Chris,
Wanted to give you some insight on how my Asterisk is setup behind by PIX. It works great with remote SIP UA's registering to Asterisk on the Public IP address, or behind VPN.
I have Fixup protocol enabled on TCP and UDP, just to be safe ;-) fixup protocol sip 5060 fixup protocol sip udp 5060
A Static NAT on the PIX for the public outside translating to RFC 1918 internal IP address (very important)
in my Asterisk sip.conf, I have the following relevant configuration:
externip = xx.xx.xx.xx (external IP)
nat=yes
bindaddr=xx.xx.xx.xx (RFC1918 IP)
For the user agents in sip.conf, whether or not they could register or not with success seemed to be dependant on whether I had the nat= yes/no toggled or or off. I seemed to remember this as having an identical problem to what you had until I set this correctly.
You might also try "debug sip" on the PIX and send me the debug offline. I can analyze the output and compare it against my remote UAs registering with success, and let you know how I see things differently.
Best regards, Jason O.
On Fri Jan 21 07:24:11 PST 2005, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:
Christopher wrote:
Thanks guys, really appreciate the responses. Actually I've tried the suggestions in this document with absolutely no luck at all unfortunately, and turning off fixup protocol udp sip was the key to allowing my remote phone to ring to an internal phone (when fixup is on I can see the remote phone, but it will not ring the internal phones). But no matter what the fixup featured is set to * still shows that phone as "Unreachable" and the port number as 0.
Hey Chris,
My setup is that Asterisk is on a public IP and the customer is using private IPs behind a Cisco PIX.
When we first has the sip fixup enabled, it worked just as you described. I think what what happening is as follows:
1. Phones are configured for NAT
2. Cisco PIX "handles NAT" by rewriting headers so the phone doesn't appear to be NATted (for SIP proxies that may not support natted devices)
3. Asterisk was expecting NAT headers because of nat=yes
So I left nat=yes and recommended turning sip fixup off. That seemed to work for us.
I suppose (and I'd like to try this in my lab) that perhaps setting nat to no or never and having the nat fixup could be an interesting test as well.. Does anyone out there have any experience with this?
-Brett
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
