Return to LanScape's home page Go back a page...       Active TopicsActive Topics   Display List of Forum MembersMember List   Knowledge Base SearchSearch   HelpHelp  RegisterRegister  LoginLogin

SIP Proxy and Media Proxy - Technical Support
 LanScape Support Forum -> SIP Proxy and Media Proxy - Technical Support
Subject Topic: SIP proxy on two WAN interfaces. Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 03 2014 at 10:15am | IP Logged Quote support

Note:
LS support received this email directly from a customer. We are posting this question here so we can share the information.
----------------------------------------------------

Hello,
We are costumers of your VoIP solution, and we are currently using the LanScape SIP proxy.

We have the proxy installed on a server behind a router/firewall. This router/firewall has a public IP, and softphones on remote locations are able to register successfully.

But now, we've configured a VPN for some softphones. My question is:
Does the proxy support connections from both interfaces simultaneously, WAN and VPN?
If so, how should I configure it? I guess I need to tell the proxy my VPN public IP?

Thank you very much in advance for your support.
Best regards,

A.C.

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 03 2014 at 10:21am | IP Logged Quote support

Hi,

From your description, it appears you have your LanScape SIP proxy deployed in your private network and it is configured using both a private IP address and your router’s WAN IP address.

Configure your VPN connections to get private IP addresses from the same sub-net as the private IP address of the SIP proxy. When your remote clients connect using the VPN, have their SIP phones configured to only use the private IP address of the LanScape SIP proxy for registrar and call functions. Everything should then work.


RJ
Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
alberto007
Intermediate
Intermediate


Joined: February 04 2014
Location: Spain
Posts: 13
Posted: February 04 2014 at 11:10am | IP Logged Quote alberto007

Hello,
Thank you very much for your response.

That is called transparent NAT isn't it? Unfortunately I cannot set up the VPN this
way as it bellongs to a third party organization.

I think my problem is the same as if I had two WAN interfaces on my firewall with
two different public IP address. Is the proxy able to receive connections from both
interfaces simultaneously?
If so, how should I configure it? What do I have to write in the WAN IP fields?

Thanks! Best regards,

Alberto
Back to Top View alberto007's Profile Search for other posts by alberto007
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 05 2014 at 9:34am | IP Logged Quote support

I think understand what you are saying. I thought your SIP proxy server machine was hosting the VPN connections for other client machines.

I don’t think you will be able to configure support for two separate network interfaces and two WAN IP addresses in the SIP proxy.

If you have two WAN connections (one via the NAT router and one via the VPN connection) why do you have to use both?

I will send you an email shortly. If you can send me a diagram (picture) of the deployment you fully want to achieve, I will look into this further.

RJ

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 06 2014 at 8:51am | IP Logged Quote support

We received this information from our customer:
------------------------------------------------

Hi RJ,

Thank you very much for your support. I’ve tried to draw the situation, I hope it’s clear.

I’ve dwran my infrastructure on the right side.:

·        I have a NAT router with a WAN interface with a public IP.

·        It also has a internal interface with network 10.100.0.0 and mask 255.255.0.0

·        I have the Centrex Proxy + Media Proxy on a local IP (10.100.11.44)

·        I have SIP softphones in the same internal network already registered on the proxy.

·        Soft phones can also register on my sip proxy through my public IP and the port which are redirected to the proxy.

·        But now, I also have a VPN tunnel with a third party organization, so I have different WAN IP for them



I need Soft Phone 3 and Soft Phone 4 to be able to make calls to Soft Phone 1 and 2

I have also redirected SIP ports from VPN to the local proxy IP (10.100.11.44) and in the Centrex Proxy configuration I can enter my public IP as WAN IP, but where should I write my other WAN IP which is used in the VPN?

Please, tell me if you need further information. I hope I’ve explaned the situation correctley.




Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 06 2014 at 9:00am | IP Logged Quote support

Alberto,

The scenario you show should be able to work ok without special configuration. We cannot specify multiple WAN IPs in the proxy configuration.

Due to the VPN, soft phone 4 will appear to have a private IP address in your current sub-net of 10.100.x.x (255.255.0.0) correct?

If so, soft phone 4 should be able to register and initiate and receive calls as normal using its own private IP address and ports (sip and rtp ports). From the standpoint of the SIP proxy, soft phone 4 will look like it has an IP address that is the same as the private side of your VPN.

Have you tested this?

Am I missing something?


RJ

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 07 2014 at 8:15am | IP Logged Quote support

We received this information from our customer:
------------------------------------------------

Hi RJ,

(I send you a new picture, as I cannot upload it to the forum)

Well, although there is a VPN, SoftPhone 4 is not in the same subnet as de SIP proxy, this is why I don’t know how to set this up.

I have set the WAN IP of the proxy to be 10.106.26.27 and, this way, SoftPhone 4 is able to register and to make a phone call to Soft Phone 1, but clients on the Internet such as Softphone 3 can no longer register.

What do I need to do?

Many thanks!!




Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: February 07 2014 at 8:48am | IP Logged Quote support

OK good information.

Keep the WAN IP address of the SIP proxy configured to use “WAN 1” IP address.

If you configure soft phone 4 to send SIP to the VPN router at 10.106.254.1, can you see the SIP traffic on the private side of the VPN at 10.100.1.1?

Soft phone 4’s network adapter should probably be set up to use VPN router 10.106.254.1 as its default gateway. You may want to use Wireshark to prove that SIP traffic is sent from soft phone 4 to the VPN router at 10.106.254.1.

Use Wireshark on the private side of 10.100.1.1 to perform packet captures to see if the SIP is coming through. See this link for Wireshark:
http://www.wireshark.org

If you configure soft phone 4 to send SIP to the VPN router at 10.106. 254.1, you should see the SIP traffic in your private network (“My infrastructure”) coming from 10.100.1.1. If you do see the SIP packets from 10.100.1.1, you may also have to set up port forwarding to the SIP proxy. I am not sure how to configure your specific VPN setup.

For this scenario, there is no need to configure multiple WAN IPs. The VPN should allow soft phone 4 to appear as if it is in your 10.100.x.x private network. It’s a matter of getting soft phone 4 configured to send SIP to the proper IP:port and possibly configure additional port forwarding in the VPN router(s).

Once you get SIP traffic flowing, then worry about the RTP media packets later.

You can also enable SIP logging on the LanScape SIP proxy. Press F1 for the proxy help file to be displayed and then look in the help file for:
“Proxy server configuration->Configuration dialogs->SIP Logging”

You can enable SIP logging to a file or to a remote SIP log server. You should have a copy of my SIP log server in your proxy installation directory. The default location is:

“C:\Program Files\LanScape\Centrex Proxy Server Enterprise\Utilities\SIP Log Server”

See the “SIPLogD Server User Manual.pdf” file for information on how to use the remote SIP log server.

If you get softphone 4 to register, that will be a big step.


RJ

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum






Contact LanScape Hear what the Lawyers have to say How youm may use this site Read your privacy rights