cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
brentn
New Contributor

SBC SIP Trunking Help

Jump to solution

Hey all,

I tend to type a lot, so this post will be kind of long. But it should include all information necessary.

I already have a ticket open with support regarding this, and they were very very helpful with my first call to them. However I have updated the ticket a couple times today, and called in, and I haven't had anyone reach back out to me in about 6 hours. I realize that's not very long, but this is a critical issue for us so I'm hoping to get some help from the community.

Long story short, I am using an AdTran 908e 2nd Gen basically as an SBC. Eth 0/1 is plugged in to the internet with a public IP (nothing else in front of it), and Eth 0/2 is going to be the private network which will go through a switch but ultimately only needs to talk to 1 computer: a fax server running Biscom FAXCOM. The planned setup is essentially back to back user agents, if I'm understanding it correctly. The Biscom FAXCOM server supports SIP trunking. We are pointing it to the inside interface of the AdTran, and then the outside interface of the AdTran has the information for a Level 3 SIP trunk (provided via VoIP Innovations).

AdTran support was extremely helpful and provided me two things.

1: Linked me to this document, which I followed almost exactly. - SBC SIP Trunking Sample Configuration

2: Provided some additional configuration examples for the firewall options required for letting the two talk to each other.

If I plug my computer directly in to the internet (no firewall or anything) then I can get out to Level 3's SIP Trunk and fax just fine. If I go in to Eth 0/2 like I want, I can't. Packet captures show that the connection goes out, and returns. So it *seems* like the NAT/firewall issues are good. But during the negotiation it ultimately stops responding so the SIP Trunk times out and hangs up. So that makes me think it *is* a NAT/firewall issue. I can definitely reach out and get a response, but it just won't complete.

I have packet captures that I can provide, but I will start with screen shots and my configuration as it may be something obvious in there.

Here is a flow diagram of when I plugged my computer directly to the outside internet, with no AdTran. You can see my IP (204.x.x.x) reaches out to VoIP Innovations (64.136.174.30) as a SIP trunk, which in turn negotiates with Level 3 (4.55.2.2) for us.

worked.png

And here is one when plugged in behind the AdTran, which does not work. Note that at this time my internal IP was on the 192.168.x.x network. I have since changed it though, so ignore that difference in my config vs this screenshot. For some reason VoIP Innovations is transparent in this one. You only see my computer's IP (192.168.90.10) talk to the inside interface of the AdTran (192.168.90.254, now changed) and Level 3 (4.55.2.2). However, this did go through VoIP Innovations still, as we don't have a SIP trunk directly with Level 3. You see the initial couple of invites and 200 OK. But then it sends several packets trying to do the T.38 handshake over to Level 3, and they never make it back. So it just hangs up. It definitely seems like NAT or firewall.

broken.png

Here is my config. It has been somewhat "sanitized." I have removed sensitive information, as well as unecessary info (like all of the shut ports).


! ADTRAN, Inc. OS version R10.10.0.E


! Boot ROM version 14.05.00.SA


! Platform: Total Access 908e (2nd Gen), part number 4242908L1


! Serial number x


!


hostname "TA908e"


enable password encrypted x


!


ip subnet-zero


ip classless


ip default-gateway 204.x.x.x


ip routing


ipv6 unicast-routing


!


name-server 8.8.8.8


!


no auto-config


auto-config authname adtran encrypted password x


!


event-history on


no logging forwarding


no logging email


!


service password-encryption


!


username "x" password encrypted "x"


!


ip firewall


no ip firewall alg msn


no ip firewall alg mszone


no ip firewall alg h323


!


aaa on


ftp authentication LoginUseLocalUsers


!


aaa authentication login LoginUseTacacs group tacacs+


aaa authentication login LoginUseRadius group radius


aaa authentication login LoginUseLocalUsers local


aaa authentication login LoginUseLinePass line


!


aaa authentication enable default enable


!


no dot11ap access-point-control


!


interface eth 0/1


  ip address  204.x.x.x  255.255.255.252


  ip access-policy Public


  media-gateway ip primary


  no shutdown


!


interface eth 0/2


  ip address  10.10.80.254  255.255.255.252


  ip access-policy Private


  media-gateway ip primary


  no shutdown


!


ip access-list extended Admin


  permit tcp any  any eq ssh


  permit tcp any  any eq https


!


ip access-list extended MatchAll


  permit ip any  any  


!


ip access-list extended SIP


  permit udp any  any eq 5060


!


ip policy-class Private


  allow list self self


  nat source list MatchAll interface eth 0/1 overload


!


ip policy-class Public


  allow list SIP self


  allow list Admin self


!


ssh-server pubkey-chain


!


no tftp server


no tftp server overwrite


http authentication LoginUseLocalUsers


http server


no http secure-server


no snmp agent


no ip ftp server


no ip scp server


no ip sntp server


!


sip


sip udp 5060


no sip tcp


!


voice feature-mode network


voice transfer-mode local


voice forward-mode local


!


voice trunk T01 type sip


  description "VI SIP Trunk"


  sip-server primary 64.136.174.30


!


voice trunk T11 type sip


  description "FAXCOM"


  sip-server primary 10.10.80.158


  grammar from host local


  transfer-mode network


!


voice grouped-trunk PROVIDER


  trunk T01


  accept NXX-NXX-XXXX cost 0


  accept 1-NXX-NXX-XXXX cost 0


  accept 011-$ cost 0


  accept 411 cost 0


  accept 611 cost 0


  accept 911 cost 0


!


!


voice grouped-trunk FAXCOM


  trunk T11


  accept $ cost 0


!


ip rtp symmetric-filter


!


line con 0


  login authentication LoginUseLinePass


!


line telnet 0 4


  login authentication LoginUseLinePass


  no shutdown


line ssh 0 4


  login authentication LoginUseLocalUsers


  no shutdown


!


end


Thanks in advance for any and all help!

Labels (3)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: SBC SIP Trunking Help

Jump to solution

Brent,

I went back and looked up the ticket with ADTRAN.  The SBC media-anchoring option mentioned by others would likely have worked as well, but it appears we resolved the issue by adding a static route for the far end T.38 endpoint to the local fax server.  If there was some other resolution, feel free to add that to this post.

Thanks!

David

View solution in original post

0 Kudos
4 Replies
Anonymous
Not applicable

Re: SBC SIP Trunking Help

Jump to solution

Bretn,

    You have to have the SBC model Adtran to do this.  You will notice in the sample configuration the key command:

ip rtp media-anchoring

This command forces the Adtran to stay in the middle of the call otherwise the endpoints will try to connect directly together which is not possible since one is private and the other is public.  However it cannot be entered on Non SBC Adtrans.  Since you Adtran does not have the command and it does not have the SBC key I would guess it is not an SBC model and therefore not possible to do this setup with.

John Wable

Re: SBC SIP Trunking Help

Jump to solution

John: Brent's configuration file said 908e?  So all he needs to do is purchase the SBC key right?

Anonymous
Not applicable

Re: SBC SIP Trunking Help

Jump to solution

Yes if he has access to purchase the upgrade key that will work.

Anonymous
Not applicable

Re: SBC SIP Trunking Help

Jump to solution

Brent,

I went back and looked up the ticket with ADTRAN.  The SBC media-anchoring option mentioned by others would likely have worked as well, but it appears we resolved the issue by adding a static route for the far end T.38 endpoint to the local fax server.  If there was some other resolution, feel free to add that to this post.

Thanks!

David

0 Kudos