We are running Elastix at our office (open source CentOS based PBX server with Astrix for the actual core). Currently, the pbx server is pointed toward one of our 3 dsl lines. I want to move that over to my adtran router. I have set the default gateway in my PBX server to the address of the router. I can ping from the command line out to google. I can make calls into the direct lines we have setup. I can not make calls to our main line into the system. I can not make calls out from the phones to outside lines (get message of all lines busy).
I have gone into the router and enabled the main sip service in the router (unsure if that has any affect). I also made a security zone and added polices to forward all tcp and udp traffic from the port we use to the ip of our server.
I must be missing something here. I have given the router an ip and subnet within our private network (192.168.1.x /24).
George
georanma:
Based on my understanding of your network so far, I recommend the following configuration changes.
On the public Internet facing policy-class (security zone in the web interface), you will need to allow SIP traffic to the ADTRAN unit. (If you have an "admin-access" type ACL already on this policy-class, you can simply add SIP traffic to it)
Here is a example configuration:
ip access-list extended SIP-TRAFFIC
permit udp any any eq 5060
permit tcp any any eq 5060
ip policy-class PUBLIC
allow list SIP-TRAFFIC self
You will also need to create a proxy user template. The user template makes it possible to route traffic for users not already known by the (SIP) Proxy. This feature can also direct certain calls to local external public switched telephone network (PSTN) gateways. Users are dynamically added to the proxy user database when an INVITE or SUBSCRIBE message is received from the user (or PBX in your design), allowing SIP messages to be routed for the identified user.
Configuring a proxy user template consists of creating the user template, defining the target, assigning accept patterns to match potential users, specifying the proxy-mode. Use the following steps to configure a proxy user template.
Enter the ip sip proxy user-template <name> command at the Global Configuration mode prompt to create a proxy user template and enter the proxy user template configuration mode. For example:
# configure terminal
(config)# ip sip proxy user-template Set1
Define the proxy user’s (PBX in your design) location with the target <ip address> command from within the Set1 proxy user template configuration mode. This command indicates the host name or IP address, protocol, and port number to use. Issuing the no form of this command removes the target configuration.
Note: By default, there is no target configured. If a target is configured with no protocol or port specified, the SIP Proxy operates using UDP on port 5060. If a protocol is specified, but no port is specified, the SIP Proxy uses port 5060.
(config-template-Set1)# target 10.10.10.3
Define the number patterns to match a user ID to either accept or reject the user as an entry to the SIP Proxy user database. If a match is successful, the user originating the SIP message is either accepted as an entry to the database (for accept patterns) or rejected (for reject patterns). Using the accept <pattern> command creates an accept pattern for the proxy user template and permits SIP message for the matching user. Using the reject <pattern> command creates a reject pattern for the proxy user template and refuses SIP messages for the matching user.
Note: When creating a successful proxy user template, it is required to have at least one accept pattern, but reject patterns are optional. AOS processes the reject patterns before the accept patterns, regardless of the order they appear in the configuration of the proxy user template. Issuing the no form of this command removes the configured pattern entry from the proxy user template. The "$" is a wildcard which accepts any number string dialed.
(config-template-Set1)# accept $
Set the appropriate SIP proxy operation mode for users added to the SIP Proxy user database by using the proxy-mode command.
(config-template-Set1)# proxy-mode transparent
Here is a sample configuration for your design (only you would replace "10.10.10.2" with the private IP address of your PBX):
ip sip proxy
ip sip proxy transparent
!
ip sip proxy user-template Set1
target 10.10.10.2
proxy-mode transparent
accept $
(Note: You will also need to add the command media-gateway ip primary to all interfaces that will pass voice traffic.)
I know that is a lot of information, but you can refer to the Configuring Proxy User Templates in AOS and Configuring the SIP Proxy in AOS for more detailed information.
Levi
georanma:
Thank you for asking this question. It sounds like you might be on the right track. First and foremost, it sounds like you already have IP connectivity setup properly if your PBX can ping out to the Internet through the ADTRAN router. Most likely we will need to setup the ADTRAN as a SIP proxy to get the voice to function properly, and you will need to remove the port forward you have in place. I will need a little more information about the network design to assist you. Please, answer the following questions when you get a chance:
Please, answer these questions, and provide any other relevant information, and I will be happy to assist you any way I can.
Levi
The PBX is connected to a switch that the adtran is also connected to. The IP phones are connected to either the same switch directly or via another switch.
When you say register, do you mean the provider? We pay for a sip trunk service currently.
Long morning, and just wanted to get these answers out quick. If I think of any relevant details, I will provide them as the day goes on.
Thanks,
George
georanma:
Based on my understanding of your network so far, I recommend the following configuration changes.
On the public Internet facing policy-class (security zone in the web interface), you will need to allow SIP traffic to the ADTRAN unit. (If you have an "admin-access" type ACL already on this policy-class, you can simply add SIP traffic to it)
Here is a example configuration:
ip access-list extended SIP-TRAFFIC
permit udp any any eq 5060
permit tcp any any eq 5060
ip policy-class PUBLIC
allow list SIP-TRAFFIC self
You will also need to create a proxy user template. The user template makes it possible to route traffic for users not already known by the (SIP) Proxy. This feature can also direct certain calls to local external public switched telephone network (PSTN) gateways. Users are dynamically added to the proxy user database when an INVITE or SUBSCRIBE message is received from the user (or PBX in your design), allowing SIP messages to be routed for the identified user.
Configuring a proxy user template consists of creating the user template, defining the target, assigning accept patterns to match potential users, specifying the proxy-mode. Use the following steps to configure a proxy user template.
Enter the ip sip proxy user-template <name> command at the Global Configuration mode prompt to create a proxy user template and enter the proxy user template configuration mode. For example:
# configure terminal
(config)# ip sip proxy user-template Set1
Define the proxy user’s (PBX in your design) location with the target <ip address> command from within the Set1 proxy user template configuration mode. This command indicates the host name or IP address, protocol, and port number to use. Issuing the no form of this command removes the target configuration.
Note: By default, there is no target configured. If a target is configured with no protocol or port specified, the SIP Proxy operates using UDP on port 5060. If a protocol is specified, but no port is specified, the SIP Proxy uses port 5060.
(config-template-Set1)# target 10.10.10.3
Define the number patterns to match a user ID to either accept or reject the user as an entry to the SIP Proxy user database. If a match is successful, the user originating the SIP message is either accepted as an entry to the database (for accept patterns) or rejected (for reject patterns). Using the accept <pattern> command creates an accept pattern for the proxy user template and permits SIP message for the matching user. Using the reject <pattern> command creates a reject pattern for the proxy user template and refuses SIP messages for the matching user.
Note: When creating a successful proxy user template, it is required to have at least one accept pattern, but reject patterns are optional. AOS processes the reject patterns before the accept patterns, regardless of the order they appear in the configuration of the proxy user template. Issuing the no form of this command removes the configured pattern entry from the proxy user template. The "$" is a wildcard which accepts any number string dialed.
(config-template-Set1)# accept $
Set the appropriate SIP proxy operation mode for users added to the SIP Proxy user database by using the proxy-mode command.
(config-template-Set1)# proxy-mode transparent
Here is a sample configuration for your design (only you would replace "10.10.10.2" with the private IP address of your PBX):
ip sip proxy
ip sip proxy transparent
!
ip sip proxy user-template Set1
target 10.10.10.2
proxy-mode transparent
accept $
(Note: You will also need to add the command media-gateway ip primary to all interfaces that will pass voice traffic.)
I know that is a lot of information, but you can refer to the Configuring Proxy User Templates in AOS and Configuring the SIP Proxy in AOS for more detailed information.
Levi
Can I shoot you some screen shots to see if Im in the correct areas with
correct settings?
George
On Thu, Mar 8, 2012 at 1:09 PM, levi
georanma:
I will contact you via private message if you do not feel comfortable attaching your configuration publicly and removing the sensitive information. To download the configuration from the web interface go to Utilities > Configuration > Download. Then you can send a copy of the configuration instead of sending screenshots.
Levi
georanma:
After reviewing your configuration and our conversations via private message, for your unique situation, you will need to work with your Internet Service Provider to get your configuration and design questions resolved.
I have marked this post as "assumed answered."
Levi
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Levi