On 1/27/2011 12:57 PM, Michael Scheidell wrote:
On 1/27/11 1:39 PM, Matthew Kitchin (public/usenet) wrote:
I can shed some light on that I think. Verizon required they send us
calls on port 5060. We do nat the port to 5080. We hadn't seen any
issue there, but I guess we have now for some reason.
Verizon --5060-- our router -- 5080 --> sipx
when I had this problem with level3, and TRIED everyone's suggestions
of pat, port forwarding, etc, I found that at LAYER4 IT WORKED, but
phucked up at LAYER7.
this won't work.. did it work? no, it just sorta worked. it won't
work. as in 'undefined', as in maybe, under certain circumstances,
sometimes it works.
you need an application layer proxy. you need a seperate copy of FS
to do this. you need an SBC to do this. you need a simple perl
script to do this, and/or, I think the juniper firewalls can modify
sip invites on the fly.
as in, what needs to be done?
verizon port 5060 (in the invite, verizon sends the '5060' somewhere)
you neet to xlate to port 5080. not only layer4, but layer7
(netsed?). sipx sees it as coming TO port 5080, and responds back,
saying 'thanks, I got this on port 5080, continue on port 5080'
the OUTBOUNDS needs to xlate src port 5080 on sipx to 5060, AND THEN
TRANSLATE THE ASCII TEXT 5080 BACK TO 5060.
so, in your case, what you are trying to do, won't work.
no, don't tell me it sorta works, you just proved it won't work.
Tony and I tried a while back, and I tried with a copy of FS on
pfsense, then finally convinced level3 that if they want my $17 a
month, they needed to send to me on port 5080.
Tony can tell you about how hard level3 will work for your business.
you might call them. tell them tony and I send you.
(or help us come up with the bounty to pay for a good pfsense/fs
config that will do the proxying.. I still think a couple of copies of
netsed might do it, but I don't need to try today)
how to try cheaply?
get voip.ms to work with static ip authentication. if you get that to
work, then you have it.
I'm not sure if that is causing my problem or not. We do not have remote
workers, and I do understand where it would cause a problem there. I
cannot use voip.ms here. This is a 110 site MPLS network that runs on
Verizon infrastructure. For a variety of reasons, I need to use Verizon
Voip services. I don't believe I have proved that the port translation
is or isn't causing it.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
------------------------------------------------------------------------
This email has been scanned and certified safe by SpammerTrap®.
For Information please see http://www.secnap.com/products/spammertrap/
------------------------------------------------------------------------
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
