Hi Everyone,
we are using cudatel communication server 370a, with flowroute sip trunk, outbound calls are working perfectly but inbound calls are getting drop after 30seconds.
We are using Fortinet 80c firewall in which all ports are opened for this sip trunk.
Inbound calls are getting drop after 30 seconds
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
2 posts
• Page 1 of 1
Inbound calls are getting drop after 30 seconds
by saikiran » Tue Aug 14, 2012 6:32 am
- saikiran
- Posts: 1
- Joined: Tue Aug 14, 2012 6:27 am
Re: Inbound calls are getting drop after 30 seconds
by williamconley » Thu Aug 16, 2012 9:37 pm
1) Welcome to the party! 
2) when you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.
this IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)
You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.
If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.
Similar to This:
Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600
3) "all ports are open" is not actually true unless you have an internet IP address. If you have a "Private" IP (192.168.xx.xx or 10.xx.xx and a couple others), you have many IPs internally and only ONE IP externally. It is impossible to have all the ports on one external IP address "open" to all the IP addresses inside (port 22 outside would then need to forward to port 22 of ALL the internal IP addresses, obviously that doesn't work!).
So: The router involved in this process has to decide which packets are going to go to which internal IP addresses. This can be done by "Forwarding" individual ports or groups of ports (such as 5060 UDP and 10000-20000 UDP). It can also be done by setting up ports and ranges as "triggers" (which would be described as "when a packet goes OUT on port 5060 to an IP address, any packets coming BACK from that same IP address on any port between 10000-20000 will need to go back to the same server"). In all cases, any computer reaching out to the internet will open a dynamic port (chosen by and remembered by the router at the moment of the request) and any traffic being sent back to that same port will be automatically forwarded back to that same computer (which is why you can have 85 people all surfing the web, even the same web site, and yet they only get the web pages and images THEY requested and not a mix of everyone elses!). Another method is "DMZ" which forwards all "unused" ports (those not being forwarded anywhere else or "in use" by another computer at present) to a specific IP address on the local network.
In addition to all these challenges we have one more addition: SIP implementation is rather old and has a requirement of having the IP address of the sending/receiving parties actually inside the sip packet. This can be a serious challenge if your IP address is a Private IP address (such as when your server is inside a private LAN with an IP such as 192.168.1.200). Now the SIP packet will have an IP address impossible to reach from a remote location and can cause the packet to be routed incorrectly (to a non-existent IP address as far as the sending party is concerned). The solution to this is a setting in sip.conf called "externip". This should be set to the external (outside of the router, internet accessible) IP address of the server, which overrides the IP address in the sip packet for the first leg of the trip allowing the packet to arrive at the outside of the firewall properly and then the router will be sure to send it along if it arrives on the proper port.
But that's not complicated at all, right? (Well, maybe not to me because I've been doing this for a while, LOL).
2) when you post, please post your entire configuration including (but not limited to) your installation method and vicidial version with build.
this IS a requirement for posting along with reading the stickies (at the top of each forum) and the manager's manual (available on EFLO.net, both free and paid versions)
You should also post: Asterisk version, telephony hardware (model number is helpful here), cluster information if you have one, and whether any other software is installed in the box. If your installation method is "from scratch" you must post your operating system and should also post the .iso version from which you installed your original operating system. If your installation is "Hosted" list the site name of the host.
If this is a "Cloud" or "Virtual" server, please note the technology involved along with the version of that techology (ie: VMware Server Version 2.0.2). If it is not, merely stating the Motherboard model # and CPU would be helpful.
Similar to This:
Vicibox X.X from .iso | Vicidial X.X.X-XXX Build XXXXXX-XXXX | Asterisk X.X.X | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel DG35EC | Core2Quad Q6600
3) "all ports are open" is not actually true unless you have an internet IP address. If you have a "Private" IP (192.168.xx.xx or 10.xx.xx and a couple others), you have many IPs internally and only ONE IP externally. It is impossible to have all the ports on one external IP address "open" to all the IP addresses inside (port 22 outside would then need to forward to port 22 of ALL the internal IP addresses, obviously that doesn't work!).
So: The router involved in this process has to decide which packets are going to go to which internal IP addresses. This can be done by "Forwarding" individual ports or groups of ports (such as 5060 UDP and 10000-20000 UDP). It can also be done by setting up ports and ranges as "triggers" (which would be described as "when a packet goes OUT on port 5060 to an IP address, any packets coming BACK from that same IP address on any port between 10000-20000 will need to go back to the same server"). In all cases, any computer reaching out to the internet will open a dynamic port (chosen by and remembered by the router at the moment of the request) and any traffic being sent back to that same port will be automatically forwarded back to that same computer (which is why you can have 85 people all surfing the web, even the same web site, and yet they only get the web pages and images THEY requested and not a mix of everyone elses!). Another method is "DMZ" which forwards all "unused" ports (those not being forwarded anywhere else or "in use" by another computer at present) to a specific IP address on the local network.
In addition to all these challenges we have one more addition: SIP implementation is rather old and has a requirement of having the IP address of the sending/receiving parties actually inside the sip packet. This can be a serious challenge if your IP address is a Private IP address (such as when your server is inside a private LAN with an IP such as 192.168.1.200). Now the SIP packet will have an IP address impossible to reach from a remote location and can cause the packet to be routed incorrectly (to a non-existent IP address as far as the sending party is concerned). The solution to this is a setting in sip.conf called "externip". This should be set to the external (outside of the router, internet accessible) IP address of the server, which overrides the IP address in the sip packet for the first leg of the trip allowing the packet to arrive at the outside of the firewall properly and then the router will be sure to send it along if it arrives on the proper port.
But that's not complicated at all, right?
(Well, maybe not to me because I've been doing this for a while, LOL).Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20258
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 98 guests