[Asterisk-Users] xlite regestration fails but calls to thru
Alex Vishnev
avishnev at optonline.net
Sun Apr 3 07:37:15 MST 2005
Scott,
First, you need to get the most recent os for the pix, otherwise you will
have a lot of problems with udp packets and translations (including bad
checksum on your udp packets). I am running both pix515 and pix501 without a
problem with sip and h323. you don't need to open any ports on the pix,
because the firewall is an ALG( Application layer gateway). If you have
fixup sip enabled on the firewall (there by default), all packets entering
port 5060 is examined and rtp ports are open dynamically as needed. The same
is true for trusted calls (from inside interface) and untrusted calls (from
outside, dmz interfaces). You will need to perform "conduit permit" commands
on the public ip address of Asterisk to allow traffic from untrusted outside
interface to come to trusted inside interface on port 5060 with both tcp and
udp(all traffic is disabled by default). Please check on the exact syntax of
"conduit" permit with cisco docs. I don't believe you will need to perform
this for each RTP port, that should be done automatically by pix ALG.
Hope this helps
Alex
_____
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Scott Wolfe
Sent: Saturday, April 02, 2005 7:03 PM
To: Asterisk-Users at lists.digium.com
Subject: [Asterisk-Users] xlite regestration fails but calls to thru
While on my network I can register ok with xlite but outside my firewall my
Xlite says that regestraion has failed but I am still able to make calls
through it. I have opened ports: 5060 udp/tcp and 10000-20000 udp/tcp is
there another port Xlite needs for proper regestration? Is is this a network
configuation error on Astrisks part? My Asterisk server is running a IP of
10.0.1.x and my Cisco firewall is passing the public IP address to it from
the outside.
Thanks for any advice.
-Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050403/31bd9dfd/attachment.htm
More information about the asterisk-users
mailing list