[asterisk-users] Asterisk no audio on calls problem.

Thu Jun 17 09:21:03 CDT 2010

Hi there,

I am trying to setup a configuration that requires me to use SIP and asterisk behind a firewall and over a VPN to a remote office and with some local Phones also.

I can't use IAX to my provider because they don't offer it and my handsets ( snom 300 ) also don't support IAX so it's all SIP.

The configuration is a follows

Asterisk PBX 10.202.17.217/24 ------>| 10/100-Switch |-----> Firewall1 pfsense X.Y.Z.250 -------->ITSP Sip Porvider public internet

LocalPhones 10.202.17.1-25/24 -_---->| 10/100-Switch |-----> Firewall2 Watchguard ----->ISP internet Connection <-----Firewall3 | remote office | ----Remote User Phone 192.168.97.74/24

There is a Lan2Lan VPN tunnel between the Firewall2 and the Remote Office Firewall3
I can Ping the remote office phone from the asterisk PBX at all times.

Now I have my Sip.conf setup with externip= X.Y.Z.250
[general]
port = 5060
bindaddr = 0.0.0.0
context = default
allowoverlap=no
srvlookup = yes
: externip =
externip = x.y.z.250
localnet=10.202.17.0/255.255.255.0
qualify=yes
nat=yes
register = xxxxxxx:SipServer/xxxxxxxx
limitonpeers=yes
allowsubscribe=yes
notifyringing=yes
notifyhold=yes
useclientcode=yes
canreinvite=no

I have pfsense setup to forward ports 5060 and RTP ports over UDP back to the internal asterisk server. And a firewall rule to allow this traffic from only my ITSP SipServer.

I can make a call from any phone on the local phones network to the outside world via the SIP proxy with asterisk in the media stream ( canreinvite=no)

I can make a call from the remote user phone to a local phone or to any other phone outside the network but I don't get any audio .

If  I remove the IP address X.Y.Z.250 from the externip setting then I can call remote phone to local phones fine and get audio perfect, but I can't make any outbound calls from local to outside world via my ITSP.

Do I need to setup a STUN server to tell the remote Phones that Asterisk is not on the Public address but rather on the LAN address accessible via the VPN?

Or should I put a second Network Adapter in the Asterisk PBX and Setup Iptables on this removing the firewall from the equation ?

I could send all users to the Public Address X.Y.Z.250 but I want to limit by IP address what is allowed in on this and the remote user has a dynamic IP address on their internet connection. So I want to leave this to the last resort.

Has anyone any suggestions?

Thanks
Albert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100617/7b4e0ef4/attachment.htm 