SIP Not Working Behind Pfsense

Janiboy

@chpalmer
Thank for the reply

but i dont know how to Set static mapping in Pfsense .

You already try pfsense with SIP ?

thanks

Derelict

@janiboy What does the SIP provider advise? Whatever NAT is configured in the Cisco should be able to be duplicated in pfSense but it would be far easier to know what those rules need to do. There is no "SIP." Every implementation is different especially where NAT requirements are concerned.

bingo600

@derelict

The ASA (PIX) has "Inspect SIP" as default ==> SIP ALG

The Cisco Modem might have the same stuff (ALG)
Prob. rewriting the outbound sip packets source ip from RFC1818 to the "Outside/Public IP"

/Bingo

Derelict

@bingo600 Yeah, that's why I asked for the config of the cisco and the advice from the SIP provider. They should know every last detail about what NAT, etc needs to happen (ROFL). The advice these days seems to be mostly, "be sure to disable any any SIP ALGs."

Janiboy

Thanks for the replies,

Sorry the provider wont give any details, because they don't want to loss their profit on the cisco router because every month we are billed.

i only have the IP on that cisco firewall.
IG0 - 10.200.94.182 /30 going to their modem
IG1 - 192.168.1.1/24

but i will try ask them again if they can provide it thanks.

Janiboy

@derelict @bingo600 i will get back to you guys once i have an update on our ISP side. Thanks

chpalmer

@janiboy said in SIP Not Working Behind Pfsense:

but i dont know how to Set static mapping in Pfsense .

I have several pfSense implementations with VOIP phones and other SIP devices behind. Generally these days most VOIP providers do not need static port but there are one or two that do.

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port

Janiboy

@chpalmer said in SIP Not Working Behind Pfsense:

https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#static-port

Thanks for the reply sir,

Is there any video or image that I can walk through this process, sorry because im new to it.

chpalmer

@janiboy

Go to /firewall_nat_out.php ( http://"yourfirewall"/firewall_nat_out.php )

or another way to describe..

Firewall / NAT / Outbound

... Ill get a screen capture momentarily..

chpalmer

Go down to mappings and then "add"..

chpalmer

The local address shown would be my SIP device/client machine. If it is a machine doing multiple tasks then adding the SIP port would be prudent.

chpalmer

"Outbound NAT Mode" then should be "Hybrid".

Janiboy

@chpalmer

i got this on my side, my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.

witch ip should i put on the source?

thanks

chpalmer

@janiboy said in SIP Not Working Behind Pfsense:

my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.

witch ip should i put on the source?

"SIP device/client machine."

The LAN device at 192.168.1.102

Janiboy

@chpalmer no need to add anything ? ok i will give it a try and get back to you thanks @chpalmer

Janiboy

@derelict Talked to SIP provider, They know about the config maybe non technical person, by the way sip cisco router model is Cisco 4321.

chpalmer

@janiboy said in SIP Not Working Behind Pfsense:

no need to add anything ?

???

The LAN device at 192.168.1.102

You need to add your client device as the "source".

bingo600

@janiboy said in SIP Not Working Behind Pfsense:

i got this on my side, my panasonic NS300 ip 192.168.1.102 , my WAN is 10.200.94.182.

Please note that even if your "Wan is 10.200.94.182" , that is not your public ip address (aka the ip address you are seen with on the internet).

Somewhere between your "Wan" and the internet someone is Natting your 10.200.94.182 , to a non RFC1918 ip address.

You could (from a browser behind your WAN) , go to this site : https://www.myip.com/

And it will show what IP you currently are seen as on the internet.

That would also be the ip address that external sip devices (phones/servers) should reply to.

/Bingo