Allowing WAN to pass through FIREWALL for 6x - Sundance Business VOIP Telephone Help

I haven't had a configuration like this yet and was wondering if anybody had any thoughts.

We have a fiber connection with 6 Static IP Addresses. The I.T. manager has given me one of those addresses for the Allworx system. He (and I) would like to keep the phone network seperate from the Data network.

The Data goes into a SONICWALL firewall (I think either a NSA2400 or a TZ-210, will have to check next time I'm there). From there is goes into my set of PoE switches.

The Allworx is connected to the switch via the WAN port. It is configured to NAT/Firewall with DMZ. I have assigned the Static WAN IP and Gateway accordingly. I have created my own internal LAN IP addressing and have gone over the settings many many times, they are correct in this parameter.

My problem is that I cannot access the ALLWORX 6X from the WAN or remotely. The Firewall isn't allowing the :8080 to go through. The IT Manager has looked into opening up all the recommended SIP ports (and HTTP + more) on the SONIC WALL.

Has anyone had a problem similar to this or know of a better approach to accomplish what we are trying to do? Or has anyone used a SONICWALL product before an ALLWORX before?

Thanks

The first thing that I would try would be to ping the ip address that you have assigned to the allworx. Please take note that you can not access the allworx using the external ip address while you are on the current network. You must be using an ip address completely seperate from any of the six static address that you have.

Another option to work on the Allworx remotely would be to create a vpn connection using the admin login.

Yeah I can't ping that address. What he has is something like this:

(Ex:)
55.55.555.11
55.55.555.12
55.55.555.13
ect as external Static IP's

"Please take note that you can not access the allworx using the external ip address while you are on the current network."

- So are you saying that I should not be running through this SONIC WALL at all? I recommended that but he is adamant about it being passed through untouched.

I also did set up a VPN and will again but I'd rather have it the other way.

Thanks, I will discuss this on my next visit

I'm not familiar with any of those internal IP addresses. I'm sure they're OK--they just look a bit goofy to me. I'll ask my techs when they come in---whenever--next week to take a look at this thread. I might be able to find someone with experience with that Firewall thig-a-ma-gig.

Then you can't access the "Directory" or the Allworx at all?? What happens when you plug your laptop into the Allworx directly??

I've had trouble with remote problems before ---but not internal (that I can remember). Remote problems usually end up with a reboot of a switch, router, or the like. Don't be afraid to reboot/reset the Allworx either.

Last week a customer added two C.O. lines to a 6x--ports 5 & 6. I programmed them remotely and my tech cross connected them in. No dial tone, no nothing. I checked programming. All was good. We called Allworx support. They said it was two bad ports. (Pause---Pause). I told my tech to reboot the Allworx. Support said it wouldn't do anything. We rebooted---the lines were there.
Lesson learned---when in doubt--reboot.

Yeah Rebooting with the Allworx always helps, especially with the sets.

The IP's i gave are just examples of what he has for the external addresses. The internal is actually 192.168.9.2 and goes from there. And internally the system works great. Just can't get to it remotely with the Purchased Static IP the IT manager has given me. Which I will need to have working in order to provide them with SIP trunk service as well.

I'm almost 100% certain it's the Firewall

I'm with you on that. Let us know what happens---keep us in the loop. I'm curious as to what the solution is going to be.

Going there Wednesday and I will. thanks for your help!

Forget trying to run through wan port on allworx. But the unit in lan host mode. Have IT guy forward ports 8080 to lan port. The TZ210 can be segmented with multiple lans and wans.

Additionally, since you are segmenting traffic you will need to build a route in the sonic wall in order to allow traffic to pass through between allworx / phones and PC's for administration and call assistant.

rustynails is right. Run system in LAN host and handle incoming policies via the sonicwall.

I have had the system in LAN Host mode and tried what you are saying to do. At that time it didn't work. I'll try it again though. Doesn't help the IP isn't responding to any PINGS

Unless there is no other router on the network then there is no reason to have the system in any other mode then "lan host" mode (except for one, which IÃ¢â‚¬â„¢m not going in to). I have a feeling there is a disconnect between the IT guy and his ability to appropriately configure the sonic wall.

I just noticed that your router is a sonicwall. Sonicwall routers and SIP don't play well together. Try another router & I think you'll find the problem will go away.

Go to Network Configuration. Is "allow admin configuration on WAN interface" checked?

Just an update, bypassed the SONICWALL, got everything working. QoS a little lacking. They did have network issues and had them corrected witht their provider. Also been having lots of issues with the provider and a lot of our other clients.

There is a CODEC glitch with the 7.2.12.2 release where the system can only use g.711 for calls transferred to a Call Monitor from the Auto Attendant (primary answer). The ISP sends at G.729 but all seems to be working. Made some adjustments to the PoE switches and far as setting up a Voice VLAN. If it becomes unstable I will look into changing the programming to L2 Call Appearences instead of Call Monitor and button.

Talk about a learning experience. I've also enjoyed reading the 3 page VoIP post which is very informative and true. Glad we have this message board where we can all help each other.