The Allworx method simply does not work outside of their limited, assumed scenario. a single SIP device - no special configuration should be needed to deal with NAT anyway.) Watchguard is documenting their means of dealing with multiple SIP devices (e.g. Part of the problem here is that Allworx is documenting a SIP method for exposing a PBX to the outside work (e.g. NAT just makes everything harder (in this case.) Or use IAX for your outside connections rather than SIP and eliminate the issue. Yes, you're PBX should probably be in a DMZ that is not NAT'd. where every user has to have an account with YOU. Think of Skype except running your own service. Phones without SIP connections to you won't be able to dial you. Sure it works, but most people expect phones to have phone numbers. but how will people dial you? They will have to dial you using SIP over the Internet without using a phone number. You CAN run a PBX with nothing but what you list. Think of VoIP like email - even if you want to run your own infrastructure you still need to buy a domain name or else no one can find you. There is no PBX service where you don't have to get phone numbers. You need some type of connection but you only need one. This can be legacy phone connections like analogue lines or a T1 or it can be a SIP trunk. A PBX needs a connection to the phone system. Depends, do you plan to reach it from the outside world or just internally?ģ. I've always had to turn it off because it seems to always kill communications completely.Ģ. You won't have the problem with a more normal protocol like IAX.ġ. But NAT only knows how to handle the SIP session, not the sessionless RTP that isn't directly connected to SIP. It is because SIP only initiates sessions, RTP is then a UDP stream. Almost no one can do that, of course, I'm just pointing out conceptually where the issue is because thinking of it as a firewall problem makes it harder to figure out. If you switch your firewall to not use NAT but to use public IP addresses the VoIP issues should just vanish. It's not that you're being blocked (firewall), but that the router is unable to determine the session information. That's a router function, not a firewall function. You're not having an issue with your firewall, you're having an issue with your Network Address Translation. If your VoIP is sharing the same internet connection that your data is, like a bonded T1 for example, do you still need to have a SIP trunk so you are connected to the PSTN? Or do you just pay a SIP provider to route your calls? Is there a setup where you buy your PBX, you phones, a broadband connection and run VoIP with no other services needed? I admit I am a little unclear on the infrastructure of VoIP in mid-size businesses. If you have a PBX on-site, where do you usually place it? Behind the firewall? DMZ? Outside the firewall? Does your PBX always have an external IP or can you keep it behind the firewall, give it a private IP and NAT it through the firewall?ģ. Have you ever been able to implement SIP based VoIP without a SIP ALG? The firewall is doing NAT of course.Ģ. Most firewall vendors use a SIP ALG that dynamically opens/closes ports. Most of the VoIP setups we come across are SIP-based. The one problem we run into most of the time is the dreaded "one-way audio". I work with firewalls but kinda of a newbie with VoIP, and I am still trying to get a good handle on a few things. For those of you who support firewalls and VoIP, you know that the two don't play nice together.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |