Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: VoIP / Vonage?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: VoIP / Vonage? - 3.Aug.2004 4:59:00 PM
|
|
|
telech
Posts: 36
Joined: 14.May2004
From: Pittsburgh
Status: offline
|
When I try to define the new protocol - for example the "Vonage RTP" one, it says that the changes cannot be applied because a protocol has to be either inbound or outbound, but not both. That is to say, it's not allowing me to add both send receive and receive in the primary connection together. So did you get around that problem by making two separate protocols for each of these, one in and out out, or did you make one or the other a secondary connection in each?
|
|
|
|
|
RE: VoIP / Vonage? - 3.Aug.2004 5:28:00 PM
|
|
|
rz
Posts: 36
Joined: 4.Dec.2003
Status: offline
|
quote:
Originally posted by Telech:
When I try to define the new protocol - for example the "Vonage RTP" one, it says that the changes cannot be applied because a protocol has to be either inbound or outbound, but not both. That is to say, it's not allowing me to add both send receive and receive in the primary connection together. So did you get around that problem by making two separate protocols for each of these, one in and out out, or did you make one or the other a secondary connection in each?
Are you selecting "UDP" ?
|
|
|
|
|
RE: VoIP / Vonage? - 3.Aug.2004 6:45:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
What happens if you introduce a second phone on to the Internal network? Are incoming connections still allowed? That is to say, can I call you when I'm behind a NAT device?
Thanks!
Tom
|
|
|
|
|
RE: VoIP / Vonage? - 4.Aug.2004 5:41:00 AM
|
|
|
telech
Posts: 36
Joined: 14.May2004
From: Pittsburgh
Status: offline
|
Yes, I'm selecting UDP for my protocol. I tried to make a UDP protocol definition that did both Send Receive and Receive on ports 10K-20K as primary connections. When I'd try to finish the wizard, I'd get that error. Give it a try. You'll see what I mean. Making the Receive part of it a secondary connection in the same definition makes it leave you alone, but I wasn't sure if that was okay.
|
|
|
|
|
RE: VoIP / Vonage? - 7.Aug.2004 3:44:00 AM
|
|
|
stibap
Posts: 18
Joined: 29.Jun.2003
Status: offline
|
A few questions about Vonage setup.
If under Protocol Rules (ISA2000) all IP traffic is allowed is it still necessary to create additional Access rules, a quote:
Allow -> selected protocols
==========================================
DNS
NTP(udp)
Time(UDP)
Vonage RTP (udp)
10000-20000 UPD Send Receive
10000-20000 UDP Receive
Vonage SIP (UDP)
5060-5061 Send Receive
5060-5061 Receive
Vonage TFTP (UDP)
69-69 Send Receive
69-69 Receive
Like Tom said several times, I too don't see how this could work without Server Publishing Vonage and not creating any incoming rules.
If those of you who got it to work can share even more details, obviously, everyone would appreciate it.
Thanks.
|
|
|
|
|
RE: VoIP / Vonage? - 10.Aug.2004 5:18:00 PM
|
|
|
ntw
Posts: 1
Joined: 10.Aug.2004
From: Washington, DC
Status: offline
|
Well, if you apply the rule to only the IP of your ATA, I don't see a problem. I'd love to see a worm install a TFTP server on it :-)
|
|
|
|
RE: VoIP / Vonage? - 20.Aug.2004 10:02:00 AM
|
|
|
mwells1
Posts: 1
Joined: 20.Aug.2004
From: Auckland, NZ
Status: offline
|
I've used two Vonage phones through the same ISA 2000 server with no difficulties. Oddly, it was plug-and-play, which means the correct outbound ports must already have been open (I did have the server enabled for VPN, both in and out).
I'm certain that you do not need establish any server rules. The phone appears to establish and maintain an outbound link to the Vonage server, much like an instant messaging client.
/// Mike
|
|
|
|
|
RE: VoIP / Vonage? - 10.Sep.2004 9:06:00 PM
|
|
|
Guest
|
quote:
Originally posted by Bruce Williams:
I have vonage using ISA2004 Standard and a Motorola ATA
Here is what I've done, works for both incoming and outgoing calls
* Setup the modem with a fixed IP address in the LAN range (see vonage installation manual).
* In ISA2004 create a computer object that represents the Motorala ATA ip address
* Create the following Access Rule
Allow -> selected protocols
==========================================
DNS
NTP(udp)
Time(UDP)
Vonage RTP (udp)
10000-20000 UPD Send Receive
10000-20000 UDP Receive
Vonage SIP (UDP)
5060-5061 Send Receive
5060-5061 Receive
Vonage TFTP (UDP)
69-69 Send Receive
69-69 Receive
============================================
to -> External.
That's all I did and it works fine. I found no need to create incoming rules.
Optional:
I have refined the access rule to go to vonage subnet 216.115.16.0/20 by creating a subnet object.
They (vonage) also use ntp0.usno.navy.mil (192.5.41.40) and Global-Crossing as the link to the phone system.
So if you wanted to go wild you could create the following network objects
Vonage Subnet object (in subnets)
Vonage Time Sync object (in computers, or computer ranges)
Vonage RTP object (global crossing subnet)
Then have the protocols directed to those objects only.
IĈm a little confused. When I create a protocol definition, I can only specify a single port for the primary connection, and multiple ports for secondary connections. How are you defining the port for the primary connection?
Thanks,
Cameron
|
|
|
|
|
RE: VoIP / Vonage? - 11.Sep.2004 9:00:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Cameron,
Not true! The ISA firewall allows you to create a range of primary ports.
HTH,
Tom
|
|
|
|
RE: VoIP / Vonage? - 4.Aug.2005 5:10:00 PM
|
|
|
cybersmith
Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline
|
So I followed your instruction so the T... and as soon as I got the protocols enabled, the phone light came on on the unit, so it appears to be communicating. I tested inbound and outbound phone calls, however, and while it rang in and out, no voice was transmitted in either direction. ![[Frown]](/image/smiles/frown.gif)
Upon further investigation of the IPPEXTD logs, I found the following ports were still being blocked:
69
12922
13296
33960
34563
37318
44753
My rules are exactly the same as you specified, so I don't know why it would block those first 6, cause they are allowed! There were at least a hundred entries each of 12922 and 13296 being blocked, so I'm betting these are the true problems... but why would they get blocked when I have specifically allowed them?
And I'm still on ISA 2000... anybody have any ideas?
*sigh* and the headache continues...
[ August 04, 2005, 05:15 PM: Message edited by: Mr. Fix It ]
|
|
|
|
|
RE: VoIP / Vonage? - 13.Aug.2005 7:57:00 AM
|
|
|
Guest
|
hi, first post after a long work.
in my case, i have opened all ports mentioned above, also created PROTOCOL RULE "Allow All" (several other restrictions are there in seperate rules)but to no avail, i didn't get phone1 LED on , i want to ask if there is possibility that isa server is not authenticating that device request or any other reasons.
can any of my friend help out in this scenario
using windows 2k, isa 2k, ActivDir, 2 nics with ADSL on this server via Alcatel Speedtouch home modem. (lexical_analyser@hotmail.com) Thanks,
|
|
|
|
|
RE: VoIP / Vonage? - 15.Aug.2005 5:36:00 PM
|
|
|
dpesano
Posts: 13
Joined: 20.Apr.2005
From: Ottawa
Status: offline
|
I just configured VOIP to go through my ISA 2004... thanks for this thread as it solved my problem of one way audio.
The rules has to have the ports defined. It cannot be "All Protocols". You'll have to contact your vendor to see what ports they use.
I have 5004 send receive and 10000 - 20000 send receive in the primary and 5004 receive send and 10000 - 20000 receive send in the secondary connection.
The to and from has to be the IP's of the devices that are going to talk to each other. I have multiple devices inside the ISA and you have to statically assign them an IP and add them as a device in the ISA. It sucks that it is such a combersome, manual process, but it is the only way for it to work.
RULE - VOIP Inbound
Source = VOIP Switch (IP)
Destination = VOIP Phone (IP)
Specified Ports - VOIP. 5004, 10000 - 20000 Send Receive Primary connection. 5004, 10000 - 20000 Receive Send Secondary Connection.
This is the most secure rule as only inbound is allowed from the phone switch and it only goes to the phone.
The TFTP is only used so Vonnage can upgrade your device remotely. You do not need it to send and receive phone calls.
|
|
|
|
|
RE: VoIP / Vonage? - 16.Aug.2005 1:51:00 AM
|
|
|
Guest
|
I got my linksyspap device working around 50% ![[Smile]](/image/smiles/smile.gif) because i got "phone1" LED lit, can hear dial tone plus i can also hear the bell ringing at other party Phone, but when the destination phone is picked up there is no voice sent or received there is totally silence, i think there is *something* missing in the ISA config. i done, because when i plug the device directly in my dsl modem (and configure static ip, and disble device dhcp option) it works fine.
any solution
|
|
|
|
|
RE: VoIP / Vonage? - 16.Aug.2005 12:11:00 PM
|
|
|
dpesano
Posts: 13
Joined: 20.Apr.2005
From: Ottawa
Status: offline
|
Make sure the "From" is NOT "Internal". It has to be either the device or an Address Range.
I had internal to voip servers with the ports I listed above and you will get one way audio. If I change the FROM to an Address Range or a specific device then it works fine.
Tom... if you could explain why Internal does not work it would be greatly appreciated.
|
|
|
|
|
RE: VoIP / Vonage? - 3.Oct.2005 10:48:00 PM
|
|
|
GregF
Posts: 11
Joined: 17.Jul.2001
From: Battle Creek, MI
Status: offline
|
I cannot tell you how long I have spent on this. I found two articles on the Vonage site, one better than the other about ports and direction. Every time I think that I have this all set, I get another twist.
I have written the publishing rule cited above and will try it for a couple of days. I had another rule written based on inspection of the logs, but it drove the firewall and computer (a dual processor box no less) crazy.
I have a PAP2 device. It may have been a poor choice. But I have a single IP address and a T1. I wanted the phone device behind my firewall, so I did not buy one of the routers.
Tonight's twist is voice mail. I cannot retrieve it using the phone and dialing *123 or the number assigned to the phone. I see what looks like relatively low port (above 1024) UDP traffic being dropped.
Does anyone know what is required to solve this?
I would call Vonage, but it takes an act of congress to get someone that understands this. They run me through a script, and have not concept of a firewall. "Can't you put it in the DMZ?" - and that is from second level folks. I have been told to publish the device as a web server and at TFTP server.
One would think that they would WANT us to protect these things. It is only a matter of time till a full scale attack is waged on them.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Wink]](/image/smiles/wink.gif)
