SIP problem

Hi all!

I have an interesting problem that I’m not sure how to solve. Here’s my scenario. I have an asterisk box with NAT, no public IP directly attached. I also need to connect to a client’s network and an MPLS has been established between the client’s site and mine. I added an extra NIC on the server. My IP on that link is (gateway is .20), but the client’s PBX is in a 192.168.1.X address. On my asterisk I’ve added the route to the 192.168.1.X network (through gw) and I can ping their PBX and SSH into it, means the route is good.

Public IP: 65.25.147.X (NAT)
Local (internal) IP:

CLient’s PBX

Here’s my problem. When I make an inbound call from the client’s PBX into mine I receive an INVITE:

MY PBX ----------------------- CLIENT PBX
TRYING ------------------------>
OK ---------------------------->

And that is it! My call gets hung up because I do not receive the ACK back from the client’s PBX.

Looking into more detail into the SIP dialgo I notice that when I send TRYING to client I have this:

SIP/2.0 100 Trying Via: SIP/2.0/UDP;branch=z9hG4bK-e9b6a972d400ce35ba2a1561b1353c6b1-;received=;rport=5060 From: <sip:22463700@>;tag= To: <sip:40820200@> Call-ID: 6446F0EB@ CSeq: 1033907359 INVITE Server: FPBX-2.9.0( Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH Supported: replaces, timer [b]Contact: <sip:40820200@65.25.147.X:5060>[/b] Content-Length: 0

…and then on the OK that is next the problem persists: Contact shows my NATed IP. Additional to that, on the SDP (on the OK sequence) it also shows:

v=0 [b]o=root 2111849303 2111849303 IN IP4 65.25.147.X[/b] s=Asterisk PBX [b]c=IN IP4 65.25.147.X[/b] t=0 0 m=audio 13324 RTP/AVP 8 101 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=sendrecv

After debugging the client’s SIP I realize that his PBX sends me all the ACKs to my OKs, but to the public IP noted in the SDP’s ‘o’ IP4 field. Sometimes when I send OPTIONS I also see this message:

[b]SIP/2.0 403 From: URI not recognized[/b] From: "Unknown" <sip:Unknown@65.25.147.X>;tag=as54c88e87 To: <sip:>;tag= Via: SIP/2.0/UDP 65.25.147.X:5060;received=;branch=z9hG4bK6c2d9ca0 Server: DC-SIP/2.0 Organization: MetaSwitch ; => Client's 'PBX' is actually a softswitch from MetaSwitch Content-Length: 0 Call-ID: 1ff0d59a465117bb1049198d5603fa1c@ CSeq: 102 OPTIONS

I have asterisk (as noted in the SIP and SDP messages) and although I have FreePBX installed on the box I do everything almost entirely ad directly on the conf files themselves. The trunk configuration is this:

[Client] disallow=all type=friend qualify=yes insecure=port,invite host= dtmfmode=rfc2833 context=from-Telecable allow=alaw localnet= ;This is my MPLS IP range localnet= ;This is the PBXs IP range fullcontact=<sip:asterisk@>

I have added/removed localnet, I have added/removed nat=yes/no, I have tried using externIP. All of these options I have tried in the local trunk. Unfortunately I cannot do many changes to the general settings on SIP.conf since I have thousands of calls that come/go through my NATed IP every day.

What has me clueless is that for most of the time the IP of the server is right…

Any ideas…?

Thank you all!

localnet needs to go in the general section.

Also, you should not use insecure except as a positive decision because you really need it. If you have no secrets, you definitely do not need insecure=invite.

type=peer will, almost certainly, be more secure and cause less problems.

I added the localnet in the general settings and it seemed to work…, I think it is not as expected because when I do a

I don’t see any of the local or external IPs listed, but it seems to work…

Thank you sooo much for your help!!