VoIP don't works

ColMar

Hi,
I have a USG60W and one public IP address. I have configured several NAT rules Server type to allow Internet users to view internal WEBCAM and WEB Sites. All works fine, but ... VoIP (SIP) don't works.
I have created a 2 NAT rules
1- Server type with source address my PublicIP, nat-loopback, service group VoIP (custom service) and destination my PBX local IP
2- Server type with source address any, NO nat-loopback, service group VoIP (custom service) and destination my PBX local IP
On the security policy I have allowed traffic to local IP of PBX server and service group VoIP, from all source.
The result is that from Internet, the client phone don't reaches the PBX server.
The ALG is disattivated.
Several month ago, I had many public IPs and with 1-1 NAT rules, all works fine. But, now, with a Server type NAT rule, don't works.
What kind of check can I do?
Thank-you

CHS

What do you mean VOIP doesn't work? 
Dose SIP client has registered successfully? or voice with the problem?
Does SIP client is behind an other NAT router? or working on public IP address?
If there is detail scenario may easier to find the reason.

Zyxel_Charlie

@ColMar
Regarding to this case,
on NAT rule, what ports or service did you configure?
Can the lan SIP clients communicate with each other without any issue?
During the issue, can you capture the wan, lan packet, and private message to me.

ColMar

SIP client cannot be registered 405 error sipserver.sirioinformatica.it on 5060 udp
The Zyxel is behind a NAT router, but I can forward other tcp/udp service.
The router has DMZ to Zyxel and no firewall enabled.

ColMar

OK, I have captured the traffic from FIBRA2 (wan) and WLAN (local PBX TOGNAZZI), while the SIP client tries to connect and fails with 405 error.
In the NAT, Voip Group Service have 4000-20000UDP.
In the Policy, VoipIPFromE... contains the source public IP of the workstation with the SIP Client software.
Thank-you

ChrisGer

Hello,

i've had this issue a view years ago and it was tricky to solve the issue.

-> disabled SIP ALG -> rebooted the device to activate this change

-> outbound 5060udp/tcp (tcp for proxy) to dedicated destinations of your PBX-Priovider

-> inbound -> sip-registar to internal SIP registart port of your PBX

-> inbound -> RTP is depending by the PBX specs (port range).

-> outboud -> extrem large range of ports and destination = any.

and so on. anything configured like this elementary parts ?

regards

Chris

Jeremylin

It seems the 404 not found and 401 unauthorized appeared on the packet, so you may check the client information add in server correctly..
Also, did you create the NAT rule on the another NAT router?

ColMar

Yes, I have activated the log on the SIP Client and I can see that the user-agent is TP-Link, my modem/router. So I think that the problem is the router tp-link archer vr1210v, that intercept the SIP packets, but I have disabled firewall, ALG and put the zyxel WAN interface on DMZ, but nothing works :-(

Jeremylin

Can the USG get public IP directly?
To make scenario purely, try to remove the TP-Link device, let USG get public IP and check it again.

ColMar

I need a modem to get public IP. I can try another modem but the system is in a ptoduction environment and I can try thath only as last chance. I'm waiting rhe answare from TPLink support but... no asware yet.