Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VoIP Example Config
  •  
hhred

Messages: 12
Karma: 0
Send a private message to this user
hello all

here i have a config that works with VoIP:

My Winroute Version is 6.1.3 Build 789
My VoIP Provider is sipgate.
My VoIP Phone (HW) is: Grandstream BT-101

Ok, I only tested outgoing calls because Sipgate has no free numbers at the moment for my country, but anyway ....

The point is, it works but not in the way Sipgate, Grandstream or Kerio are recommending it.

First, i found in a newsgroup that the STUN services and NAT Portforwarding are counterproductiv.

With other words, you should use either STUN *** or *** NAT Portforwarding, but not both together.

Another thing is that it looks like Portforwarding with UDP Ports does not work correctly with Winroute!

The solution is:

First, at the service definitions, you have to edit the
RTP and the SIP Protocol like this:

Name: RTP
Protocol: UDP
Source Port: 5004 !!!
Destination Port: 5004
Protocol Inspec.: NONE !!!

do the same for SIP (Port Numbers: 5060)

Next you have to set up 4 traffic rules:

1)
Name: RTP outgoing
Source: IP of the BT-101 Phone
Destination: Network connectet to your WAN-Interface (Internet Interface)
Service: RTP
Action: Permit
Translation: NAT (default outgoing interface)

2)
Name: SIP outgoing
Source: IP of the BT-101 Phone
Destination: Network connectet to your WAN-Interface (Internet Interface)
Service: SIP
Action: Permit
Translation: NAT (default outgoing interface)

3)
Name: RTP incoming
Source: Network connectet to your WAN-Interface (Internet Interface)
Destination: IP of the BT-101 Phone
Service: RTP
Action: Permit
Source NAT: No Translation
Port MAP: Translate to IP of the BT-101
Transl. Port: 5004

!!!!!!!!!!!! see how the UDP Port Mapping works !!!!!!!!
rembember the service definition: source and destination Port are set to 5004 and now in addition a portmapping to IP:5004
is necessary to bring it up

4)
Name: SIP incoming
Source: Network connectet to your WAN-Interface (Internet Interface)
Destination: IP of the BT-101 Phone
Service: SIP
Action: Permit
Source NAT: No Translation
Port MAP: Translate to IP of the BT-101
Transl. Port: 5060

!!! again the UDP Port-Forwarding (Mapping to the same Port) is necessary !!!

At least, you have to configure your BT-101 Phone:
NAT Traversal: choose NO !!!!!!!!!!
leave "STUN server is:" blank

With this configuration it should work!

  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Have you reviewed the following Knolwedge Base article:

http://support.kerio.com/kb/203

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
hhred

Messages: 12
Karma: 0
Send a private message to this user
yes i have, but the way as it is described in the kb-article it will not work.

have you carefully read what i wrote about winroutes UDP portforwarding?!?

you can try this configuration with sipgate / bt-101 phone.
the costs are about euro 20,- for prepaid sipgate account and about euro 90,- for the bt-101 phone (including taxes and shipping).

you will see then that the portforwarding with UDP ports only works correct in the way i described above.

anyway, important is that there is a work around.

hubert
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
You mean that if you do not specify the target 'translate to' port (as if it where a different port than the incoming port) it does not work?

I can't speak for VoiP, but I do use UDP port forwarding without the port translation specified and it works just fine.
  •  
hhred

Messages: 12
Karma: 0
Send a private message to this user
ok, first sorry my poor english, still keep trying .... Cool

i did some more investigations in this subject:

the first 4 lines in the picture are showing the device status when i log on to my VoIP-SP.



index.php?t=getfile&id=764&private=0

as you can see my VoIP Service Provider (VoIP-SP)
uses a random destination port for the SIP protocol (54650, 54649, 54661 and so on).

on the other hand my IP-Phone is configured to use UDP Port 5060 for SIP and 5004 for RTP.

look at the service definitions:
not the destionation port but the source port is necessary to use the definition later in the traffic rules.

in step one is that the incoming SIP binds at the winroute firewall to a random UDP Port (see above, e.g. 54640).

in step two the port mapping forwards the SIP Protocoll to the internal IP of my VoIP Phone AND maps the random destiona port - in this example 54640 - to the fixed port (5060) of my phone.

in the same way the RTP protocol is handeld

  • Attachment: VoIP3.gif
    (Size: 31.63KB, Downloaded 3935 times)

[Updated on: Sat, 26 November 2005 01:16]

Previous Topic: HW Requirements
Next Topic: when application control will be added
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 17:57:59 CET 2017

Total time taken to generate the page: 0.00389 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.