[RESOLVED]: How to forward SIP signaling to an SBC in DMZ?


We have Asterisk v1.2.10 installed in a lab on a PC running Red Hat FC4. We also have a Session Border Controller (SBC) we are experimenting with. I am having a problem coming up with the correct configuration that permits me to force Asterisk to transmit “outbound” SIP Signaling to the SBC for outbound sessions.

For example, an internal phone places an outbound call. The INVITE goes to Asterisk. Suppose the IP addresses involved are:

internal phone: 3000@ (i.e. extension 3000)
SBC: (SBC’s private network side IP address)

external phone: 8000@ (i.e. extension 8000)

The INVITE from the phone to Asterisk:

INVITE 8000@
From: 3000@
To: 8000@

I realize this is not a general implementation, but suppose I have an [outbound] context in extensions.conf like the following:

exten => _[78]XXX,1, Dial(SIP/${EXTEN}@
exten => _[78]XXX,n,Hangup()

The INVITE from Asterisk towards the external phone:

INVITE 8000@
From: 3000@ (i.e. asterisk performs as B2BUA)
To: 8000@

That looks good. However, Asterisk places in the destination address of the IP header carrying the INVITE request. I wish Asterisk to produce an INVITE application layer message exactly as it normally would do, but I want the request to be transmitted to the SBC in the DMZ @ The context command above causes Asterisk to attempt to transmit the INVITE request directly to If I instead substitute the internal IP address of the SBC for in the Dial command above, Asterisk does send the request to the SBC, but the application layer content is then also changed to

INVITE 8000@
From: 3000@ (i.e. asterisk performs as B2BUA)
To: 8000@

No good.

What is the configuration required to motivate Asterisk to send an outbound SIP request to an IP address different from the destination IP address in the application layer message?

The SBC is configured to protect a SIP trunk. All the forum messages I have seen and the results of other searches on the Net indicate how to configure Asterisk to register with and communicate with an ISP or other telephony service provider. There is no registration function here. I just need to force Asterisk to always transmit outbound SIP messages to the SBC in the DMZ without affecting the application layer content. Is this something I can configure Asterisk to do, or must I resort to an iptables solution?

I saw some posts that I could add a line to a context such as:


but that didn’t work.


I have a similar configuration;
I use MJSIP as SBC but only as outboundproxy for my User Agents in order to register on Asterisk;
In my sip.conf (in the general section) I’ve tried with

outboundproxy = 160.X.X.X

but it simply doesn’t work.

Then, suppose you make outboun calls with a SIP provider, defined in sip.conf as:

outboundproxy = my-SBC-IP

for you outbound calls thn you have a route like:
exten => _3XXX,1, Dial(SIP/${EXTEN}@my-sip-p)
exten => _3XXX,n,Hangup()

And this works for me, ie I send an invite to my-sip-p using as outbound proxy my-SBC-IP.

What about your question?
If you use conf like this I thn it shuold work.

But what about calls between internal phones?





Hi. I have been remiss in not replying to you sooner. Your post helped me solve the problem. Thanks.

This is what I ended up doing:

In extensions.conf

exten => _[78]XXX,1,Dial(SIP/$(EXTEN)@
exten => _[78]XXX,n,Hangup()

In sip.conf


I referred back to my own solution and see I made a typo. The variable $(EXTEN) is expressed using the wrong brackets. It should be using the curly brackets {} as so:

exten => _[78]XXX,1,Dial(SIP/${EXTEN}@
exten => _[78]XXX,n,Hangup()