[Asterisk-Users] IAX2 + Sonicwall
Francesco Peeters
Francesco at FamPeeters.com
Fri Mar 10 08:00:32 MST 2006
On Fri, March 10, 2006 14:49, Dr. Michael J. Chudobiak said:
>>> I've found that inbound IAX2 calls don't work reliably (i.e., I get a
>>> busy tone) unless I enable "Use Consistent NAT" in the Sonicwall. This
>>> feature is poorly documented by Sonicwall, so I thought I'd pass it
>>> along.
>>
>> I've used the iaxcomm softphone and a snom 200 behind serveral different
>> sonicwalls over the past year or so without any problem. The sonicwall
>> should not be a problem for iax calls at all.
>
> I think the problem occurs when an Asterisk server inside the firewall
> tries to register multiple DIDs with one IAX2 provider outside the
> firewall. The Asterisk server worked fine when it was connected outside
> the firewall.
>
> The Sonicwall TZ170s do handle SIP transformations very nicely, though,
> if your Asterisk server is outside the firewall.
>
If the persistent NAT is not enabled, the SonicWALL is allowed to change
the NATted (source) portaddress. I can imagine that changing the port on
an IAX2 connection can cause problems on inbound sessions. When Persistent
NAT is on, the SonicWALL is told to use the same portnumber as the
original request from the LAN based machine.
This can cause problems if you have multiple machines connecting to the
same remote resource as there is a 1 in (approc) 64k chance per connected
machine that it uses the same port number as another machine that already
has a session up.
The chance of it causing a screw up are small enough to be able to have it
turned on, as I have. I am not sure what the default is for new machines,
but I know older machines that were upgraded to newer firmware will be off
by default...
HTH!
(PS: It's not the only thing poorly documented by SNWL... They
unfortunately have a history of poor documentation! It *does* keep their
support agents working though, so I guess that's something! <G>)
--
Francesco Peeters
----
GPG Key = AA69 E7C6 1D8A F148 160C D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.
More information about the asterisk-users
mailing list