Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 8487 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mitel SIP with no NAT proxy.

RichardCook

Hello Everyone!

I have an SG310 that I am about to throw out the window.

It really isn't any fault of the Sophos but my stupid PBX.

The issue : Calls aren't flowing correctly.
The cause : RTP packets contain internal addresses
The fix: Sip ALG! but sophos doesn't really have that.

So to break the issue down.

We have 3 pieces

A Mitel 3300
Sophos SG310 (latest firmware)
Intelepeer SIP Providers

Mitel is crap about how it handles PBX connections, the 3300 just initiates the session then throws it to a phone which then initiates a session.
This leads to NAT issues.

With the help of Intelepeer (who has nat sensitive settings) I have managed to beat the heck out of the sophos rules and get inbound and outbound calls working.

The problem is that calls can't transfer. For Intelepeer to deal with NAT it has to either have a IP that never changes or a Port that never changes (per call).

When the mitel 3300 tries to hand off the call the SIP connection dies.

So the question becomes... How the hell is something like this supposed to work.



This thread was automatically locked due to age.
  • 0

    Hi, Richard, and welcome to the UTM Community!

    I'm not familiar with Intelepeer, so I don't understand what it does.  Google site:community.sophos.com mitel, and you will see that others have made this work with MitelPBXs.  If your reseller has technically competent SCA/UTMs, they should be able to get you fixed up,

    Then again, AlleynsITSupport posted a comment yesterday about what might be a similar problem where the Mitel contractor was at fault.

    Cheers - Bob

  • 0 in reply to BAlfson

    Well the mitel contractor is an idiot but we are tied to them for a bit. 

    Intelepeer is a SIP Trunk Provider, they just do the outside connections. 

    As far as this issue goes it really isn't anywhere near Alleyns. 

    I used 2 of my support hours on it yesterday and got nowhere. 

    Basically the issue comes down to the Sophos needing to be SIP aware and rewite not only the headers of the packet but also the internal information on the packet for SIP. Sorta like the Cisco ALG.