I'm experiencing an issue with a connection to an external voip server.
Directly attached to a PA-500 ethernet port there is a patton (fxo voip appliance).
Now, I'm allowing any traffic to outside, any application.
When I surf from that interface I can access external sites, but the issue seems to be NAT.
Voip uses port 5060 udp.
I can see the packets reaching the external server (that I manage) and they are forwarded back, but on the PA they are not present.
I tried different NAT types, but none of them seems to be working properly.
Does anyone experienced the same issue?
Does anyone know how to solve the problem of udp coming back to the internal interface of the firewall?
Thanks to all of you,
The external server is well known by the patton.
It arrives and the landing packet reaches the target.
When the packet is sent back everything stops.
Now I'm trying the hint given by slv. :smileyhappy:
Last post on Oct 8, 2013 6:29 AM but I got the same issue and maybe it will help the next person
PA-500 with PanOS 6.0.4
External voip Server from nfon incl snom phones + patton.
Hints in other discussions:
Application override -> problem still exist
Bidirectional nat -> problem still exist
ALG disabled -> problem still exist
Packet capture -> I saw my packages in the "drop" log and after hours of stupid investigation, it was only the route back to my snom-clients. The crazy thing is that I was able to see all the outgoing traffic and everything looked fine but due to the misconfiguration of my route my packages were dropped and I was NOT able to see them in the Traffic monitor. Only a packed captured helped
I know this is not the global solution but maybe someone is using PAN OS 6.0.x and nfon as a voip provider too. (ALG possible!)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!