Re: [asterisk-users] Cisco 7960 become UNREACHABLE behind pix firewall

2010-03-28 Thread Warren Selby 
On Mon, Mar 29, 2010 at 12:25 AM, Troy Davis  wrote:

>
>> sip fixup is enabled on the PIX
>>
>
>
Try disabling the sip fixup on the PIX and see if that helps.  You may have
to adjust the configs on the phones themselves when you do this.

-- 
Thanks,
--Warren Selby
http://www.selbytech.com
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Cisco 7960 become UNREACHABLE behind pix firewall

2010-03-28 Thread Troy Davis 
>
> I have about 10 Cisco 7960s behind a PIX 506E (IOS v6.3) firewall.
> After some period of time, asterisk says that some of them are
> unreachable, and the phones lose their registration.
> The only way to make the phones recover is to clear the NAT
> translation tables for the phones on the PIX (clear xlate...)
> Does anyone know how to fix this? As you can imagine, it is quite
> annoying. And it does not happen to all the phones either.
>
> sip fixup is enabled on the PIX
>

Are you able to TFTP new phone configs?  Assuming so, and it's for only 10
phones, try decreasing the registration time.  I've got a 7960 on my desk
and documented it with a TFTP-ready config:
http://help.cloudvox.com/faqs/sip-phones/cisco-7900-ip-phone

It's at the end, commented out.  I don't think that config's been used much
- most Cloudvox folks are just using SIP to test their AGI apps, not as
primary phones.

If you want another data point that still crosses your NAT boundary, feel
free to sign up for and register with Cloudvox and see whether your
registration lasts, using that same config.  We switched to pay-as-you-go
pricing, so even the free accounts include SIP.  If your registrations to
Cloudvox also time out, it's probably the PIX.

Troy

-- 
Cloudvox  --  http://cloudvox.com/
"Asterisk in the cloud"  --  AGI, HTTP/JSON, SIP, REST, live in minutes
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Cisco 7960 become UNREACHABLE behind pix firewall

2010-03-28 Thread James Lamanna 
Alyed wrote:

> From: http://www.voip-info.org/wiki/view/Asterisk+sip+qualify
> "If you turn on *qualify* in the configuration of a SIP device in
> sip.conf,
> asterisk will send a SIP
> OPTIONScommand
> regularly to check that the device is still online. If the device
> does not answer within the configured (or default) period (in ms) Asterisk
> considers the device off-line for future calls. This status can be checked
> by the SIPPEER 
> function,
> and inversely this function will only provide status information for peers
> which have *qualify=yes*."
> My guess is that your Nat/firewall is closing the connection after some time
> the phone is idle, so this way Asterisk will make sure to always have
> communication going trhough that connection so your NAT/firewall won't just
> close it.

Sorry, should have mentioned that all these phones have qualify=yes
and nat=yes in sip.conf.

Thanks.

-- James

> On Sat, Mar 27, 2010 at 8:17 AM, James Lamanna  wrote:
>> Hi,
>> I have about 10 Cisco 7960s behind a PIX 506E (IOS v6.3) firewall.
>> After some period of time, asterisk says that some of them are
>> unreachable, and the phones lose their registration.
>> The only way to make the phones recover is to clear the NAT
>> translation tables for the phones on the PIX (clear xlate...)
>> Does anyone know how to fix this? As you can imagine, it is quite
>> annoying. And it does not happen to all the phones either.
>>
>> sip fixup is enabled on the PIX
>>
>> phone config parts:
>>
>> nat_enable : 1
>> nat_received_processing : 0
>> nat_address: [public ip of PIX]

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Cisco 7960 become UNREACHABLE behind pix firewall

2010-03-27 Thread Alyed 
From: http://www.voip-info.org/wiki/view/Asterisk+sip+qualify
"If you turn on *qualify* in the configuration of a SIP device in
sip.conf,
Asterisk will send a SIP
OPTIONScommand
regularly to check that the device is still online. If the device
does not answer within the configured (or default) period (in ms) Asterisk
considers the device off-line for future calls. This status can be checked
by the SIPPEER 
function,
and inversely this function will only provide status information for peers
which have *qualify=yes*."
My guess is that your Nat/firewall is closing the connection after some time
the phone is idle, so this way Asterisk will make sure to always have
communication going trhough that connection so your NAT/firewall won't just
close it.

try playing with qualifyfreq as well.

Let us know if it helped.

Alyed



2010/3/27 James Lamanna 

> Hi,
> I have about 10 Cisco 7960s behind a PIX 506E (IOS v6.3) firewall.
> After some period of time, asterisk says that some of them are
> unreachable, and the phones lose their registration.
> The only way to make the phones recover is to clear the NAT
> translation tables for the phones on the PIX (clear xlate...)
> Does anyone know how to fix this? As you can imagine, it is quite
> annoying. And it does not happen to all the phones either.
>
> sip fixup is enabled on the PIX
>
> phone config parts:
>
> nat_enable : 1
> nat_received_processing : 0
> nat_address: [public ip of PIX]
>
> Thank you.
>
> -- James
> (Please CC me on all replies)
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Cisco 7960 become UNREACHABLE behind pix firewall

2010-03-27 Thread James Lamanna 
Hi,
I have about 10 Cisco 7960s behind a PIX 506E (IOS v6.3) firewall.
After some period of time, asterisk says that some of them are
unreachable, and the phones lose their registration.
The only way to make the phones recover is to clear the NAT
translation tables for the phones on the PIX (clear xlate...)
Does anyone know how to fix this? As you can imagine, it is quite
annoying. And it does not happen to all the phones either.

sip fixup is enabled on the PIX

phone config parts:

nat_enable : 1
nat_received_processing : 0
nat_address: [public ip of PIX]

Thank you.

-- James
(Please CC me on all replies)

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users