Connect Aastra 9133i remotely on an Asterisk Server

Hello everyone,

I have an asterisk server in our office here in Japan. It works fine with no problems. I have an ADSL connection at my house which I can successfully connect an IDEFISK softphone and call the office anytime I want and they can call me as well.

We have an extra Aastra 9133i and I brought it with me at home and I have tried to set it up pointing to our Office static IP address and putting the right things in the config but it doesn’t register.

I don’t think it’s got something to do with my Aastra setup as I don’t see any failed authentication in Asterisk. I have also tried putting several combinations in e.g. no outbound proxy and outbound proxy port.

Do I need to open up any ports in the office side? Right now, ports that are open in the office side are UDP 5060, UDP 4569, UDP TCP 22
Or do I need to open up any ports on my router at home (eventhough I can successfully connect using IDEFISK) if so what ports should be open? Maybe there is something I need to edit in Asterisk to allow remote connection?
I hope somebody can point me to the right direction cause I’m losing hair rapidly… Thanks very much in advance!

dndkey value: 0
date format: 7
sip auth name: 723
sip password: *****
sip user name: 723
sip display name: 723
sip screen name: Yehey3
sip line1 auth name: 723
sip line1 password: *****
sip line1 user name: 723
sip line1 display name: 723
sip line1 screen name: 723
sip line1 proxy ip: 61.118.107.538
sip line1 proxy port: 5060
sip line1 registrar ip: 61.118.107.538
sip line1 registrar port: 5060
sip line1 outbound proxy: 61.118.107.538
sip line1 outbound proxy port: 5060
sip line1 registration period: 300
sip line1 dtmf method: 0
sip line4 forward mode:
sip line4 ring number: 0
sip line5 forward mode:
sip line5 ring number: 0
sip line6 forward mode:
sip line6 ring number: 0
sip line7 forward mode:
sip line7 ring number: 0
sip line8 forward mode:
sip line8 ring number: 0
sip line9 forward mode:
sip silence suppression: 0
sip use basic codecs: 1

IAX2 is much more NAT-friendly than SIP, as you’ve discovered

you should port-forward whichever port the Aastra registers itself as being available on (usually port 5060), according to the output of “sip show peers”. that takes care of signalling, now you need to port forward (UDP again) the RTP range you have setup in rtp.conf too, and at both ends.

if you have a static ip address at either end, you should be able to secure it a bit more by restricting access to the address of the other side.

if you continue to port-forward 4569 to IAX, make sure you have a guest user setup as well … even if just goes to your incoming context.

Thanks for pointing me to the right direction. I’ll try your suggestion today… hopefully I’ll have some of my hair grown back before Sunday. cheers!

One bug you should be aware of-

In the AAstra phone setup (config files or web ui), there are two NAT options. There is SIP NAT IP (or something like that, feed it your external IP) and SIP NAT PORT. SIP NAT PORT does not change the local SIP port of the phone as it should, rather only changes the contact header of the phone to refer to a different port (and packets are still sent from and must be recieved to port 5060). I have contacted AAstra about this, the support guy I talked to agrees it’s a bug but the engineering department disagrees, its not a bug its a feature

so if you are putting multiple AAstra phones behind a NAT registering to a remote * server, this will probably nto work reliably.

To make one phone work tho, forward udp port 5060 and an RTP port (you can set it up in the aastra setup, that one configures itself correctly) to the aastra phone. Now set the phone to register to your office LAN IP, which should have port 5060 and the rtp range from *'s rtp.conf forwarded to it.