Hello Everyone,

I am giving it a try to see how can this forum help me, yeah, my first post…

Well, with my installation everything is working fine, two PBX servers, both installed Asterisk/FreePBX. One is on public IP address(now on called voip1), and the other (voip4) is having NATing, from its outside IP address, to allow/nat everything inside on UDP 5060, 10000~20000.

For VoIP4, also sip_nat.conf is configured:

Everything with this setup is functioning for both VoIP1 and VoIP4, I have Snom and Aastra phone, connected to both, and they work together through IAX2 Trunking, just fine. But in our office, we have agents all around world, and we just started giving them our Aastra 53i’s, so they can connect. I configured the the Aastras just like the ones we have in our offices internally. These agents are to be connected to VoIP4, which is behind NAT.

So, as far as the configuration of Aastra is concerned, I had all the configurations done, just like the ones in the office, but instead, put the as the registrar and outbound server.

Story goes on, phones got delivered to the agents, one of them had 3 in his office in Romania, as soon as they turn on the phone, the phone registers just fine, and in the /var/log/asterisk/full, it shows: “chan_sip.c: Peer ‘50’ is now Reachable.”, in less than a minute, on some unknown cause, logs show: “chan_sip.c: Peer ‘50’ is now UNREACHABLE!”, and in this case, if I have the qualify=yes, the caller during that unreachable period gets the unavailable message. If I put qualify=no, the caller hears ringing, but the actual phone is not ringing at all (even worse). I also tried giving values like 999, 555, 2000, 3000 to qualify, and none seemed to help.

For all these extensions, I have canreinvite=no, host=dynamic, nat=yes, with g729 codec allowed only (which the phone supports, and is installed on PBX servers), type=peer.

Out router for all services, is Vyatta V.5. We have other services like our shared folders, and some other working just fine. Even the office phones have no issues.

I brought the registration time down to its lowest on the phones, but still, not short enough to catch the “UNREACHABILITY”…

I thought the issue is with VoIP4 being under NAT, so moved the agents to VoIP1 (even though that is not what we want), but still, same thing. I have a feeling that there is a misconfiguration, something which somewhere should be exclusively specified for these peers, to make asterisk understand that they are remote, so they it easy with them, or some sort of setting on the phone which I am now aware of?

I don’t know if I managed to explain everything, but should there be anything missing, please ask me, and I shall provide enough information to clarify.

I really need to get over this problem, since they are all on top of my head.

Any help is appreciated…

Many Thanks,

I would open up tcp on 5060 as well. some devices like tcp. although I believe the Aastra work either way udp or tcp that is.

disable g729 for now and take that out of the equation. register them with the external IP for now as you did. basically strip it down to the bare min. to get it working then bring those things back.

Make sure the firewall on the other end allows the RTP traffic as well. You can set it up as a trigger in the firewall for UDP 10000-20000

I don’t think the registration time has anything to do with it actually since asterisk (to my understanding) only sees an endpoint as unreachable after 2000ms. Basically two seconds. So it sounds to me like a port is closing or something.

I bet if you make a call right after it registers and then you have other hit that extension it will ring (beep as second call coming on another line etc) without any problem.

Look at your router logs that should also reveal some things.

I happen to have a demo box (no trunks) that is similar to what you’d be doing. It is behind nat and so on. You are welcome to try and register to it if need be. You could at the very least rule out the phone config if it in fact works as I know it to be working. Let me know.


We have seen this with old routers that have the nat timeout very low.

this post may be of help to you as its vyatta specific … 673365177d



I have had problems where I try to run more than one Aastra phone behind NAT.

The phones would show registration and were usable for around a minute or so, but after that, they became unreachable, or no audio, or they would ring then, nothing when you picked them up, but the other party was still ringing. Major grief :cry:

Snom handsets, on the other hand, seemed to work much better. As a reult, we only run a single Aastra phone behind NAT. anymore and we use a Snom.

Port forwarding may help for a single phone, however, there are some things you may want to try.

  • Stun: Try a public Stun server. is one. Search and tehre is a list there.
  • Another brand of phone: If you have them. Do you get the same issues with a Snom or with XLite / Bria ??
  • Router: Check out how your router handles SIP. Turn on / off any SIP ALG (Application Layer Gateway) and see what happens. Check firmware updates. Try using different SIP / RTP ports for different phones.

Be prepared for sleep deprivation and the consumption of a larger than normal quantity of alcohol when you finally succeed (or give up).

Good luck :smile: