How to enable the connection to 70 sip phones to a pbx in the cloud?
-
Hi, guys thanks for time and help
I am Migrating my current Firewall from CISCO ASA to pFsense,
My problem is that when I try to use pfsense as gw of the network of 70 phones only connect 38 as maximum to the pbx and also the calls between phones does not progress, but with cisco asa everything works fine configure my pfsense based on This document1 - https://doc.pfsense.org/index.php/VoIP_Configuration
2 - https://doc.pfsense.org/index.php/PBX_VoIP_NAT_How-toASA Configuration:
object-group service ASTERISK
service-object tcp-udp range 10000 20000
service-object tcp eq sip
service-object udp eq sip
service-object tcp eq 5061
service-object udp eq 5061
service-object icmpI do not work
note: i am using pFsense last version
Modify message -
This is phones only behind pfSense and an external PBX?
Can you describe exactly what happens when the phones are not working correctly? No incoming calls? No outgoing calls? No audio etc?
Steve
-
Thanks for your time
this is my connection:
Phone(SIP 5060)–--> PFSENSE---->ISP----->INTERNET---->CLOUD PBX (only 38 phone work from 70)
Phone(SIP 5060-----> CISCOASA--->ISP---->INTERNET---->CLOUD PBX (All phone working)pfsense:
1 - from 70 Phone only 38 works whit incoming/outgoing calls and sound.
2 - some times i lose phone registration to the PBX
3 - on sip show peers i can see my wan ip but many phones say unrachable -
Sounds like a firewall issue… are you sure you've mirrored the cisco config to pfsense?
If you disconnect a working phone does one of the non working start to work?
-
Hmm, yes is it always the same 38 phones that work?
So the non-working phones are not able to place or receive calls and sometimes lose registration entirely?
Steve
-
Remember that the ASA is "SIP Aware" , and it's default enabled under services.
Not that it should do something to a conn limit.Also you have port 5061 in your ASA rules , and refer to 5060 in the pfsense examples.
Someone here mentioned using siproxd , on pfsense
http://siproxd.sourceforge.net/SIP and NAT requires some thoughts , or a sip aware proxy to "modify" "the inside ip addr" , to the "outside addr" , in the "payload"
All of that stuff is being done by default , in the ASA.
/Bingo