Phones regularly becoming unreachable

We have a Switchvox 310 with a total of about 30 phones at six different locations. Most of the phones are Digium, but there are about 10 Aastra phones. We are using WatchGuard Firewalls and Cisco Catalyst switches at most locations.

Over the past few months, we have had problems with phones becoming “UNREACHABLE” at all of the external locations. The phones at the location where the PBX sits do not have issues. After doing packet captures with tech support, we think that we have narrowed down what the problem is. The phones will register and then the PBX will send them their nonce password. The phones receive their password, but when they try to send it back, the packet is lost somewhere along the way. All of the correct ports are open to allow traffic, and we are not using SIP ALG or anything like that.

With the Aastra phones, I will manually get one registered, and then it will immediately knock another phone offline. The Digium phones will sometimes go into a “hollow” status and will not register even after a factory reset and being pointed to the configuration server. We have to take this phones to another network and then they register fine.

Does anybody have any idea what could be causing these issues? We are thinking that it might be a problem with our Cisco Catalyst switches. They were manufactured in about 2004~2005, and we think they might be a bit outdated. Any input would be much appreciated.

I’ve seen somehow similar scenarios when one router/firewall closes the return path too early - they either change the originating port number or do not allow the packets to pass. this can be solved by tuning the equipment to increase the udp "sessions"
though in your case, the delay seems quite short (if it is the 2nd register with the nonce encrypted password that gets lost)


In monst phones there is an option how often the device will re-register with the server. Change this setting to something like 60 seconds.

Thank you for your input. We have already changed the UDP timeout setting on our firewalls, as well as the registration period on the phones. The problem still persists.

Dumb question but do you port forward all the appropriate ports, sip and rtp? Also have you setup the externip and localnet in your sip.conf file?

Yes, all of that is setup. We have had Digium take a look at the PBX through VPN Technical Support, and they say that everything looks fine. That is why I am taking to here for some seperate opinions.

Change the re-register in the phone to 30 or 45 seconds and in each extension in the sip.conf add the lines

qualify=25000 ;25 seconds
qualifyfreq=45 ; 45 seconds

Let me know if it worked.

See more details here: