NAT issue

Status
Not open for further replies.

bcmike

Active Member
Jun 7, 2018
326
54
28
53
Hi Guys,

Disclaimer: Yes I know my test platform is weird, with that said,

Here is my setup

Public IP A and B go to pfsense firewall. Fusion PBX box and ASTPP box are behind the firewall on a private network.

Public IP A is nated to the fusion PBX box on all the appropriate ports for SIP and RTP . ASTPP is like wise nated on public IP B. The idea is to use fusion PBX as the PBX and ASTPP as the switch/mediator . A phone from the public network registers to Fusion PBX and Fusion PBX sends all calls to the outside world through the ASTPP box. The Fusion box talks to the ASTPP box on the private newtork

Everything is great, A phone registered to the Fusion box can make and take calls from the outside world except that the calls get disconnected after 31 seconds. Obviously a NAT issue. However internal calls on the Fusion box work fine and if I register a softphone from the public network to the ASTPP box it can take and make calls no problem.

Both boxes have RTP-external and SIP-external set to their respective public IPs

I've tried just about everything I can think of and I really don't want to hang the ASTPP box out on the public network.

Any suggestions would be helpful.
 

bcmike

Active Member
Jun 7, 2018
326
54
28
53
Fusion PBX = Version 1.6.20 64bit

ASTPP = Version 1.6.19 git 7a77e0b 2017-07-13 12:01:45Z 64bit
 

bcmike

Active Member
Jun 7, 2018
326
54
28
53
I emailed you the sngrep pcap if thats alright. basically the call ends because it's not getting an ACK back (408)

There's a lot of NATing going on so its not surprising.
 

bcmike

Active Member
Jun 7, 2018
326
54
28
53
Ok, after much trial and error aka learning the hard way I figured this out.

So basically ASTPP comes with only one profile out of the box. I was trying to do everything through this one profile and as a result the SIP headers would get mucked up one way or another and I'd get an ACK timeout.

The solution was to split this into to 2 profiles one external and one internal (I now see the wisdom in why fusion does this out of the box). both profiles are still behind the firewall but one is responsible for the messy NAT stuff and one is strictly for box to box communication. handing off to the internal profile normalizes the SIP headers and is working so far.

The details are too messy to sum up succinctly in a post so if anyone needs to know feel drop me a line or comment on the post and I'll do my best to explain it.
 

connectlife

New Member
Jan 25, 2020
5
0
1
34
Ok, after much trial and error aka learning the hard way I figured this out.

So basically ASTPP comes with only one profile out of the box. I was trying to do everything through this one profile and as a result the SIP headers would get mucked up one way or another and I'd get an ACK timeout.

The solution was to split this into to 2 profiles one external and one internal (I now see the wisdom in why fusion does this out of the box). both profiles are still behind the firewall but one is responsible for the messy NAT stuff and one is strictly for box to box communication. handing off to the internal profile normalizes the SIP headers and is working so far.

The details are too messy to sum up succinctly in a post so if anyone needs to know feel drop me a line or comment on the post and I'll do my best to explain it.

Hi bcmike!

Can you share the two profiles? I'm in your same situation. Thank you
 

bcmike

Active Member
Jun 7, 2018
326
54
28
53
Unfortunately I can't copy paste my profiles but I can try and describe it:

On Fusion PBX box create one profile for external phones to register to, make sure It has it's own listening port and its ext-nat settings set to the public IP. Profile two has a different listening port and is labelled internal.

ASTPP do the same setup.

On the Fusion PBX box you make your gateways register to the private IP and private profile port of the ASTPP box. On ASTPP you send the inbound traffic to the priv ip and priv profile port of the Fusion Pbx box.
 
  • Like
Reactions: connectlife

connectlife

New Member
Jan 25, 2020
5
0
1
34
first of all thank you for replying! from what i understand you are still using astpp .. did you manage to make the caller id list work on the user profile? because if I insert a list of caller id the user can still exit with all the caller id that he wants, even those that are not present in the list .. why?
 
Status
Not open for further replies.