You assume the gateway will (at&t) will handle moh, process and accept REFER, etc. They won't and an SBC of some nature needs to anchor the media accordingly. I would not recommend a dynamic rule to handle media in this fashion, the guidance for sipXbridge has always been to use a set rule, not a dynamic rule. MEDIA is latency sensitive (period), dynamic rules are fraught with breaking media because they do not necessarily open fast enough. Change your firewall config accordingly. ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431
Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Wed Feb 17 12:23:52 2010 Subject: Re: [sipx-users] No Inbound Audio Just a few updates: > First there is a problem with when the port is opened. This can be resolved with static NAT. > This is possible if the firewall performs the ALG > function by opening the port within the SDP and > creating a DNAT rule to forward the traffic to the > phone. AND if the firewall rewrites the SDP with the public IP address and port. Brian -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Heilig Sent: Wednesday, February 17, 2010 11:25 AM To: [email protected] Subject: Re: [sipx-users] No Inbound Audio Tony Graziano said, "They are supposed to be the same. The phone does not matter here. Sipxbridge manages that. Your vyaTta router is not doing symmetric nat." Ok, I see that now. I traced the packets on the public side and indeed the firewall is rewriting the port number. So if I can change my firewall to symmetric NAT it will work. However, if I understand correctly, it will not be optimal. Please allow me to explain. First there is a problem with when the port is opened. Sipx request media be sent to port 30000 (for example) AND sipx will send media from port 30000. If the gateway send media to sipx before sipx sends media to the gateway the port will not be opened. Sipx must send media to the gateway first to allow the NAT masquerade rule to be established, thereby establishing an inbound connection. This has been verified with a packet trace. The gateway sends the ring tone to the phone upon receiving the INVITE, but the RTP stream is blocked. After the phone receives the 183 Session Progress it begins sending some media (also a ring tone???). This opens the port and allows the gateway's ringtone through, which is then heard on the phone handset. At least that's how it would work if I had symmetric NAT. The second problem is that sipx doesn't need to be involved in the media. Ideally sipx would leave the SDP alone so that the gateway would send media directly to the phone. This is possible if the firewall performs the ALG function by opening the port within the SDP and creating a DNAT rule to forward the traffic to the phone. This would allow my network solution to be much more scalable. Working is better than not working, so of course if I can't implement the optimal solution what you said is fine. Please correct me if I misunderstood something. Thanks again, Brian _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
