This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

VoIP over NAT issues: Ring but no audio; disconnects

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VoIP over NAT issues: Ring but no audio; disconnects

AdamsCoGovt
L1 Bithead

‎05-01-2012 12:10 PM

I have our VoIP PBX set up with an IP on our external side via NAT. The policy is a simple static NAT from the internal IP to the external. I also have the correct security policies in place to allow SIP/RTP traffic to pass freely to and from the external IP address. The PBX server can be accessed via HTTP from outside our network, and my cell phone (using BRIA) can successfully register to the PBX.

However, whenever I make a call from outside, it will disconnect after seven (7) seconds when picked up. This happens every time without fail. I have tried tweaking around security policies, enabling application override, and altering the NAT rules.. nothing seems to help.

Can anyone give me suggestions? This setup worked perfectly fine on our old Juniper SRX-240B with the PA-500 in vWire. Ever since I swapped the PA-500 into being our gateway/firewall, it just won't do it.

More information can be provided upon request.

Thanks,

Logan

0 Likes Likes
15 REPLIES 15

BlackfenSchool
Not applicable
In response to BlackfenSchool

‎09-18-2012 04:20 AM

Over three hours on the phone to PA support this morning got it sorted.

My applictation override rules were not working, as they were pointing at predefined applications.  Custom Apps for both SIP and RTP were created which then started to allow some RTP through.

We were still getting quite a few calls with no audio (some were coming through).  The PA engineer discovered that this was due to us using the dynamic-ip-and-port option in our outgoing source translation.  Changing this to static-ip fixed it.

Here's what my working setup looks like;

Security Rules;

Security.jpg

NAT Rules;

NAT.jpg

Application Override Rules;

AppOver.jpg

Custom SIP Application;

SIP.jpg

Custom RTP/RTCP Application;

RTP.jpg

Hope this helps anybody experiencing similar problems.  PA have taken a support dump, so may have a more elegant fix at some point.

(1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks