Cisco 7960 Sip ip phone connect to External Sip server

iceman2600

Please NOTE Sorry in advance for being so repetitive

I have a 2 external sip server

one server is hosted with powerpbx.org it's running freepbx

second external server is hosted with nextiva running it's own sip distro

here's the issue and I strongly believe it has to do with pfsense rewriting packets.

I factory reset my Cisco phone to boot to the one sever, it takes a while to connect (never happened before with linksys e1000 running ddwrt). request config and downloads the files goes to second phrase configuring vlan phone unprovisioned then request config again gets the config however it doesnt register the phone.

when i do a factory reset boot to server two it doesn't download any config file just says unprovisioned phone. this i know the server doesn't like the rewritten packets.

I forwarded port, set outbound to static ports. installed siproxd no luck everything…. Let any protocol in and out on wan firewall nothing. Sniffed it with wire shark says requesting file.... I'm just pretty much out of ideas.

podilarius

I have an office of 4 of these cisco 7960 and the secret is to get the firewall settings in the phone correct. There is a setting to let the phone know to send keep alives, and how often to do them. Since the states die by default around 30 minutes, I set mine to 10 minutes. To get it to boot, you have to make sure that the DHCP setver is sending it the correct tftp server address.
Mine all work perfectly even when all 4 are in use on a conference call.

iceman2600

@podilarius:

I have an office of 4 of these cisco 7960 and the secret is to get the firewall settings in the phone correct. There is a setting to let the phone know to send keep alives, and how often to do them. Since the states die by default around 30 minutes, I set mine to 10 minutes. To get it to boot, you have to make sure that the DHCP setver is sending it the correct tftp server address.
Mine all work perfectly even when all 4 are in use on a conference call.

Sounds good, I setup dhcp correctly it's using option 66. I know it works find that way because before pfsense I had a DDWRT router as my gateway. Did you have to forward any ports and where is the keep alive option on the phone how can I set it? Thanks, for the reply.

podilarius

No, I didn't forward any ports. You want to make sure these are set.
I place mine in the SIPDefault.cnf file so all phones pulls it.

Proxy Registration (0-disable (default), 1-enable)

proxy_register: 1

NAT/Firewall Traversal

nat_enable: 1                  ; 0-Disabled (default), 1-Enabled
nat_received_processing: 1 ; 0-Disabled (default), 1-Enabled

SIP Timers

timer_t1: 500                  ; Default 500 msec
timer_t2: 4000                  ; Default 4 sec
sip_retx: 13 ; Default 10
sip_invite_retx: 6              ; Default 6
timer_invite_expires: 180 ; Default 180 sec
timer_register_expires: 900    ; Default 3600 sec
timer_keepalive_expires: 120 ; Default 120 sec
connection_monitor_duration: 120 ; Default 120 sec

Or you can change Register Expires (number 4 main menu and number 11 in that submenu) in the phone.

iceman2600

@podilarius:

No, I didn't forward any ports. You want to make sure these are set.
I place mine in the SIPDefault.cnf file so all phones pulls it.

Proxy Registration (0-disable (default), 1-enable)

proxy_register: 1

NAT/Firewall Traversal

nat_enable: 1                   ; 0-Disabled (default), 1-Enabled
nat_received_processing: 1 ; 0-Disabled (default), 1-Enabled

SIP Timers

timer_t1: 500                   ; Default 500 msec
timer_t2: 4000                  ; Default 4 sec
sip_retx: 13 ; Default 10
sip_invite_retx: 6              ; Default 6
timer_invite_expires: 180 ; Default 180 sec
timer_register_expires: 900    ; Default 3600 sec
timer_keepalive_expires: 120 ; Default 120 sec
connection_monitor_duration: 120 ; Default 120 sec

Or you can change Register Expires (number 4 main menu and number 11 in that submenu) in the phone.

here's my cnf, let me know if im over looking something

Image Version

image_version: "P0S3-08-12-00"

Proxy Server

proxy1_address: "xxx.xxx.xxx.xxx"
proxy2_address: ""
proxy3_address: ""
proxy4_address: ""
proxy5_address: ""
proxy6_address: ""

Proxy Server Port (default - 5060)

proxy1_port:"5060"
proxy2_port:""
proxy3_port:""
proxy4_port:""
proxy5_port:""
proxy6_port:""

Emergency Proxy info

proxy_emergency: "xxx.xxx.xxx.xxx"
proxy_emergency_port: "5060"

Backup Proxy info

proxy_backup: ""
proxy_backup_port: "5060"

Outbound Proxy info

outbound_proxy: ""
outbound_proxy_port: "5060"

NAT/Firewall Traversal

nat_enable: "1"
nat_address: "xxx.xxx.xxx.xxx"
voip_control_port: "5061"
start_media_port: "16384"
end_media_port: "32766"
nat_received_processing: "1"

Proxy Registration (0-disable (default), 1-enable)

proxy_register: "1"

Phone Registration Expiration [1-3932100 sec] (Default - 3600)

timer_register_expires: "3600"

Codec for media stream (g711ulaw (default), g711alaw, g729)

preferred_codec: "g711ulaw"

TOS bits in media stream [0-5] (Default - 5)

tos_media: "5"

Enable VAD (0-disable (default), 1-enable)

enable_vad: "0"

Allow for the bridge on a 3way call to join remaining parties upon hangup

cnf_join_enable: "1" ; 0-Disabled, 1-Enabled (default)

Allow Transfer to be completed while target phone is still ringing

semi_attended_transfer: "1" ; 0-Disabled, 1-Enabled (default)

Telnet Level (enable or disable the ability to telnet into this phone

telnet_level: "0" ; 0-Disabled (default), 1-Enabled, 2-Privileged

Inband DTMF Settings (0-disable, 1-enable (default))

dtmf_inband: "1"

Out of band DTMF Settings (none-disable, avt-avt enable (default), avt_always - always avt )

dtmf_outofband: "avt"

DTMF dB Level Settings (1-6dB down, 2-3db down, 3-nominal (default), 4-3db up, 5-6dB up)

dtmf_db_level: "3"

SIP Timers

timer_t1: "500" ; Default 500 msec
timer_t2: "4000" ; Default 4 sec
sip_retx: "13" ; Default 11
sip_invite_retx: "7" ; Default 7
timer_invite_expires: "180" ; Default 180 sec

Setting for Message speeddial to UOne box

messages_uri: "97"
#******** Release 2 new config parameters **********

TFTP Phone Specific Configuration File Directory

tftp_cfg_dir: "./"

Time Server

sntp_mode: "unicast"
sntp_server: "64.90.182.55"
time_zone: "EST"
dst_offset: "1"
dst_start_month: "March"
dst_start_day: ""
dst_start_day_of_week: "Sun"
dst_start_week_of_month: "4"
dst_start_time: "02"
dst_stop_month: "Nov"
dst_stop_day: ""
dst_stop_day_of_week: "Sunday"
dst_stop_week_of_month: "1"
dst_stop_time: "2"
dst_auto_adjust: "1"

Do Not Disturb Control (0-off, 1-on, 2-off with no user control, 3-on with no user control)

dnd_control: "0" ; Default 0 (Do Not Disturb feature is off)

Caller ID Blocking (0-disabled, 1-enabled, 2-disabled no user control, 3-enabled no user control)

callerid_blocking: "0" ; Default 0 (Disable sending all calls as anonymous)

Anonymous Call Blocking (0-disbaled, 1-enabled, 2-disabled no user control, 3-enabled no user control)

anonymous_call_block: "0" ; Default 0 (Disable blocking of anonymous calls)

Call Waiting (0-disabled, 1-enabled, 2-disabled with no user control, 3-enabled with no user control)

call_waiting: "1" ; Default 1 (Call Waiting enabled)

DTMF AVT Payload (Dynamic payload range for AVT tones - 96-127)

dtmf_avt_payload: "101" ; Default 100

XML file that specifies the dialplan desired

dial_template: "dialplan"

Network Media Type (auto, full100, full10, half100, half10)

network_media_type: "auto"
#Autocompletion During Dial (0-off, 1-on [default])
autocomplete: "0"
#Time Format (0-12hr, 1-24hr [default])
time_format_24hr: "0"

URL for external Phone Services

services_url: "http://xxx.xxx.xxx.xxx/cisco/services/index.php"

URL for external Directory location

directory_url: "http://xxx.xxx.xxx.xxx/cisco/services/PhoneDirectory.php"

URL for branding logo

logo_url: "http://getgohard.com/cisco/asterisk-tux.bmp"

podilarius

timer_register_expires: "3600"
This is in seconds and is 1 hour. IIRC (and I might not), state timeout is around 30 minutes. Now, you can switch "Firewall Optimization Options" to conservative, but you risk a state staying open too long. I changed mine to 900 (15 minutes) to help with that. I don't have a NAT address set. You also have your control port on non-standard 5061. That could be provider related, but its different than mine.
I do have traffic shaping on as well. I don't use a SIP proxy service on the FW.

iceman2600

@podilarius:

timer_register_expires: "3600"
This is in seconds and is 1 hour. IIRC (and I might not), state timeout is around 30 minutes. Now, you can switch "Firewall Optimization Options" to conservative, but you risk a state staying open too long. I changed mine to 900 (15 minutes) to help with that. I don't have a NAT address set. You also have your control port on non-standard 5061. That could be provider related, but its different than mine.
I do have traffic shaping on as well. I don't use a SIP proxy service on the FW.

This worked out great… Thanks... It's funny I was like I know I have something set incorrectly. I had NAT 1:1 rule set once I deleted that and changed config boom registered and I got my branding logo. Thanks again... The other external server, I think it's my vendors config, because it not even downloading fw from tftp... I going to speak with them today, and compare configs.  8)