we have a bit a sticky problem on our Asterisk server, which we are struggling to resolve, I'm hoping someone with more knowledge than me can help.
We are running Asterisk 1.8.23.0 on Centos 6.4 and our phones and asterisk server are sitting on the inside of a firewall and our voip service providers are on the outside. The firewall is setup and managed by an external company.
We currently have two voip service providers, A, who handles most of of inbound traffic and all our outbound traffic, and B who handles some of our inbound traffic, which gets routed to our call centre via an external IVR.
In a recent security audit we were told that we should have all our voip traffic running through a firewall, and it's been decided that we we should do this in two phases.
The first phase is to put the inbound traffic that we recieve from B through a firewall, and then in phase two send the inbound and outbound traffic from A through the firewall as well. We are currently stuck on phase one.
Initially we tried setting externip and localnet in the [general] section of our sip.conf file, but that broke the voip traffic on our primary voip service provider A, so we've tried to set them in the specific entry in our sip.conf file for our secondary voip service provider, B, like this:
[A]
type=friend
disallow=all
allow=alaw
allow=g729
context=fromneotel
host=aaa.aaaa.aaa.aaa
insecure=port,invite
nat=no
directmedia=no
[B]
type=friend
disallow=all
allow=g711
allow=g729
allow=alaw
context=fromis1
host=bbb.bbb.bbb.bbb
insecure=port,invite
nat=yes
directmedia=no
externip=ccc.ccc.ccc.ccc
localnet=192.68.20.0/255.255.252.0
where aaa.aaa.aaa.aaa is the ip of A
and bbb.bbb.bbb.bbb is the ip of B
and ccc.ccc.ccc.ccc is the external ip of the firewall.
With these settings in place, the call centre can recieve phone calls via the IVR, but once the calls are connected, the external caller can hear the call centre agent, but the call centre agent cannot hear the caller.
Our voip service provider tells us that in the 200 OK SIP response from ccc.ccc.ccc.ccc the SDP portion is giving them the ddd.ddd.ddd.ddd IP Adress to send media to.
ddd.ddd.ddd.ddd is the ip of our asterisk server that B would normally connect to when we are not trying to pass traffic through the firewall.
this is the information we recieve from them:
Via: SIP/2.0/UDP bbb.bbb.bbb.bbb:5060;branch=z9hG4bKmm63qe00d8ogcio100k0.1;received=bbb.bbb.bbb.bbb
From: "Anonymous"<sip:<originating number from IVR>@bbb.bbb.bbb.bbb:5060;user=phone>;tag=1641833502-1377756054727-
To: "<call centre number>"<sip:<call centre number>@ccc.ccc.ccc.ccc:5060>;tag=as43201e45
Call-ID: BW0800547272908131094994481@eee.eee.eee.eee
CSeq: 609518180 INVITE
Server: Asterisk PBX 1.8.23.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Contact: <sip:<call centre number>@ccc.ccc.ccc.ccc>
Content-Type: application/sdp
Content-Length: 260
v=0
o=root 1148542603 1148542603 IN IP4 ddd.ddd.ddd.ddd
s=Asterisk PBX 1.8.23.0
c=IN IP4 ddd.ddd.ddd.ddd
t=0 0
m=audio 11064 RTP/AVP 18 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
according to B, our secondary voip service provider, this is the line causing the trouble: o=root 1148542603 1148542603 IN IP4 ddd.ddd.ddd.ddd
eee.eee.eee.eee is an ip address that I don't recognise and know nothing about.
Any help is greatly appreciated.
Best Answer
Calls with no or one way audio are a common problem when NATing VOIP. Obviously you already have the source of the problem located: That the packets which carry voice are being sent to the incorrect address.
First, I would check with the people who maintain your firewall, If the firewall is worth its salt, there's undoubtedly something they can do to either solve the problem or make further diagnosis easier.
Failing that, ask your providers if they support IAX2 trunks. IAX2 doesn't suffer from the NATing problems of SIP.
Good luck.