probably need to forward some ports
or configure the phone to keep the connection alive. Hope that helps.
--
Marvin
On 4/1/09, Matt Brown (HC) <<a href="mailto:matt@mbrown.co.uk" target="_blank">matt@mbrown.co.uk</a>> wrote:
> Hi Bob,
>
>> Hi guys,
>>
>> I've been testing softphones in Windows and SuSE. From outside the
>> office, I can make a call to a different extension and to an outside
>> number but neither the caller nor the callee can hear anything. I
>> thought I was being stupid until I bought a Grandstream GXP 2020
>> which wouldn't speak to me either from outside the office. It does
>> work inside the office. I tested the softphone inside the office
>> and it works too. Ok so it's the firewall. I have port 5060 UDP
>> and 10001-20000 UDP open and pointed to the Asterisk box. What am I
>> missing? I'm getting so close to being able to go live with this
>> thing.
>>
>
> Just double check the /etc/asterisk/rtp.conf to make sure port range
> being used is correct. In addition I agree with Matt that it sounds
> like a NAT issue. Take a peek at sip.conf or users.conf for the
> extension in question and check nat=yes is set for that user/extension.
>
> Regards
>
> Matt Brown
>
> _______________________________________________
> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com/" target="_blank">http://www.api-digital.com</a>--
>
> asterisk-gui mailing list
> To UNSUBSCRIBE or update options visit:
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-gui" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-gui</a>
>
</pre></blockquote></div></div></div><br>_______________________________________________<br>--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--/" target="_blank">http://www.api-digital.com--</a><br>
<br>asterisk-gui mailing list<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-gui" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-gui</a><br></blockquote>
</div><br>