Firewall states and voip.

jflaugh

Hello,

I have been fighting this issue all day I have a ESI VOIP phone that connects back to my company's PBX it only uses UDP 59102 to communicate if I let it sit for a time that I cannot determine yet it will say comm link lost I started to fix it by restarting the router and it did it again so I cleared the states that fixed it and it did it again so just cleared the two states just for the VoIP connection and it fixes it. If I reboot the phone it does not resolve the issue.
I do have 3 PAP2's for via-talk phone service proxied thru Siproxd and so far there is no issue there just the work IP phone. The changes I made so far are changed the Firewall Optimization Options to conservative and disabled scrubbing.
I attached a shot of the states when the phone is working I did not think ahead enough to shoot when it was not working.
My version is
2.0.1-RELEASE (i386)
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6
It is running on a VIA MPIA board with 512Mb of ram.

Thanks Jeremy

![esi issue.JPG](/public/imported_attachments/1/esi issue.JPG)
![esi issue.JPG_thumb](/public/imported_attachments/1/esi issue.JPG_thumb)

jits

I do believe if you require VOIP support, you may have to pay for it.
I've noticed most VOIP Questions on the forum, more than less, go unanswered.

chpalmer

Try making an outbound nat rule for that phone IP and make it a static route. If you have RTP Proxy active in SIPROXD make sure the highest port is lower than 59102. Just a theory I have…

You might also make an inbound nat and firewall rule for that phone. Limit it to the company server.

jflaugh

Thanks Chpalmer
I checked My rtp ports and they are 16300 to 16600 so I am outside that range.
I will try the port forward and outbound rule. It has only done this to me 3 times in the past 2 weeks I thought it was going to be a bigger problem. I did get A screen capture when the phone was down.

![no link.JPG](/public/imported_attachments/1/no link.JPG)
![no link.JPG_thumb](/public/imported_attachments/1/no link.JPG_thumb)

dhatz

@jits:

I do believe if you require VOIP support, you may have to pay for it.
I've noticed most VOIP Questions on the forum, more than less, go unanswered.

The problem with VoIP is that there are literally dozens of different software & hardware settings, SIP & RTP port rewriting, NAT-ing etc combinations, which make VoIP very difficult to troubleshoot, unless one has full data (i.e. packet-captures) and an intimate knowledge of every software & hardware involved.

VoIP troubleshooting is very different from troubleshooting e.g. web issues.

jflaugh

It actually uses only 1 port UDP 59102 it is what ESI calls their easy link it is VOIP but not SIP and RTP I even verified the 59102 by locking it down on my sonicwall that is now replaced and testing the phone.