DMZ for VOIP


#1

We got our VOIP lines working for outgoing calls, but our Peplink is blocking incoming. We tried to open up the ports, but this is not working.

We cannot figure out how to add the VOIP system to a DMZ. I looked at the manual which says to go to Advanced Settings, but we do not have Advanced Settings on our Peplink…

Any ideas?


#2

Hello,

If you could help with the following:.

  1. Ensure you have all ports needed forwarded (if hosting your own VOIP)
  2. Ensure Firewall on the Balance is opened up for those ports (I would allow everything for testing purposes).
  3. What Balance model do you have? As the user manual may vary as different models have different features.

May be helpful if we can see a simple diagram of your setup.


#3

Thanks. We have a Peplink Balance 20

It is connected like this:

Modem - Peplink - Dlink Switch - VOIP
The Switch also connecting to all other PC’s and phones


#4

Hosted PBX or onsite?


#5

It is on site


#6

Ill give you a list of to do’s later on in the day, give me a few hours.


#7

Looking forward to it. Our phone tech is back tomorrow, and can’t wait to have this working… :slight_smile:


#8
  1. Update to latest firmware 6.2.2 from website. Make sure you download correct firmware for the hardware revision of the Balance.
  2. Port Forward your SIP Signaling port or ports as well as your RTP ports to you PBX IP.
  3. Set PBX Server to an IP outside of you DHCP range of you VoIP Phones.
  4. Enable NAT Mappings from your PBX Internal IP outbound to your WAN IP’s.
  5. Put the Balance in “Compatibility Mode” (by default it will passthrough UDP 5060, if your different for your signaling port then you can define it underneath.
  6. Enable Intrusive Detection and Dos Prevention under “Access Rules”
  7. Open up your SIP Signaling and RTP ports Inbound and Outbound if necessary. Check the active sessions for SIP to see if your source and destination ports are correct. If not then your port hopping and configure firewall rules accordingly.
  8. Under “Qos” create an application for SIP and RTP and put them both on HIGH.
  9. Configure you WAN upload and download speeds very accurately.
  10. Put your MTU on Auto.
  11. Make your VoIP LAN lease time about 8 hours and configure your LAN DNS as 1. (Your PBX IP), 2. OpenDNS, Google (8.8.8.8). Any other Solid public DNS.
  12. Enable DNS Forwarding Setup under “Forwarding Setup”
  13. Take packet captures from the back page and analyze accordingly.
  14. Make sure your Time Zone is correct.
  15. Don’t forget to configure your Outbound Policy accordingly.

***There is much more to it obviously without knowing your entire network infrastructure, exact equipment, and what other traffic if any that you run through the Balance. being used. This is where I would start though.


#9

Thank you very much. We can’t seem to make it work at all. I am not a tech guy, but I am communicating with our Mitel technician that is installing this for us. He is wanting to replace the router now, and I do not know what else to do.


#10

Hello,

I would create a ticket and a member of our support staff will be able to take a closer look into the issue.

https://contact.peplink.com/secure/create-support-ticket.html


#11

Are you using SIP? Which ports are you opening? We have our Asterisk/SIP server behind a Peplink router. For SIP you will need to open on the firewall:

5060-5064 UDP
10000-20000 UDP

In order to for incoming calls to get to your Voip server you have to forward the inbound calls to it. On the Peplink under Inbound Access > Servers, create a server on your LAN. Then under Inbound Access > Services setup 5060-5064 pointing to the server, and again 10,000-20,000 pointing to the server.

Some SIP providers need ports 8,000 to 20,000 so you could try that if 10,000 to 20,000 does not work.


#12

This is because of your VoIP adapter is placed behind a router or a combined modem/route that is why Incoming calls go directly to voicemail without ringing your VoIP phone.
If you Try the following solutions it may resolve the issues. Please make changes one at a time and reboot your router and VoIP device each time to see if the problem is solved.
1.) Please check that you have Internet connectivity (try to view a few web sites) and check if your router/firewall settings have changed.
2.) Important Upgrade the firmware (firmware is similar to software) on the router. Most VoIP firewall isues are resolved by router firmware upgrade. For detailed instructions go to your router’s user guide or the manufacturer’s web site.
3.) Some routers alter SIP packets with the default configurations which creates VoIP service problems. From your router’s web configuration page (usually under configuration / firewall / advanced settings);

  • Disable Stateful Packet Inspection (SPI) if applicable.
  • Disable SIP Application Layer Gateway (SIP ALG) if applicable.
    4.) Try disabling your firewall (turn it off completely) briefly. Reboot your router and VoIP device and check if you can make/receive calls. If you can do so now then your problem was with your routers firewall configuration. You firewall is not allowing calls to your SIP phone. You can continue using your router as firewall disabled or if you want the firewall enabled on your router try following solutions.
    5.) Enable the DMZ option on your router which will open the firewall for one specific host. To determine the IP address or host (your VoIP device) to enable DMZ for, you will need to login to your router and look at the devices connected to it. From there you can get the internal IP address or host information that it has assigned to your VoIP device. For detailed instructions consult your router’s user guide, the manufacturer’s web site.
    6.) Disable DMZ and try forwarding only VoIP ports on the router to your VoIP device. The following ports are needed for VoIP communications from your VoIP device to the VoIPVoIP servers. Consult routers manual or call their technical support to forward these ports on your router/firewall:
    () port 5000-5500 for UDP and TCP
    (
    ) port 10000-20000 for UDP

Hope this will help you.


#13

A DMZ is a conceptual network design where publicly accessible servers are placed on a separate, isolated network segment. The intention of a DMZ is to ensure that publicly accessible servers cannot contact other internal network segments, in the event that a server is compromised. If you are facing problem to connect your VOIP system to DMZ you can visit below mentioned and you will find solution also. If still your problem is not solved you have to take the help of technician from relevant field.

https://en.wikipedia.org/wiki/DMZ_(computing)
http://nexcomdigital.com/voip-business-phone-systems-los-angeles/

Good luck.