Asterisk with 2NIC (Private with internet AND Public)

Hi,
I need help to solve my problem. I’ve been stick with this problem for about 5 days with no joy :frowning:
I already follow the instruction from freepbx.org/support/document … -extension

My topology is like below picture.

Condition:

  1. with that topology, i can go to Asterisk GUI through 202.158.1.xxx
  2. PC1-3 successfully connect to Asterisk without problem
  3. PC4 is on different ISP with PC1-3
  4. I am using CentOS for asterisk

And my configuration is like belom picture

Route and IPTables at CentOS

SIP Setting

Extension Setting

Please Help Me
Thank You in Advance

First off get rid of the 202. network from your localnets setting. This network is not a local network but is connected to the Internet. You’re not using NAT by the looks of it so you don’t need any NAT settings.

Try this first and also post what is in your Asterisk logfile when the remote phone tries to connect.

Hi leemason.

Thank you for your reply.

I move the NAT setting on “SIP Settings” and “Extension settings” but still have no joy.

the log from asterisk is like below

[code][2012-06-29 08:21:34] VERBOSE[3181] chan_sip.c:
<— SIP read from UDP:115.85.71.18:5060 —>
REGISTER sip:202.158.1.157:5060 SIP/2.0
Via: SIP/2.0/UDP 192.166.11.2:5060;branch=z9hG4bK-d8754z-bf3bd16fe3700875-1—d8754z-;rport
Max-Forwards: 70
Contact: sip:7110@115.85.71.18:5060;transport=UDP;rinstance=5d26aa0b7a82e887
To: "1000"sip:7110@202.158.1.157:5060
From: "1000"sip:7110@202.158.1.157:5060;tag=6a008025
Call-ID: MTFjY2U2N2JlNDAyODY4ZmNhMDM2ZWQyN2JiMGU0MjE.
CSeq: 1 REGISTER
Expires: 120
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE
Supported: replaces
User-Agent: 3CXPhone 6.0.20943.0
Content-Length: 0

<------------->
[2012-06-29 08:21:34] VERBOSE[3181] chan_sip.c: — (13 headers 0 lines) —
[2012-06-29 08:21:34] VERBOSE[3181] chan_sip.c: Sending to 115.85.71.18:5060 (no NAT)
[2012-06-29 08:21:34] VERBOSE[3181] chan_sip.c:
<— Transmitting (no NAT) to 115.85.71.18:5060 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.166.11.2:5060;branch=z9hG4bK-d8754z-bf3bd16fe3700875-1—d8754z-;received=115.85.71.18;rport=5060
From: "1000"sip:7110@202.158.1.157:5060;tag=6a008025
To: "1000"sip:7110@202.158.1.157:5060;tag=as0bf73abf
Call-ID: MTFjY2U2N2JlNDAyODY4ZmNhMDM2ZWQyN2JiMGU0MjE.
CSeq: 1 REGISTER
Server: FPBX-2.10.0(1.8.8.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="127c067b"
Content-Length: 0

<------------>
[2012-06-29 08:21:34] VERBOSE[3181] chan_sip.c: Scheduling destruction of SIP dialog ‘MTFjY2U2N2JlNDAyODY4ZmNhMDM2ZWQyN2JiMGU0MjE.’ in 32000 ms (Method: REGISTER)[/code]

Thank You

The biggest thing I see is this:

Your asterisk box is configured to use the Mikrotik router as its default gateway. Therefore packets will be going in and out through the Mikrotik box and be landing on the wrong interface & have the wrong source/destination IP. At this point, you having an external IP address on your Asterisk box is pretty pointless because it still going through NAT. Set your asterisk box to use the default gateway of your ISP rather than the Mikrotik router.

The log snippet your provided doesn’t really show a problem. It shows part of the normal registration process that a device goes through (attempt register, get an “authentication required” message, attempt register again with authentication, get acknowledgement).

The last thing I see, and this may just be a typo on your part on the graphic, but it looks like the SIP device and Asterisk share the same 202.158.1.XXX network even though they’re separated by the Internet. If you’ve got duplicate network ranges across the network, this could account for your problem(s).

Actually 202.158.1.144 (asterisk) and 202.158.1.144 (phone) are in the same subnet of 255.255.255.240 so packets should go out correctly through eth2. However is this correct? Have you really got two internet based hosts in the same small subnet?

He did say it was on a different ISP, so they shouldn’t be on the same network.

This is another person who seems to want a broken (no border gateway protocol and autonomous system number) dual homed configuration. My feeling is that Asterisk is not designed to work round such configurations, but I don’t have enough incentive to look deep inside the code to confirm that.

[quote=“jpsharp”]The biggest thing I see is this:

Your asterisk box is configured to use the Mikrotik router as its default gateway. Therefore packets will be going in and out through the Mikrotik box and be landing on the wrong interface & have the wrong source/destination IP. At this point, you having an external IP address on your Asterisk box is pretty pointless because it still going through NAT. Set your asterisk box to use the default gateway of your ISP rather than the Mikrotik router.

It is a good point. I use eth0 and eth2 with different gateway. I really dont know how to set that 2 NIC only using one gateway. Can you teach me how to do it?

The log snippet your provided doesn’t really show a problem. It shows part of the normal registration process that a device goes through (attempt register, get an “authentication required” message, attempt register again with authentication, get acknowledgement).

That means the log is nothing. So it is just a problem in my CentOS? Pls Advise

The last thing I see, and this may just be a typo on your part on the graphic, but it looks like the SIP device and Asterisk share the same 202.158.1.XXX network even though they’re separated by the Internet. If you’ve got duplicate network ranges across the network, this could account for your problem(s).

SIP Device means that softphone?
Actually my softphone is on different ISP (different IP too). My PC4 softphone is on 115.85.71.18 and my Asterisk is on 202.158.1.157

[/quote]

Hi jsharp, please find my answer in “bold” one. Thank You

Hi leemason,

Actually 202.158.1.144/28 is the network with broadcast 202.158.1.159 (using ip cheatsheet), and i use 202.158.1.157 for asterisk. And My softphone PC4 is from another ISP with ip 115.85.71.18

When i connect from another ip public in same network of Asterisk (202.158.1.146) using softphone, i can successfully connect to Asterisk.

No, i got 2 internet with different ISP.

Yes it is :smile:

So, you are facing same problem too?

any suggestion please?

202… is not a local network!

It may be possible to consider this configuration as though you were actually doing NAT, although you need to be careful about direct media, but the network with the public address should never be listed in local networks.