VOIP issues with Polycom's



  • I know this has been discussed here many times but I have followed all the recommendations and no success. I have polycom 301+501 phones behind a pfsense box. They are on a separate vlan than data. Although all traffic is out a single WAN connection. I have enabled AON with static port for the phone vlan outbound nat. I have reset states and rebooted phones and pfsense, allowed all in firewall, etc and it still does not work. I only get one phone out of several to connect successfully. I am running pfsense 1.2RC3 and tried RC2 before upgrade with same results. I have talked to my phone vendor and they have had success with pfsense version 1.01 snapshot from april 07. Has anyone had success in this area with version 1.2??? I would hate to revert to a lower version. BTW….pfsense rocks!



  • Can you try your setup with a single phone and see if it works then? Not sure about what happens to a static port if more than one client tries to use it. Also using an external STUN server for the phones might help traversing nat even with non static port mappings.



  • @hoba:

    Can you try your setup with a single phone and see if it works then? Not sure about what happens to a static port if more than one client tries to use it. Also using an external STUN server for the phones might help traversing nat even with non static port mappings.

    It works with one phone only just fine it seems.



  • then try to make different phones use different ports like one of them using 5060, the next one 5061 and so on. that should work then. or leave the phones as is, don't use static ports and use an external stun server like I told you before.



  • @hoba:

    then try to make different phones use different ports like one of them using 5060, the next one 5061 and so on. that should work then. or leave the phones as is, don't use static ports and use an external stun server like I told you before.

    Polycoms don't support STUN servers yet…

    I think the using incrementing ports is the only solution at this time.

    What annoys me is other firewall apps such as IPCop work just fine with NAT and these polycoms.....The other features in IPCop are lacking compared to PfSense which does not make it an option.



  • Well I have spoke with my phone vendor and the STUN server is out as an option. They said they did have success with snapshot of PFS version 1.0.1 back in Feb or May (i dont remember exactly). So was the type of natting changed since then? 1.2 uses symmetrical from what I can tell. Will 1.0.1 version work better then 1.2? What features would I miss out on?

    Thanks,

    phpkid



  • Would it be possible with some configuration option set on CLI to switch PFSense to the same NAT mode that was used in 1.0.1?
    This is a big issue if you have about hundred phones deployed. Fixing all ports in all phones is not an option. I mean even the cheapest Linksys device handles this scenario plug&play…



  • If it worked with 1.0.1 but doesn't work now, the change to make most VoIP work (forcing static port on 5060 traffic) must have broken these particular phones.

    What you need to do is enable advanced outbound NAT and use the automatically generated rule without checking static port. The opposite of this.
    http://doc.pfsense.org/index.php/Static_Port



  • @cmb:

    If it worked with 1.0.1 but doesn't work now, the change to make most VoIP work (forcing static port on 5060 traffic) must have broken these particular phones.

    What you need to do is enable advanced outbound NAT and use the automatically generated rule without checking static port. The opposite of this.
    http://doc.pfsense.org/index.php/Static_Port

    Enable or Disable AON??? I have AON enabled with the static port currently.



  • Turn the static port off and see what happens. It may fix it, if those phones don't require static port. That's the only reason it would work in a default 1.0.1 and not 1.2.


Log in to reply