Hi Everyone,

Here's a summary of what I did so far but still unable to resolve the
problems..

My network looks like this:

SITE A SIPX --> PFSENSE --> CISCO -->  |||| VIA GRE TUNNEL  |||| <-- CISCO
<-- PFSENSE <-- SIPX SITEB

I use Cisco IPSEC GRE Tunnel for this purpose.

I set the pfsense to Manual Outbound NAT rule generation (Advanced Outbound
NAT (AON))

My NAT rules:
WAN        172.16.3.0/24       *      *      *      *      *     YES
(VLAN SUBNET)
WAN        172.16.1.0/24       *      *      *      *      *     YES
(PFSENSE/CISCO SUBNET)

Create 3 firewall rules in pfSense (FOR WAN/VLAN):

    * Action: Pass
    * Interface: WAN
    * Protocol: UDP
    * Source: any
    * Destination: WAN address
    * Destination port range: 5080

    * Action: Pass
    * Interface: WAN
    * Protocol: TCP/UDP
    * Source: any
    * Destination: WAN address
    * Destination port range: 5060


    * Action: Pass
    * Interface: WAN
    * Protocol: TCP/UDP
    * Source: any
    * Destination: WAN address
    * Destination port range: 30000 – 31000

I can connect via IPSEC GRE Tunnel and can route on each sites. I can ring
the phones but if you pickup you can't hear any voice but the call remained
connected. Tried to call IVR but no audio either.

My questions are:
1. Could this be a firewall problem? Any other ports to open in order to
establish the voice?
2. Is it required to pass gre protocol even if I have GRE tunnel
established?
3. I can establish a call using xlite on each site but not on a hard phone.

I also made an ACL in cisco to open 5060(UDP/TCP) but it's no use.

I will greatly appreciate any inputs here.

Thank you in advance.

On Tue, May 18, 2010 at 3:42 PM, Rhon <[email protected]> wrote:

> Hello Tony,
>
> Here's my x-lite registration to sipx:
>
> "Rhon"<sip:[email protected] <sip%[email protected]>>
> <sip:[email protected]:49328;rinstance=49bedde5bd36ec5d;x-sipX-nonat>
> My setup passed the configuration test mentioned in the wiki. And are
> working in my simulated setup.
>
> Thanks
>
>
> On Tue, May 18, 2010 at 2:47 PM, Tony Graziano <
> [email protected]> wrote:
>
>> I would suspect dns.
>>
>> If your xlite is registering via hostname instead of domain name, its a
>> dead
>> giveaway.
>> ============================
>> Tony Graziano, Manager
>> Telephone: 434.984.8430
>> Fax: 434.984.8431
>>
>> Email: [email protected]
>>
>> LAN/Telephony/Security and Control Systems Helpdesk:
>> Telephone: 434.984.8426
>> Fax: 434.984.8427
>>
>> Helpdesk Contract Customers:
>> http://www.myitdepartment.net/gethelp/
>>
>> ----- Original Message -----
>> From: Rhon <[email protected]>
>> To: Tony Graziano <[email protected]>;
>> [email protected] <[email protected]>
>> Sent: Tue May 18 08:40:17 2010
>> Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site
>>
>> Hello Tony,
>>
>> Thank you for your reply. I already have those settings set and are able
>> to
>> call site-to-site via x-lite at the moment.
>> For the sake of testing I allowed everything to PASS on the firewall but
>> that don't help either.
>>
>> I followed your recommendation in allowing GRE protocol to any destination
>> but still failed.
>>
>> Any clue what's happening?
>>
>> Thanks in advance.
>>
>> Rhon
>>
>> On Tue, May 18, 2010 at 2:30 PM, Tony Graziano <
>> [email protected]
>> > wrote:
>>
>> > Again, since your connection is site-to-site and your vpn via ipsec is
>> > there, you need to ensure the ipsec is passing/allowing all tcp AND UDP
>> > traffic between the two.
>> >
>> > Don't confuse things with bringing up pfsense since its not really
>> > involved
>> > here (I don't think).
>> >
>> > Re-read my post listing your five steps. Filow that. It will work.
>> > ============================
>> > Tony Graziano, Manager
>> > Telephone: 434.984.8430
>> > Fax: 434.984.8431
>> >
>> > Email: [email protected]
>> >
>> > LAN/Telephony/Security and Control Systems Helpdesk:
>> > Telephone: 434.984.8426
>> > Fax: 434.984.8427
>> >
>> > Helpdesk Contract Customers:
>> > http://www.myitdepartment.net/gethelp/
>> >
>> > ----- Original Message -----
>> > From: [email protected]
>> > <[email protected]>
>> > To: Picher, Michael <[email protected]>;
>> > [email protected] <[email protected]>
>> > Sent: Tue May 18 08:09:29 2010
>> > Subject: Re: [sipx-users] No Voice/IVR on Site-to-Site
>> >
>> > Hello Michael,
>> >
>> > Thank you for your reply.
>> >
>> > On Tue, May 18, 2010 at 12:38 PM, Picher, Michael
>> > <[email protected]>wrote:
>> >
>> > >  I guess it depends on what is creating that tunnel and where NAT
>> lives.
>> > >
>> > Cisco is creating the GRE tunnel.  From Cisco it goes to PfSense FW. I
>> > made
>> > NAT set to:
>> >
>> > *Automatic outbound NAT rule generation (IPsec passthrough)*
>> >
>> > I think NAT is not necessary since traffic is passing thru the GRE
>> Tunnel
>> > and not going out. You can correct me if I'm wrong here.
>> >
>> > Hoping for your usual response.
>> >
>> > Many thanks and have a nice day!
>> >
>> > Rhon
>> >
>> > >
>> > > Your diagram (to me) shows your PBX behind pfSense and then going into
>> > > some
>> > > sort of Cisco device with a GRE tunnel between the Cisco devices.  So,
>> > > is
>> > > the PBX traffic really NAT’d?  Where does the Tunnel terminate?  Your
>> > > information is incomplete.
>> > >
>> > I don't think pbx traffic is NAT'd.  Here's my ip topology:
>> >
>> > SITE A:
>> > Cisco/PFSense subnet: 192.168.1.0
>> > Voice Subnet: 192.168.2.0
>> > Tunnel: 10.10.10.1
>> >
>> > SITE B:
>> > Cisco/PFSense subnet: 172.16.1.0
>> > Voice Subnet: 172.16.2.0
>> > Tunnel: 10.10.10.2
>> >
>> > > I assumed (maybe wrongly) that your PBX was behind the pfSense box and
>> > > NAT’d.
>> > >
>> >
>> > I not sure how to test this. But please note that we can establish
>> > connection using X-Lite via site-to-site without problems. Connection
>> can
>> > be
>> > established on each sites flawlessly.
>> >
>> >
>> > >
>> > >
>> > > Mike
>> > >
>> > >
>> > >
>> > > *From:* [email protected] [mailto:
>> > > [email protected]] *On Behalf Of *Rhon
>> > > *Sent:* Tuesday, May 18, 2010 1:01 AM
>> > >
>> > > *To:* [email protected]
>> > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site
>> > >
>> > >
>> > >
>> > > I'm using IPSEC GRE and pfsense interfaces have private IPs. should I
>> > > still
>> > > need NAT for that matter?
>> > >
>> > > Thanks
>> > >
>> > > On Tue, May 18, 2010 at 3:03 AM, Picher, Michael
>> > > <[email protected]>
>> > > wrote:
>> > >
>> > > It should be set to manual and yes.
>> > >
>> > >
>> > >
>> > > *From:* Rhon [mailto:[email protected]]
>> > > *Sent:* Monday, May 17, 2010 9:33 AM
>> > > *To:* Picher, Michael; [email protected]
>> > > *Subject:* Re: [sipx-users] No Voice/IVR on Site-to-Site
>> > >
>> > >
>> > >
>> > > Hello Michael,
>> > >
>> > > I have the static NAT port set to NO on pfsense.
>> > >
>> > > Also, to I have to enable NAT traversal on sipx?
>> > >
>> > > Thanks
>> > >
>> > > On Mon, May 17, 2010 at 3:20 PM, Picher, Michael
>> > > <[email protected]>
>> > > wrote:
>> > >
>> > > Static NAT port on the pfSense?
>> > >
>> > >
>> > >
>> > > *From:* [email protected] [mailto:
>> > > [email protected]] *On Behalf Of *Rhon
>> > > *Sent:* Monday, May 17, 2010 9:14 AM
>> > > *To:* [email protected]
>> > > *Subject:* [sipx-users] No Voice/IVR on Site-to-Site
>> > >
>> > >
>> > >
>> > > Hi,
>> > >
>> > > I have a problem with our deployment with SipXecs 4.2 which was
>> > > installed
>> > > fresh using ISO build.
>> > >
>> > > We cannot hear anything on both sides but are able to connect and can
>> > ring
>> > > the other end. Calling the IVR is ok but no audio as well.
>> > >
>> > > SITE A:
>> > > 100 - 199
>> > >
>> > > SITE B:
>> > > 200 - 299
>> > >
>> > > Everything passed using Configurations tests.
>> > >
>> > > Our networks are setup as seen below:
>> > >
>> > > SITE A SIPX --> PFSENSE --> CISCO -->  |||| VIA GRE TUNNEL  |||| <--
>> > CISCO
>> > > <-- PFSENSE <-- SIPX SITEB
>> > >
>> > > Any thoughts on what the problem could be?
>> > >
>> > > I have bypassed everything on the firewall at the moment.
>> > >
>> > > Thank you in advance.
>> > >
>> > > Rhon
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>>
>
>
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/

Reply via email to