We nave an Astra PBX in the data centre with UTM220's on the gateway
An ipsec VPN back to the office via an ASG220
All running 8.302.
I thought that using VOIP security all we had to do was switch it on, put the providers SIP servers in the servers list and the PBX in the Client list and that would be that.
The handsets all connect to the PBX across the VPN and register no problem.
they have their extension as the media port for example ***.***.***.***:49801 and the voice packets should simply be passed across.
Our SIP providers uses:-
5004:5019
5060:5062
I have addes these to the SIP Services.
The LAN outgoing SIP works fine just a packet filter rule to the SIP provider and the connection is made. We get outgoing voice, but this is going via the local gateway, not the DC. The provider does not care as they tag the packets by MAC address.
However, the return voice is sen to the PBX and by default it is all dropped.
15:20:36 Default DROP RTP xx.xx.***.xx: 30186 → yy.yyy.yyy.yyy : 49801
I understand that DNAT is not required so packet filter rules would required?
we have tried all sorts of variations and even if we get all the rules accepted we still get no voice.
Has anyone done this sort of set up before?
An ipsec VPN back to the office via an ASG220
All running 8.302.
I thought that using VOIP security all we had to do was switch it on, put the providers SIP servers in the servers list and the PBX in the Client list and that would be that.
The handsets all connect to the PBX across the VPN and register no problem.
they have their extension as the media port for example ***.***.***.***:49801 and the voice packets should simply be passed across.
Our SIP providers uses:-
5004:5019
5060:5062
I have addes these to the SIP Services.
The LAN outgoing SIP works fine just a packet filter rule to the SIP provider and the connection is made. We get outgoing voice, but this is going via the local gateway, not the DC. The provider does not care as they tag the packets by MAC address.
However, the return voice is sen to the PBX and by default it is all dropped.
15:20:36 Default DROP RTP xx.xx.***.xx: 30186 → yy.yyy.yyy.yyy : 49801
I understand that DNAT is not required so packet filter rules would required?
we have tried all sorts of variations and even if we get all the rules accepted we still get no voice.
Has anyone done this sort of set up before?