atcomsystems.ca/forum Forums Other TDM Phone Systems Sprint - Tadiran Telephones & Systems Anyone have IP UGW behind firewall?

WHat needs to be done to get this to work ebhind firewall?

I am being told that I need to forward to 1 public addy for signaling (and enter that into phone for CA)- port 2427

THEN, forward another public IP to the internal ip for media with ports 16400-16499 and then it should work.

I even went so far as creating 1-1 NAT with each Ip going to it's corrwsponding internal IP and allowed ALL ports.

I have the Public IP for signaling in CA1.

I have been able to get the sginaling, but no voice over the phone.


Anyone make this work successufly with a REAL internal Firewall on the office side (not a little Linksys NAT box)?

You are supposed to either have a VPN setup or a Coral Sentinel. That being the case I have had it working in situations you described. You have to remember that the public IP of the remote station has to be unique to all connected. You never forward anything to the media gateway card. It's always to the UGW and its UDP. Easiest way to see if your firewall is hosing it up, is putting the UGW in front of it (prob need another pub IP to test it this way). I would have no problems exposing the UGW as it's not a windows device and can't be hacked. Trust me it's gonna be your firwall screwing things up if nothing is being blocked by your provider. Just check your IP setting on the UGW card to make sure it's looking back at the gateway (router).

Also:

Make sure that the firewall sends ports 16400 thru 16992 (UDP) to the gateway.

If you are setting FW open ports 2427 & 5060 for sig.
and for media to be on the safe side open 16400 till 17680.

Thanks,. I may just throw it in front of firewall and be done with it.

BTW, even with VPN it did not work (from my house to the office). I have hardware to hardware VPN, but the setup will just be a few phones scattered throgh out the country connecting remotly to central office, no vpn.

You might also check the far end where the IP Phone sits if it is behind a firewall it might be blocking traffic coming back from the UGW.

Yep, definately firewall issues if you had a VPN and it didn't work. Ya, Dustin is right the far end has to be open as well. Good way to really nail it down is with Wireshark.

I have to agree with Coral Tech in saying that it is probably being blocked by the firewall. If you get the phone going 2427 is setup correct. What you are missing is the media gateway to make the conversion from IP to TDM. You need to open UDP ports 16400 through 16490. When that is completed you should have voice in both directions.

16992,16940,17680 ?

What is the top end?

I have a customer that is looking at hooking at a couple of t208's outside without a sentinel and I want to make sure IT gets it right

Base RTP port + (MAX calls per MGW * 10) =

16400 + (128 *10) = 16400 + 1280 = 17680

Not every installation without Sentinel will work even if you will open all ports.

I am having a similar issue here.
We initially tried putting the UGW behind our SSG20 firewall, with all necessary ports open, and were only getting sync, but no voice.

I currently have the UGW outside of our firewall (on an unmanaged switch between our cable and our firewall) and am still getting no voice traffic. The phones will see the CA and sync up, even place a call, however there is no voice traffic.

I know the hardware itself works, because when i set it up inside our network, I get voice no problem.

So, I currently have the UGW facing the outside world, with the sync and the media having 2 different public IPs, and still no voice.

I'm basically stumped, any suggestions to try?

Thanks in advance!