Asterisk VOIP Nat firewall

Hello all,

What ports need to open to allow remote sip phone work on asterrisk server.

Look forward to your reply

Thanks !

Inbound: 5060, 53, and the range of RTP ports you have configured in rtp.conf.

Outbound the SIP port used by the phone, the RTP ports used by the phone and 53.

Thanks david551,

port 5060 use both protocols, port 53 use both protocols too ?

I guess the other ports rtp range use udp ,
It’s correct ??

Thanks !

5060 (SIP) can use TCP, but out of the box phones will only use UDP. DNS is normally only done with UDP. RTP is UDP. sips: normally uses 5061/TCP.

Also, some people explicitly configure the SIP port to reduce the number of attacks.

Thank you david551,

please let explain you something :

twice, i have to unistall asterisk system, we currently have remote sip phone work tru an existing LAN with internet connection,
i have never worried about the range port in the rtp.conf, and remote phone works fine , but i pretty sure that port 5060 was firewalled in the cisco router to allow these sip phone configured remotely,the static ip @ of the asterisk system is 192.168.X.X for eg, and the public ip @ is was setting up in all remote sip phone , so i assume NAT has been done in regard the static ip @ of the asterisk,so i kept this private ip @ forever… now i am the man who manage the router also, this router has been default factory reset,
Is it necessary to woried about the large range port in the rtp.conf ???

Thanks !

Depends on whether the router automatically opens ports referenced in the SIP SDP. However, if you don’t have them permanently open, you may find that the router sometimes drops the temporary rule too soon.

Thank you —

You right,

The router is 2911 Cisco.

Thanks !