This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VOIP is only one way. Please help me on firewall rules especially NAT.

Daniel Papa over 8 years ago

Hi Guys,

I have a working PBX system (Alcatel) inside my SG450. Here is the connection.

Static routing between SG450 and core switch. VOIP is on 172.16.16.0/24 subnet.

SG450 >> Core Switch >> VOIP Server..

172.16.2.2/30 >> 172.16.2.1/30 >> 172.16.16.0/21 subnet for VOIP.

I have SSL VPN pool on SG450 which is 172.16.200.0/22. VOIP server is 172.16.16.2

Now, i have working SSL VPNs on mobile phones. Successfuly registered it on the VOIP server. When I call either from outside (remote SSL VPN user) calling in, or inside calling out (remote SSL VPN Users), I can here the person inside the network, but they cannot here me (SSL VPN user).

I was asked to enable NAT Traversal, but Sophos does not have it.

Can you tell me how should I fix this NAT problem? Thanks.

Rgds,

Dan

This thread was automatically locked due to age.

Parents

0 rsenio over 8 years ago

One way voice issue? Check my response here.

https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/80754/allowing-remote-worker-to-use-voip-pbx-via-vpn

In your case it sounds like you need to add the subnet 172.16.16.0/21 to your one of your sip configuration files
Cancel
Vote Up 0 Vote Down

Cancel
0 Daniel Papa over 8 years ago in reply to rsenio

Hi rsenio,

I'll check with my voip guy. It's a ALE omni pcx box. I downloaded the voip config from the server through vpn so im sure server can see remote user. Problem is ssl users cannot be heard during a call. Do i need some firewall rules set?

Rgds,

Dan
Cancel
Vote Up 0 Vote Down

Cancel
0 apijnappels over 8 years ago in reply to Daniel Papa

You'll most likely need to have firewall rules for all RTP traffic ports that the VOIP server is using. Have you also looked at the Voip settings inside Webadmin?

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 8 years ago in reply to Daniel Papa

You'll most likely need to have firewall rules for all RTP traffic ports that the VOIP server is using. Have you also looked at the Voip settings inside Webadmin?

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data