Ok, this has become my last resort for help...
Our provider has setup an Aspire system here at the main office for 30 phone inhouse, and we also have 5 IP phones and one softphone.
The IP phones and softphones all work ok internally over the LAN.
However, outside the main office, nothing connects.
I've checkd firewall settings on our PFsense firewalls (local and remote) and our VPN IPsec, PPTP, and OpenVPN. Everything works ok, we can access the network, access files and folders, ping any servers. EVEN ping the NTCPU of the aspire!
But for some reason neither the IP phones or the softphone can connect.
Via process of elimination, I'm pretty sure it's the aspire thats the issue. Is there ANY ports or settings on the aspire that need to be configured for this to work?
I've asked our provider but they are clueless, they keep hinting to buy their router to make it work. And I've yet to find a user manual on the NTCPU, does one even exist? I've also emailed NEC directly but they responded to contact my provider. Can anyone help!?!
I've read though thse posts on the forum:
https://www.sundance-communications.com/cgi-bin/ultimatebb.cgi?/ubb/get_topic/f/14/t/000845.html https://www.sundance-communications.com/cgi-bin/ultimatebb.cgi?/ubb/get_topic/f/14/t/002189.html https://www.sundance-communications.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=14;t=001439;p=0
But still no solution....
If I can't resolve these issues, we may have to return these phones.
Please, please, someone have answers...?
Thanks!
The VOIP/media gateway card(s) needs to be on the same network scheme as everything else(it should be). Otherwise it could be a port blocking issue either on your side or the remote side.
*DtermIP (Receive Port on Aspire PBX Side – System IP Phone)*
IP Phone DRS (Registration)/DRS Mate Port UDP 3456 84-03-02
IP Phone Signalling/PROTIMS Self Port UDP 3458 84-03-01
IP Phone Display Updates UDP 3459 Fixed
IP Phone H.245 TCP 10100-10131
(enter the first port – this is
the first port in a range of
32 ports used)
84-06-03
IP Phone Ready/Answer Port UDP 4000 84-06-11
RTP UDP 10020-10082
(even ports)
84-06-01
RTCP UDP 10021-10083
(odd ports)
84-06-02
-----------------------------------------------------------------------
*DtermIP (Receive Port at IP Phone Side)*
DRS Self Port UDP 3455 Defined in IP Phone Programming
IP Phone Signalling/PROTIMS Self Port UDP 3458 Defined in IP Phone Programming
IP Phone Display Updates UDP 3459 Fixed
RTP Self Port UDP 3462 Defined in IP Phone Programming
RTCP UDP 3463 Fixed
IP Phone Ready/Answer Port UDP 4000 84-06-11
H.245 Port “any port†Uses any available port from 1024+.
Set in IP phone program to 1024 for a
Constant port number
Hope this helps somewhat. From my many years of experience 99.9% of the time it's the network. Telling me it works internally and not externally is a HUGE red flag that something is screwy with your VPN either on remote or local. You should get wireshark (free) if these ports don't help you to see what is not being passed.
PS, ALSO check the setting on the NTCPU to see if you have the default gateway set to the router address.
WOW! ALL those ports have to be open!?! That's a lot...woa...
I'll check through all that to make sure it's all kosher.
Thanks!
Well, it didn't work.
Mind you the VPN works ok with EVERYTHING else, jut NOT with the Aspire, so I dunno why that would make you think it was an issue with the VPN...?
Also note, I can access all local websites via the IPsec tunnel, using the local IP (192), but can't access the Aspire admin website via the local IP. Isn't that even a little odd...? That's another reason why I think it's an issue with the Aspire...
Like I said, check the defualt gateway settings on the NTCPU.
I beleive this is the section you're speaking of:
10-12 : NTCPU Network Setup
correct?
The gateway should be my internal IP of the firewall, correct?
...just to confirm...
If yes, to both, then it's correct.
...is there anywhere to set DNS info? Perhaps it may be that too?
06 - NAPT Router
07 - NAPT Router IP Address
08 - ICMP REDIRECT
And do these need to be set to something...?
Not sure what they are...
No, you don't need all that. The gateway should be set to the same gateway everything else is on your network. Well, one thing you could do is DMZ the Aspire and see if it works or put it in front of your firewall.
"Mind you the VPN works ok with EVERYTHING else, jut NOT with the Aspire, so I dunno why that would make you think it was an issue with the VPN...?"
Because it works internally and not externally pointing directly to an IP/UDP connectivity issue. Troubleshooting 101.
Just put the phones outside the firewall.
Hmmm...yeah, I was thinking, if it came down to it to put the aspire on a DMZ...seams like maybe my only option now...I'll give that a try.
Mind you that I have seen firewalls that don't DMZ properly..one being the biggest POS firewall/router out there the Cisco PIX.
"POS"...? What deos that mean?
How did you make out with the phones outside of the firewall?
a question about the DMZ for clarification...
basically so when the aspire is on the DMZ, I'll now have to port forward all the ports listed above to the LAN, correct?
Well, I have to setup a DMZ on both ends, main and remote first, to see if the phones would work outside the firewall... correct?
...I could plug the IP phone directly into the internet at the remote site, but at the main site, not only would EVERYONE be without internet, but no phones too while I tested it... not to mention I'd have to drive 30+min to the remote site to test
hehe
Hmmm...I tried opening ALL ports on both the remote and main firewalls, and the softphone still couldn't connect.
POS Besides Point of Sale also means Piece of S***. One thing you could do is throw a mini switch in front of the router/firewall and give the Aspire a public IP adress scheme..depending on what you are using for internet access. NOte I have has some issues with Windows XP firewalls in the past with the softphone btw. My 2000 laptop never had an issue.
have you tried restarting the Aspire just for kicks and giggles? Can you ping the the Aspire? I will assume you set the IP phones with the primary DRS to match the Aspire IP address. Are the patch cords good for the Aspire and phones? You may need to run a packet sniffer on the network to see why the aspire packets are being dropped.
Coral
POS...ya, we think alike, was thinking the same thing. LOL
I thought about putting a switch infront like you suggested, but would that work? How would the aspire AND the firewall connect to the ISP?
Current Network:
internet - ISP Cisco trunk T1 voice/data - PFSense Firewall - Switch - Network/Aspire
Suggested Network:
internet - ISP Cisco trunk T1 voice/data - switch < 1 - PFSense Firewall 2 - Aspire
Not only, how would they connect to the ISP with the same static IP, but I would also have to port forward ALL ports through the firewall so that the main location could use the phones, correct? Unless I ran another switch off of the aspire for JUST phones? esentially making two networks, one for the phones the other for data network, possible?
Ya, win Firewalls are ALL disabled, they suck!
Jumanji
ya, I've restarted it many times, made no difference. no can't ping the aspire. yes, DRS is same as NTCPU. The provider opened the paackaged patch cords. a packet sniffer is a good idea.
I was thinking the aspire had some sor of firewall on itself, does it? Either port forwarding is off and/or aspire firewall was on. Only reasons I can think only the aspire wouldn't be reachable.
Thanks!
For test purposes have you taken the IP address and assigned it to a computer. Then try to ping it from outside the company coming in. Maybe that IP address isn't a global ip address. Just a side note.....I didn't think the cisco Pix firewall did QOS
FYI... The Cicso I speak of is a Cisco IAD2400 series.
Have you assigned the IP phones there IP address? YOu should be able to ping those ip's as well.
huh..? Internally the phones work fine. The issue is that nothing connects to the NTCPU/DRS from outside/remote.
Ok, How many public IP's do you have? Just one?
have about 50... of those available about 30...
what ya thinkin?
In each phone you should have to set up a IP address, the dns server. Are the guys who set your phone system up not wanting to do this for you? Because if they are asprire trained they should get tech support involved.
if he can't ping the aspire than something must be wrong with that ip address? It maybe assigned wrong or something. There is no firewall in the cpu of the aspire. Also there should be a pva card with an ip address as well. Is that correct??
But here is what I don't get, If you just paid someone to install IP phones in your office, where are those people? they are not done with their job
get em back or get a refund!!!
ok, maybe I need to clarify... or maybe I need to be clarified...heh...
Our phone provider came in and setup the entire "in-house" phone system. The aspire box, VM, conf phones, and all the desk phone stations... some 35 phones. In-house EVERYTHING works ok.
In addition to the in-house phones we got 5 IP phones and one softphone. The 5 IP phones go to the 4 remote offices, and the softphone goes onto a laptop of a remote user in Maine.
The firewall, servers, network infastructure I all build. Only the aspire equipment is from the provider.
When I setup the 5 IP phones and softphone inhouse, everything works ok. I know how to access and assign the IP, DRS, DNS of these IP phones and softphone.
The issue is when I use the 5 IP phones and softphone OUTSIDE/REMOTELY the main office network. I get a 'unable to find/connect to DRS'.
Yes, the remote offices and remote user all have VPN setup and working ok. They can access servers, http, ftp, and ping. BUT the IP phones and softphone DO NOT connect to the DRS/NTCPU.
So basically, now my options are...
- change the IP of the NTCPU and VOIP see if I can then ping these from outside.
- on the IP phone, set the gateway to the VOIP IP.
- make sure ALL gateway entries on the aspire point ot the firewall IP.
- change the firewall
- enable ALL necessary ports on ALL firewalls.
- put the aspire on a DMZ
- put the aspire infront of the firewall
And the reason I posted in here is asking has ANYONE had this issue? Or at least any idea, or direction to point me in, cause this is driving me crazy!
I've asked the installer/provider and they have no idea what's causing it. They're last response is.. "We think it's an issue with the firewall, and if you want us to look into it, we'd have to charge you for the time" ..."But, you know, if you buy our firewall, there would be no issue" But your firewall doesn't do anything near what we need our firewall to do!
So here I am, despirate, tired, and have no hair left to pull out... asking for your help or insight....
Thanks.
Btech and Coral I sent NoDoze a pm asking if he received a document cd with his system. I also ask him to check 10-12 and 84-05 for the slot his voip card is in to make sure it isn't the default IP address. I didn't really see it answered clearly in here. NoDoze please don't post that ip in the room. They might treat that like a password and frown on it.
No, I didn't get a "Aspire System Document CD"... I've actually been looking for one online, but couldn't find any documentation about the aspire box.
"In program 10-12 the default ip address is 172.something" ...NO. It's the IP of the NTCPU. X.X.X.166
"in program 84-05 for what ever slot you have your voip card in doesn't start with 172.something?"...NO. It too is the IP of the VOIP. X.X.X.169
???
OMG! I GOT IT WORKING!!!!!!!
"When an external DHCP server is operating, make sure to define Program 10-16. These
settings define the required addresses, and as long as the IP telephones are set for DHCP,
manually programming the IP telephones with these addresses is not required."
Section 10-16 wasn't setup at all!!!
I input the IP info
rebooted the aspire...
WAMMMO! Good to go!
The provider completely forgot to set it up! wow!
A HUGE THANK YOU TO YOU GUYS WHO HELPED ME!!!!!
NoDoze. Glad to hear you got it working!!! Yeah those are the manuals by the way.
Any mods up for changing the title of this thread?
Change the title of the thread? To what...? LOL
Anyways... Sorry to state, but it's NOT all ok...
When I came in this monring, the settings in 10-16 reverted back to the original..? Why is that?
AND if they reverted back, why am I still able to connect!?!
AND our remote user in Maine, still is unable to connect!?! However, I think his is a different issue...cause even his extention internally is giving a busy signal...?
Odd...very odd.
Any ideas?
ok, just made the changes, then rebooted, for some reason it's not saving my changes... can someone inform me how to save the config, so that it stays after it's rebooted...?
Thank you.
I'm going through all the manuals located on that page, but can't find anything about how to save config and reboot. Grrr...
I'd like to recommend that you edit your initial post, to update this topic's title to describe the current, precise trouble your experiencing. It may assist in your gaining additional assistance from more of our members (or even from our thousands of visitors whom may register to assist you) whom may have experienced similar issues with saving the configs/rebooting the system, etc. :thumb:
NEC Mods or Admins, if the topic's title does get updated by NoDoze, please delete this post. Thank you in advance-
ok edited it
personally, I like the aspire hell with the buring folder...hehe I thought it was quite appropriate
Some know I've been temped to do exactly that to the aspire box sitting in the server room
LOL
And based on how difficult it was to find help, or other people who had similar issues even via google, I think I'm the first!
The rebooting/save config issue is actually not related to the original issue, the original issue has been SOLVED! Sweetness!
Just need to save and reboot now
Anyone biting...?
Thanks!
When you save it are you letting the system write everything before you shut it down? There is a little red led that flashes when it is saving...you must wait till it finishes.
well, the time between I click save and apply, and when I climb the ladder, unscrew the box, hit the on/off button has to be AT LEAST 10min... So for it to save an IP address change, I'd think that'd be enough... But casue after the reboot it isn't saving, I suspect there is soemthing more to it.
Are we talking about the same 'SAVE'...?
I'm talking about the Save and Apply link located at the top of every web page of the Web Pro Admin...same?
But did you logout correctly?
logout by closing the window...?
how else?
Woa...!
I clicked LOGOUT! LOL
gave me blurp...about saving config, then it closed....is that what you mean...?
ROFLOL....sheeesh
Thanks!
Do I have to reboot after that? still?
Make sure when you enter your changes you hit apply and log out using web pro. If you are using pc pro don't forget you have to upload.
I am having the exact same issue with a system that I am trying to help another interconnect with. I think that the trouble with this customer's system is in the 10-16 area. The Router setting was not set so, I set it to the Gateway addtess. The DRS and MGC were set to the same address... I think that(based on my experience with the NEAX2000 system) the DRS should be set to the CPU address, correct?
Thanks in advance.
How did it work out for you NoDoze?
I can tell you that changing the gateway through the web interface, then saving to flash did not make it take effect. I had to reboot. (Don't forget to save and exit the web interface properly so changes get saved)
What I'd really like to find out is how to get this system to work without all the VPN stuff. Our dealer saw this demoed and the other dealer wouldn't share the secret. NEC probably wants nobody to know since that increases the value of the system. I'm certain it lies in the use of an external gatekeeper. This would allow you to let the gatekeeper reside on public space and you'd be able to just plug the ip phone in anywhere. Including behind a NAT router where it would obtain a private ip via DHCP. I'll gladly pay for anyone's time who knows how to set this up.
Regards - Ken