Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VOIP issues with Polycom's

    Scheduled Pinned Locked Moved NAT
    10 Posts 5 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      phpkid
      last edited by

      I know this has been discussed here many times but I have followed all the recommendations and no success. I have polycom 301+501 phones behind a pfsense box. They are on a separate vlan than data. Although all traffic is out a single WAN connection. I have enabled AON with static port for the phone vlan outbound nat. I have reset states and rebooted phones and pfsense, allowed all in firewall, etc and it still does not work. I only get one phone out of several to connect successfully. I am running pfsense 1.2RC3 and tried RC2 before upgrade with same results. I have talked to my phone vendor and they have had success with pfsense version 1.01 snapshot from april 07. Has anyone had success in this area with version 1.2??? I would hate to revert to a lower version. BTW….pfsense rocks!

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Can you try your setup with a single phone and see if it works then? Not sure about what happens to a static port if more than one client tries to use it. Also using an external STUN server for the phones might help traversing nat even with non static port mappings.

        1 Reply Last reply Reply Quote 0
        • P
          phpkid
          last edited by

          @hoba:

          Can you try your setup with a single phone and see if it works then? Not sure about what happens to a static port if more than one client tries to use it. Also using an external STUN server for the phones might help traversing nat even with non static port mappings.

          It works with one phone only just fine it seems.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            then try to make different phones use different ports like one of them using 5060, the next one 5061 and so on. that should work then. or leave the phones as is, don't use static ports and use an external stun server like I told you before.

            1 Reply Last reply Reply Quote 0
            • M
              mshadow
              last edited by

              @hoba:

              then try to make different phones use different ports like one of them using 5060, the next one 5061 and so on. that should work then. or leave the phones as is, don't use static ports and use an external stun server like I told you before.

              Polycoms don't support STUN servers yet…

              I think the using incrementing ports is the only solution at this time.

              What annoys me is other firewall apps such as IPCop work just fine with NAT and these polycoms.....The other features in IPCop are lacking compared to PfSense which does not make it an option.

              1 Reply Last reply Reply Quote 0
              • P
                phpkid
                last edited by

                Well I have spoke with my phone vendor and the STUN server is out as an option. They said they did have success with snapshot of PFS version 1.0.1 back in Feb or May (i dont remember exactly). So was the type of natting changed since then? 1.2 uses symmetrical from what I can tell. Will 1.0.1 version work better then 1.2? What features would I miss out on?

                Thanks,

                phpkid

                1 Reply Last reply Reply Quote 0
                • S
                  SunFire
                  last edited by

                  Would it be possible with some configuration option set on CLI to switch PFSense to the same NAT mode that was used in 1.0.1?
                  This is a big issue if you have about hundred phones deployed. Fixing all ports in all phones is not an option. I mean even the cheapest Linksys device handles this scenario plug&play…

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    If it worked with 1.0.1 but doesn't work now, the change to make most VoIP work (forcing static port on 5060 traffic) must have broken these particular phones.

                    What you need to do is enable advanced outbound NAT and use the automatically generated rule without checking static port. The opposite of this.
                    http://doc.pfsense.org/index.php/Static_Port

                    1 Reply Last reply Reply Quote 0
                    • P
                      phpkid
                      last edited by

                      @cmb:

                      If it worked with 1.0.1 but doesn't work now, the change to make most VoIP work (forcing static port on 5060 traffic) must have broken these particular phones.

                      What you need to do is enable advanced outbound NAT and use the automatically generated rule without checking static port. The opposite of this.
                      http://doc.pfsense.org/index.php/Static_Port

                      Enable or Disable AON??? I have AON enabled with the static port currently.

                      1 Reply Last reply Reply Quote 0
                      • C
                        cmb
                        last edited by

                        Turn the static port off and see what happens. It may fix it, if those phones don't require static port. That's the only reason it would work in a default 1.0.1 and not 1.2.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.