External IP

Hello,

  I'd like to ask you for help. I encounter a strage problem. My asterisk (1.6) is configured for port 5060 plus NAT. Everything works perfectly. All parmeters like nat, externip are correct. Now I have an external system comunicating on port 5070. I set firewall rules on my side to nat 5070 to my 5060 port. The problem is that my system stopped using my externip for communicating to system with 5070 port.

What I see in wireshark on 5070 side is the invite and then RTP tries to reply to my DMZ address instead of my externip. Obvously it’s not going to work.

Did someone has a similar issue? Mayby it’s something trivial I’m not aware of.

Thanks in advance.

What if you change the Asterisk settings, so it listens on port 5070 instead of on port 5060?

If one system insists on addressing Asterisk on port 5070, you will need to change the port on Asterisk. There can only be one local, port per instance of Asterisk, so all other SIP devices will need to be set to this port number.

It might help us if you explained why you couldn’t use standard SIP port numbers. I cannot think of good, legal, reasons for doing this.

Also, you say you have set “nat” correctly. The nat option does not normally apply in this case, so “no” is the correct setting. However it is very common to have this set wrongly and have the system still work.

Thank you for replies.

First of all. When I set the standard 5060 port it works fine. All the addresses are set correctly. When I change it to 5070 then I have the address from DMZ instead of my externip.

I know that Asterisk can use only one port at a time. That is why I nat it on firewall to 5060 from 5070 when the it comes back to me.

On my side there’s only one asterisk server with 5060 port.

You ask why I do that? The answer is very simple. Because the server I try to communicate uses 5070. In fact there are two different asterisk servers with one public ip so the secend end must use two different ports. They use one server as internal pbx and the second for small call center operations. Hope it’s legal…

The question is why my server doesn’t use externip in invite when I set 5070 port in my outboud trunk? The same settings with removed “port=5070” work well.

@david55

Thank you for the advaice regarding nat. I checked it one more time. Both “yes” and “no” didn’t help much. Asterisk uses externip for trunks with default 5060 port only. For the rest the invite gets DMZ address.

You need to provide a packet trace. You also need to confirm that there is no SIP specific logic enabled in the router.

You should not be mapping port 5060 in the router.

If both servers are within the NAT, one wouldn’t expect them to use the externip.