Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 71612 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External VOIP Phones connecting back to Office - No Audio

Dread

Morning All!

Just installed a new Panasonic NS700 phone system at the Office. It's working perfectly here onsite but I have a handset at home that is connecting to the external IP I have setup for the PABX, downloading all its settings etc I can log in and out (ie change my extension number), dial internally and externally ... but I get no audio traffic to or from the remote handset.

Now, I've setup the NAT rules for the Ports needed to be forwarded and it auto-created the Firewall Rules on my SG230. I know the remote handset is hitting the Firewall and being routed correctly to the PABX onsite because its logging in and out of the PABX, dialling and making internal calls to extensions at the Office and external calls to mobile phones etc and I can connect to the PABX's Web Console from any remote PC ... just no audio to or from the remote phone after a call is made!

Network is setup similar to (extremely brief description here):

SG230: 10.0.10.250 (vLAN 10)
Internet Connection is: 1x ADSL and 1x EoC that I have setup as Load Balanced on the SG230. I have a block of extra 4 IP's on each. I have allocated External IP address No 3 on the EoC connection to point to the Internal PABX

NS700 PABX: 10.0.30.250 (vLAN 30)
DSP Card 1: 10.0.30.251

DSP Card 2: 10.0.30.252

All my internal VOIP Phones are on vLAN 30 and getting an address off one of my Windows Servers (vLAN 10) DHCP Pools for vLAN 30

Dell 6248 is my 'Core Layer 3 Switch' with IP Helper and all my inter vLAN routing - all my vLANs are working fine across the network with no issues. Trunk Port on Switch to SG230 is untagged vLAN 10 and Tagged for ALL my other vLANs (including vLAN 30) to give them all a path to the SG230. I have put ALL the vLANS onto the SG230 pointing back to the Internal Interface ... all my internet traffic across all my vLANs is working fine.

The only issue I have is this damned audio to and from these new remote voip handsets!

I have two RTP NAT Rules, supplied by the PABX installer

1. Ports 16000:16511 to DSP1 (UDP)

2. Ports 16512:17023 to DSP2 (UDP)


I have defined both as Service Definitions on the SG230, ticked auto-create firewall rules and everything else I can think of - with no luck so far.


Any tips, pointers, advice or suggestions appreciated :)



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    Cheers for the reply Bob, apologies for the delayed reply - it was a Public Holiday here yesterday and I've only just got back in the office!

    The Firewall logs aren't showing anything at all. I sit there watching the Live Firewall logs when calls are being made and I am not seeing anything being actively dropped/blocked.

  • 0 in reply to Dread

    Actually, if you read #1 closely, you'll see that I was more interested in the Intrusion Prevention log... [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    LOL, missed that bit. Absolutely nothing at all popping in the IP logs. I just made a call to the handset at my place - nada in the IP Log and nothing dropped in the Firewall logs. 

    This is starting to drive me a little nuts! One tiny little thing somewhere is screwing it ... 

  • 0 in reply to Dread

    Yeah, it looks like there's no escape from having to use tcpdump.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I'd scour through the NAT settings on your PBX. The only reason I say this is because any SIP system I've worked with has needed these changes in order to have audio passed to external extensions. The IP's I gave in my example above obviously do not apply but there might be an equivalent option(s) for your Panasonic system and maybe even the handset as well. Much like Asterisk. You have specified the NAT - Fixed Global IP Address in the Panasonic web console?

    This might be the equivalent of asterisks "externip" option:

    Indicates the IP address that will be used as the source IP address for all SIP messages when NAT is specified.

     

    Where as my post above is about the "localnet" option

    Hosts falling within the network ranges specified by the localnet option will be excluded from any NATing efforts by Asterisk. As a result, the source IP address within the SIP requests/responses will use the internal IP address of the network interface associated with bindaddr .

  • 0 in reply to rsenio

    Thought I'd touch base with this ongoing issue. 

    I submitted an official Support Request with Sophos last week but haven't had much luck/response with Sophos other than two emails suggesting what I have already done, and showed them the screenshots for ... awaiting another response sometime tomorrow ...

    Working remotely after hours (its after midnight here now!) I've turned logging on on my Firewall Rules just to see the ACCEPTED packets, as well as the Dropped.

    When I call from my mobile to my Direct Dial Number of my phone sitting beside me it makes the call and connects fine everytime. The Firewall shows:

    1st Call  

    And I had audio ONE WAY. Speaking into my mobile it was being received on the phone extension. No audio was going from the extension back to the mobile phone. There was only this single ACCEPTED LINE referencing my IP here at home (61.68.6.236) and its going to the DSP1 card on the PABX on the 16000 Port, as its supposed to. There were no other ACCEPTED packets from my IP at all, no DROPS either.

    2nd Call  

    This call was identical to the first, audio from my mobile being received by the remote phone handset, no audio back the other way. Again, only a single ACCEPT entry in the Firewall, no DROPS.

     

    3rd Call 

    Here is a difference. This time NO audio was sent or received ON EITHER END. At all. I ended up hanging up after 20 seconds. ACCEPTED packets from my IP to the Phone System continued the whole time.

    4th Call  

    Identical to Call 3, no audio either way

    5th Call 

    Identical to Calls 3 and 4, no audio either way again, lots of accepted packets int eh log and no DROPS at all either from my IP, to my IP or to/from the PABX IP's.

    As mentioned earlier - no entries at all coming up in IPS and ATM while calls are active.


    In regards to the PABX - the only networking components I can see in the Web Admin Console are your basic set DHCP or Static, and Static is selected and the Details manually entered are:

    IP: 10.0.30.250
    Subnet: 255.255.255.0
    Gateway: 10.0.30.254 (The Dell Layer 3 Switch - same as every other vLAN)
    DNS: 10.0.10.51 and 10.0.10.52 - our two internal Windows 2016 DC's running AD, DNS, DHCP

    DSP1 Card: 10.0.30.251
    DSP2 Card: 10.0.30.252

    And thats about it ... nothing about NAT, NAT Traversal or anything else that I can see. 

    Again, any comments, suggestions, ideas etc are greatly appreciated!!!

    Hopefully Sophos will get back to me tomorrow with some suggestions that I already haven't tried!  ;)

  • 0 in reply to Dread

    Do a preentscren of the phone configuration page (hide sensitive data)

    Something its wrong because in the logs i see private IP not your external IP

  • 0 in reply to Dread

    Agreed with oldeda - the traffic is not even hitting the UTM - tcpdump would likely confirm that.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Cheers lads - I will be doing some packet tracing from the Phone System outwards shortly, just getting Wireshark installed onto a laptop ...

    I had Richard from Sophos 'remoted' in in the past hour or so going through the UTM. I showed him all my PABX and Dell 6448 Configs and settings etc and he did jump into TCPDump on the UTM and we could see the packets from my external handset hitting the firewall on the correct external IP and the Accepted Packets going to the Internal IP of the PABX and the right Port Ranges (that match the Port Forwards) - but again only from Outside In. Nothing is going from the PABX outwards according to logging ... but the annoying thing is - occasionally audio IS getting to the remote handset yet there is no DROPPED or ACCEPTED packets going through the Firewall?! Only my external IP to the Internal IP of the PABX!

    Anyways, I'll do some packet sniffing (I'll mirror the PABX's port on the switch) and see whats going out of there and where its going to to see if I can suss anything out there.

    Richard has escalated the case with Sophos Support to Level 2 - I'll report back any further progress and or findings ;)

    Cheers again for the assistance/advice so far!  ;) 

  • 0 in reply to Dread

    Have you searched in Google for your PBX "Nat Traversal" (not port forwarding etc)

    If not you are in the wrong forum

    Bye

Unfiltered HTML