I was trying to configure a SIP trunk on our 3CX (v15 SP3) VoIP system in its own VLAN.
To separate the traffic I have created a new additional IP address on our Internet interface, also created an external (public) DNS entry and wanted to send out all VoIP traffic to the Internet using this additional IP address.
I have created the following...
- the VLAN on the LAG (SG230 on v9.407-3 with 2x 10GBE) and an interface with an IP address in this VLAN
- the host definition for the 3CX system
- a masquerading entry to mask this host via the Internet uplink's additional IP address (at the top)
- several NAT entries for SIP and RTP
- VoIP -> SIP is not enabled as it doesn't give me the opportunity to route the traffic through an additional IP address on the interface
While RTP is being sent out via the additional IP address, SIP is being sent out via the primary IP address of the Internet uplink.
And since SIP is being sent out via the primary IP address the SIP trunk provider sends their RTP back to the primary IP address, too.
I can see the SIP packets using TCPDUMP on the UTM going out using the wrong IP address and RTP from the provider coming in on the wrong address.
As a workaround I have changed the NAT rule for incoming RTP packets to forward the ones coming in on the primary IP address - and it works fine.
Is it possible that this is a bug, or just a limitation I didn't know of?
This thread was automatically locked due to age.
