GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Control » VoIP Telefone-System behind dual-WAN-Control
VoIP Telefone-System behind dual-WAN-Control [message #145282] Sat, 16 March 2019 18:07 Go to next message
T.Pajtler is currently offline  T.Pajtler
Messages: 2
Registered: March 2019
Hi!

We got the following Setup:

+ GW is a Kerio Control, latest FW, two WAN-lines
+ WAN1 is a FTTB, our main internet connection
+ WAN2 is „Deutsche Telekom" (provider), VDSL100
+ LAN is 192.168.0.0/24

Our provider will soon deliver our telephone numbers via SIP-Trunk on our WAN2-line.
Our IP-Telefone-System is a „Innovaphone 1060", and is just an IP-Client in the LAN.

Following questions:
+ We have to make sure that the Innovaphone connects to our SIP-Provider only on the WAN2-interface.
How can that be done? Do you have some practical tips?

+ Since the Innovaphone is in the LAN, behind the Control, we have to know
what traffic-rules we have to configure.
I found many information about it, but some seame to contradict others.
We read that we need to forward (MAP) SIP-Ports to the internal Innovaphone. Is that right?
We also found, that we then should change the protocol inspector of the default SIP-Service-Object.
Why, and is that true?

Thanks die any tips/ thoughts/ hints!
(And sorry for my bad english, i hate myself writing that dilettante..)

[Updated on: Mon, 18 March 2019 08:22]

Report message to a moderator

Re: VoIP Telefone-System behind dual-WAN-Control [message #145738 is a reply to message #145282] Wed, 08 May 2019 15:18 Go to previous messageGo to next message
T.Pajtler is currently offline  T.Pajtler
Messages: 2
Registered: March 2019
Push...?
Re: VoIP Telefone-System behind dual-WAN-Control [message #145740 is a reply to message #145282] Thu, 09 May 2019 06:58 Go to previous messageGo to next message
mwgbr is currently offline  mwgbr
Messages: 58
Registered: June 2012
Hi,

Quote:
We have to make sure that the Innovaphone connects to our SIP-Provider only on the WAN2-interface.
How can that be done? Do you have some practical tips?

To bind an internal host to a specific WAN interface for outgoing connections you need a traffic rule:
Source: IP from host (VoIP System)
Destination: Internet Interfaces
Service: Any or SIP / SIP TCP
Translation: Enable source NAT -> Use specific outgoing interface -> Interface: WAN2

Quote:
Since the Innovaphone is in the LAN, behind the Control, we have to know
what traffic-rules we have to configure.

Under Services, create a new one:
Name: VoIP RTP
Protocol: UDP
Source: Any
Destination: In range -> 10000-20000

Then create a traffic rule:
Source: Any or Internet interfaces
Destination: Firewall
Service: SIP, SIP TCP, SIP TLS, VoIP RTP
Translation: Enable Destination NAT -> IP from VoIP System (do not activate "Translate port as well").

Normally in the last rule, I would suggest to limit the "Source" to IP addresses from the VoIP provider. Unfortunately, Deutsche Telekom does not provide static IP ranges for their services, so you have to leave that to "Any". Make sure you have a VoIP system which can dynamically block IPs which try to authenticate to your system. Because of the open ports, that will be many.

Do not change the protocol inspector, because Kerio Control "speaks" SIP and can handle these connections properly.
Re: VoIP Telefone-System behind dual-WAN-Control [message #146871 is a reply to message #145740] Tue, 22 October 2019 13:20 Go to previous messageGo to next message
victorjohn9211 is currently offline  victorjohn9211
Messages: 1
Registered: October 2019
Location: Erina, NSW
This is a great conversation on VOIP telephone systems.
Thanks to all
Re: VoIP Telefone-System behind dual-WAN-Control [message #147821 is a reply to message #145282] Wed, 25 March 2020 10:46 Go to previous messageGo to next message
indrnet_djanki is currently offline  indrnet_djanki
Messages: 1
Registered: March 2020
Hello,

my configuration
+ FritzBox as DSL router
+ Kerio Control box
+ several PC' where one currently is the SIP device

I am also using a Kerio Firewall box and followed the above instructions, but left away the first part, as I do only have one internet source.
I am trying to connect SIP software (PhonerLite) on my PC behind the Kerio Control firewall to the FritzBox, but
Phoner Lite seem not to be willing to authenticate (register) with the SIP telephony service in the Fritzbox.

I saw a different recommendation in an older blog, which deals with port 5060.
In this recommendation the port range 30000 - 30005 was mentioned.

Can someone please help with setting up the services and port forwarding rules/traffic rules in Kerio Control ?

Thanks in advance for any help.

[Updated on: Wed, 25 March 2020 17:16]

Report message to a moderator

Re: VoIP Telefone-System behind dual-WAN-Control [message #147864 is a reply to message #147821] Fri, 27 March 2020 10:41 Go to previous message
samantha12 is currently offline  samantha12
Messages: 1
Registered: March 2020
thanks for this answered
Previous Topic: HTTPS Redirect
Next Topic: UPnP problems after upgrade
Goto Forum:
  


Current Time: Sat Sep 19 14:59:23 CEST 2020

Total time taken to generate the page: 0.03242 seconds