[Asterisk-Users] Problem with multiple phones behind firewall

Harold Workman hworkman at cytelcom.com
Wed Jul 14 06:07:07 MST 2004


asterisk-users-admin at lists.digium.com wrote:
> Do you have these values set?
> 
> externip
> localnet
> localmask
> 



My Asterisk Is actually on a public IP Address, but I do have externip
configured

externip =  64.72.x.x
;localnet =  0.0.0.0
;localmask = 0.0.0.0





> -----Original Message-----
> From: Harold Workman [mailto:hworkman at cytelcom.com]
> Sent: Tuesday, July 13, 2004 1:25 PM
> To: asterisk-users at lists.digium.com
> Subject: [Asterisk-Users] Problem with multiple phones behind firewall
> 
> Hi,
> 
> I am having a problem when I add multiple phones behind a Symmetric
> Firewall.  Heres my situation.
> 
> 
> 11am - Phone A registers with *
> 11:01am - test call to Phone A.  Call works fine.
> 11:02am - Phone B registers with *
> 11:03am - test call to Phone A fails, test call to phone B works fine.
> 11:04am - test call from Phone A to Phone B and vice versa works fine.
> 11:05am - Phone A re-registers with *.  Test call to Phone A works
> fine now.
> 
> 
> 
> This happens on almost all occasions.  When I see one phone register
> behind a firewall, i then see the "Retransmitting #5 (NAT):" messages,
> until I received the "Jul 13 15:11:09 WARNING[1133718080]:
> chan_sip.c:673 retrans_pkt: Maximum retries exceeded on call
> 0576f80274aebde8796e5d4b2444c2a9 at 64.72.107.10 for seqno 102
> (Non-critical Request)"
> 
> 
> I have nat=yes in my sip.conf file.  I have tried using the qualify
> command, but I have never been able to get it to work behind a
> symmetric firewall to both a unknown sip phone and xlite.
> The moment I turn on qualify, I see the Options request sent out, and
> on the client see the options request, but I never see a response on
> * from the clients.
> 
> 
> 
> Here is what my sip.conf looks like...
> 
> 
> [general]
> port = 5060
> bindaddr = 64.72.107.10
> context = exten
> maxexpirey=3000
> defaultexpirey=300
> disallow=all
> allow=alaw
> allow=ulaw
> 
> [123456]
> type=friend
> secret=k3v1n
> nat=yes
> canreinvite=no
> host=dynamic
> dtmfmode=rfc2833
> context=cytelmain
> 
> [789012]
> type=friend
> secret=cytel
> nat=yes
> canreinvite=no
> host=dynamic
> dtmfmode=rfc2833
> context=cytelmain
> 
> 
> 
> What else is there for me to try to resolve my NAT problem with
> multiple users behind a symmetric firewall?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 2976 bytes
Desc: not available
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20040714/31a5ab80/winmail.bin


More information about the asterisk-users mailing list