Remote users CPE-based environment


Trying to set up a asterisk system for my office network with limited Network experience, and some asterisk knowledge.

I currently have the * box on a private ip address and it works perfect inside using polycom phones and sip. Of course I want my 2 remote users and their polycoms to be able to use the * box as their phone switch too and I am experiencing the typical problems of one-way audio, not being able to route calls to destination etc etc - all normal SIP problems.

I have read a fair bit on the internet about stun, IP tunnelling and am not really too up to speed about all of these, and there seems to be so many different solutions out there to this problem.

Does anyone have a known setup for remote users with the * box being on a private ip address that works? Do you need to use STUN and IP tunnelling or can this just be setup with changes to the firewall and config files?


Ports must be forwarded to the * box

UDP 5060 and then you need to RTP ports forwarded as well
10000 ~ 20000 is the “normal range” they are UDP as well When you have one way audio it is just about always the rtp so forward the ports and use a public stun server
STUN is a traffic cop or street signs which point your traffic to and from the remote points (the phones) with NAT in play and without STUN your packects could get lost along the way.

Now on some remote setups the router / firewall maybe a issue as well
Some CHEAPO home router with SPI just do not work with SPI (Stateful Packet Inspection) Turn it off for testing.

hi bubba,

I figured out the port forwarding

Been looking round the internet for a solution to this involving stun - there doesnt seem to be a howto guide, is it possible to do what you are talking about using polycom phones and asterisk. My remote users use polycoms and I want to provide service for them.

Do you know whether this is possible? and if so, can you point me in the direction of where I could find information on how to set this up - all the guides on stun seem to talk about what it actually is rather than step-by step guide.



I have no idea about the polycom but to use STUN there is no setup you just fill in the blank labeled STUN

Most hardware SIP phone are designed to used on the LAN not WAN

What blank do you mean, is this something in the asterisk config files?


No asterisk does not care about stun…

The stun server blank would be in the setup of the phone…but as we do not use SIP in a nat network, I do not know nor do I think they would have this option, as I said those SIP phones are designed with the LAN in mind not to be used across the net.

Most ATA’s do as they are designed for this…

Options to try are installing SER server and asterisk as the backend (HASSLE) there and routers out there which “work” for this (not cheap)
some type of heartbeat phone to server…

You can try to setup each phone on it’s ports and set the time really low…

Until polycom wants to become a real player in the VOIP world and adds STUN setting to the firmware they are a LAN product only…

I hear there is some way to get round this with polycom, like the heartbeat you mentioned, I am assuming that this is some kind of excess registration on port 5060 to the asterisk server which keeps port 5060 open. I am assuming that the issue here is the rtp traffic on a call which is still assigned randomly? Starting to think that a polycom phone might not the solution here…