[Asterisk-Users] Asterisk behind firewall and IAX

Rich Adamson radamson at routers.com
Mon Mar 22 19:46:35 MST 2004


> I have my Asterisk server behind a Cisco firewall.  I am trying to set up IAX
> but I cannot work out which ports I need to open up on my firewall.  I have
> opened 4569, 5036, and 5060 but IAX calls will not proceed unless I turn off
> all access lists on the firewall.
> 
> I have searched all the Asterisk documentation but cannot find the answer.

Depends on how you've set up asterisk...

using iax: open udp 5036
using iax2: open udp 4569 (most common)
 (not sure whether iax or iax2, open both)
using sip: need more info...
  a. sip uses udp 5060 to set up a call, and,
  b. other udp ports (generally above 16,000) to transport the voice (rtp
     protocol).
Both a and b are required for sip phones to function.

The sip protocol is used to negotiate the rtp ports. Some firewalls are
aware of the sip protocol and will monitor that port negotiation while
other firewalls do not. It's my understanding (although possibley incorrect)
that certain versions of PIX do monitor the sip protocol; don't have a
clue which versions though.

Depending upon whether asterisk is behind the firewall, or a sip phone
is behind it (or both), the parameters needed within the sip.conf file
can be a little tough to get right. The exact parameters are pretty much
dependent upon your exact implementation, and a packet sniffer (ethereal)
can be a big help.

Iax and iax2 are very straight-forward and easy to implement since they
use the same port number in both directions. Even the cheapest firewalls
can usually handle that.






More information about the asterisk-users mailing list