Hi Tom,

Thanks for the quick response. I don't doubt you at all, just need to work the logic through in my head(!). As I understand it the 'undesired' effects of ALG are that it can modify SIP packets resulting in corruption and similar issues, resulting in failed calls. My SIP trunk provider has been quite helpful in asssiting with this, and they say that the relevant ports (5060, 9000-9049) required are not in fact open. I have validated that this is the case with various online tools also.

So, is that still symptomatic of ALG, and would the fact that outbound calls work (ie, my PBX initiating comms with the SIP trunk) also point to this? Or is it in fact a port forwarding issue?

Once again, thanks.

Stu

Hi Stuart, it may be an interesting idea to modify the state table of the router firewall. The first contention may be to disable the router firewall to see if everything works as expected. If that's the case, we can change the router state table to be more specific to your needs.

If you notice there is a default firewall rule to permit all outbound connection while deny inbound connection. We can make that work in your favor.

Please disable the router firewall and see if it works as expected, if so, I'll provide an example how to change the state table to work in your favor.

-Tom
Please mark answered for helpful posts

Hi Tom, Marty,

Tom, I've tried with firewall disabled, which did work. Drilling down specifically it was disabling one of the elements of the firewall that worked (can't remember which, not at office right now). Was a type of packet inspection from memory. Will post back later with details of the actual setting - might be helpful for others who may have this issue in the future, which is what these forums are all about

Marty, Now that looks very interesting. I'm going to head into the office now to try that - Being pre-occupied with getting the phones working before monday has meant I overlooked creating a QVPN user to do it remotely!

Guys, thanks for your help. Much appreciated and will post back with outcome.

Cheers

Stu

Stuart,

You can test with SIP ALG disabled. See the URL in the screenshot:

- Marty

Hi Marty,

Just had a look at this. I can get that hidden page, however there is no facility to disable SIP ALG. I assume this is down to different firmware version?

To clarify, my unit is running on V4.2.1.02

What version is running in that screengrab?

Cheers

Stu

Me again Marty,

Scrap that - Just upgraded to 4.2.2.08. Disabling SIP ALG was then available and I have disabled. Still no incoming calls though.

So I think we've eliminated SIP ALG being an issue, as ports still appear to be closed despite there being port forwarding rules.

Anything else to try?

Thanks

Stu

Hi Stuart, please try to disable the router's firewall entirely and let us know how that works out, if there is the same problem or not.

-Tom
Please mark answered for helpful posts

Hi Tom,

With firewall completely disabled the issue continues. Ports appear to be closed.

Stu

Hi Stuart, what type of internet connection do you have? What is the modem vendor and model number? Can you provide a screenshot of your port forwarding rules as well?

-Tom
Please mark answered for helpful posts

Hi Tom,

The connection is Ethernet First Mile (EFM). Modem is provided by our service supplier. Its a RAD EtherAccess LA-210. It appears to be locked down and I haven't been able to access any config pages for this. However, I believe it is setup as a bridge.

Screenshot of port forwarding:

Cheers

Stu

Bit of an update: Been on the phone to Cisco and had a webex session so they could go through the router. Definately no issues as far as the configuration is concerned. However, I was told that there is a known issue which means what we've tried so far is possibly all in vain anyway! Its been left with them now and they'll be coming back to me, possibly with a firmware fix. We shall see.. In the mean time, Tom, if you have any other suggestions I'm willing to give them a try!

Stu

Hi Stuart, try to modify the state table. This is an example

Action Deny

Service All

Source interface WAN

Source IP any

Destination IP any

Save

Action Permit

Service SIP - 5060

Source interface WAN

Source IP -xx.xx.xx.xx

Destination IP - xx.xx.xx.xx

Save

-Tom
Please mark answered for helpful posts

Hi Tom,

Still nothing I'm afraid...Thanks for sticking with this though!

Stu