NAT issue with Asterisk

I am not sure where I am going wrong. Can somebody help me out solving the problem.

Let me give the complete network configuration;

Network is configured using a sonicwall PRO 2040 Firewall / VPN device. I have done only the basic configuration for this.

WAP Static IPs: : Sonicwall WAN port : Gateway : Subnet

LAN Network IPs:

192.168.91.x : Sonicwall LAN Port

DMZ Network Private IPs: : Sonicwall DMZ Port

Public IPs available address range: : Assigned Network : Broadcast : Subnet

Asterisk PBX:

This is configured in the DMZ with a private IP as Subnet and translated to a public IP as

I could reach the Asterisk server from internet and from the LAN without any problems. I also tried running other services in the BOX like the webserver and FTP server. It works perfectly from the internet and from the LAN.

I have configured few extensions and accessed the PBX from the 192.168.91.x LAN network. Absolutely no issues. The problem is when I try to regster a phone from the public network (internet). It registers, but the status is UNREACHABLE.

The remote phone can call a local LAN phone. It rings but only one way audio. The LAN phone cannot reach the remote phone.

I have opened all UDP ports, VoIP service between WAN->DMZ and DMZ --> LAN in the firewall and is properly translated .

Please let me know where I am going wrong. Hope my network topology is correct. I beleive it is something to do with NAT. The remote phone may or maynot be behind a firewall / router or a simple DSL router modem.

Your detailed solution in this regard will be highly appreciated.

Thanks for all your help.

Selwyn Abraham

Please refer to the site, … +solutions

Your problem is all related with forwarding ports…
Forward correct ports with the help of above link and you will find solution.

In your sip.conf file you will need to add:


In your firewall you will need to map udp port 5060 for sip to your asterisk server.

I’ve read people talking about opening up the rtp ports, but that’s totally unecessary for todays statefull packet inspection firewall.

As above you may have problems with:

  1. Port forwarding. Even though you have UDP ports open had you added any port forwarding to the DMZ IP address of the Asterisk server?
  2. When you add the combination of externip= / localnet= make sure that you add both the DMZ and internal LAN in the localnet settings (with two separate localnet= lines, one for each subnet).