This has been bothering me for at least a week so I hope there is someone out there that can help.
Here is my setup in order (the IPs have been changed for security reasons):
Asterisk server (most current release) with private IP 10.10.3.3
SonicWALL NSA4500 with public IP 188.8.131.52/24
SonicWALL NSA240 with public IP 184.108.40.206/24
VOIP Phone (Grandstream GXP2000) with private IP 10.10.1.98
Here is the problem–when I first boot the phone everything works fine. I can make calls and receive calls both internally or externally with no problem. Then after about a minute I lose the ability to receive calls. I can still make calls to internal or external phones [from this extension] but all incoming calls to this extension receive the message, “The person at extension 299 is unavailable…”
If I run a “SIP SHOW PEERS” the entry for the phone reads:
I also see something strange in the NSA4500 logs:
Time: 11/12/2010 14:48:12.192
Category: Network Access
Message: ICMP packet dropped due to policy
Notes: ICMP Destination Unreachable, Code: 3
This is the packet detail for the dropped packet:
Ether Type: IP(0x800), Src=[00:90:1a:42:e3:4d], Dst=[00:17:c5:19:e6:ed]
IP Packet Header
IP Type: ICMP(0x1), Src=[220.127.116.11], Dst=[18.104.22.168]
ICMP Packet Header
ICMP Type = 3(DESTINATION_UNREACHABLE), ICMP Code = 3(PORT_UNREACHABLE), ICMP Checksum = 4881
Inner IP Packet Decode:
IP Packet Header
IP Type: UDP(0x11), Src=[22.214.171.124], Dst=[10.10.1.98]
UDP Packet Header
Src=, Dst=, Checksum=0x0, Message Length=514 bytes
On the NSA240 I have the following:
A firewall rule to allow all inbound traffic from 126.96.36.199 to go to 10.10.1.98.
A firewall rile to allow all outbound traffic from 10.10.1.98.
A NAT rule to translate all inbound traffic from 188.8.131.52 to 10.10.1.98.
On the NSA4500 I have the following:
A firewall rule to allow inbound traffic from 184.108.40.206 on ports 2727, 4569. 5036, 5060 and 1000-2000 to go to 10.10.3.3.
A firewall rile to allow all outbound traffic from 10.10.3.3.
A NAT rule to translate all outbound traffic from 10.10.3.3 to 220.127.116.11.
A NAT rule to translate all inbound traffic from 18.104.22.168 to 10.10.3.3.
The configuration in sip_additional.conf for this extension has the following settings:
Thanks in advance,