I'm installing a new pbxact phone server onsite and I've ran into an issue using a 3rd party sip, I've got the acl's for the traffic created and the traffic is allowed, I'm assuming i need to create a nat rule that has the port range directed towards my pbx.
I'm running v8.2 on the asa, and most the documents I've found are on 8.4 so I haven't been able to find a working solution.
Or is there another way to properly get my pbxact to communicate with my sip provider? I've already nat'd 5060 for the sip protocol.
Best Answer
Understanding NAT and SIP requires understanding SIP at a more fundamental level.
SIP is simply a signalling protocol, assisting the endpoints in call setup and teardown. SIP has nothing to do with the transfer of the actual media transmitted between the two endpoints. SIP is typically paired with RTP for media transport.
Port 5060 is the port used by SIP by default. However, part of the media negotiation process involves notifying the other endpoint of the ports on which the RTP traffic is able to be received.
With Asterisk-based setups (of which PBXact is one), the defaults are typically 10000-20000 UDP, although they can be verified and/or modified in rtp.conf.
Set your ASA to forward these ports onto the PBXact system, and you should be connecting well.
I personally don't like the exposure this configuration offers at the firewall, which is why I specifically located an ITSP which offers IAX2 trunking services. I pay slightly more than I might otherwise, but I only need a single port forwarded to my Asterisk system from my firewall. This single port supports both signalling and media which makes NAT traversal much cleaner in IAX2. IAX2 can also have a slightly reduced amount of protocol overhead when using multiple channels simultaneously due to the trunking the protocol provides.