• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Magicjack. . .ISA blocking VOIP ports?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Magicjack. . .ISA blocking VOIP ports? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Magicjack. . .ISA blocking VOIP ports? - 20.May2008 1:56:11 AM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
I just got a MagicJack and was hoping to test it on our network, but I can't get it to work behind our ISA 2004 firewall.  The tech support says that our network is blocking ports 5060-5070 somehow.

I checked with our ISP's and they are not blocking those ports.

We have a dual wan router outside our ISA.  When I connect a machine directly to that subnetwork, the magicjack works fine, so it has to be something with our ISA firewall setup.

I created an outgoing rule to allow ALL from a specific host (where testing the Magicjack), but it still doesn't work.  I even tried disabling ALL (incoming/outgoing) other rules.  Still nothing.

What can be blocking this from working when I am specifically allowing access?
Post #: 1
RE: Magicjack. . .ISA blocking VOIP ports? - 20.May2008 3:13:52 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Did you define the protocol with the proper port range?

Is the client using the Firewall client?

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to TechFan)
Post #: 2
RE: Magicjack. . .ISA blocking VOIP ports? - 20.May2008 4:25:07 PM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
No.  I currently have a rule allowing all traffic from the testing host.  The firewall client is not being used either, but as I said ALL traffic is allowed.

(in reply to Rotorblade)
Post #: 3
RE: Magicjack. . .ISA blocking VOIP ports? - 20.May2008 9:10:20 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Ok,

1. Define the protocol with the proper port ranges.
2. Create an Access rule to allow protocol access.
3. Install the ISA firewall client or SecureNAT client on the client(s) running the VOIP application. The client using the applictaion is not going very far without using the firewall client.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to TechFan)
Post #: 4
RE: Magicjack. . .ISA blocking VOIP ports? - 20.May2008 9:50:09 PM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
I will set it up.  I would appreciate any info you have on why it would make a difference if the protocol is defined or the client installed if there is an access rule that allows ALL traffic from that specific host IP address.

One of the two of us must be missing something obvious, maybe it is me.

-----
MCSE(NT4,2000,2003)

(in reply to Rotorblade)
Post #: 5
RE: Magicjack. . .ISA blocking VOIP ports? - 21.May2008 8:51:38 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:

 
I will set it up.  I would appreciate any info you have on why it would make a difference if the protocol is defined or the client installed if there is an access rule that allows ALL traffic from that specific host IP address.



Sure,

Without installing either the ISA Firewall or SecureNAT client on the client machines running the application, no access is going to be made to the Internet through ISA using the application. WebProxy client access is limited to Web protocols only. Preferably you should consider using the Firewall client over the SecureNAT client. Using the SecureNAT client limits you to anonymous access only in your access rules.

Regarding the “All Open”. Unless you’re planning on allowing “all open” access all the time, (which you shouldn’t do) you will need to define the protocol and the associated access rule in the ISA firewall policy. It’s just one of those best-practices things that you should follow.

HTH

RB



_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to TechFan)
Post #: 6
RE: Magicjack. . .ISA blocking VOIP ports? - 21.May2008 9:40:16 AM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
I set up the protocol definition, but I didn't have a chance to setup a machine with the client today.

Yes, I understand I shouldn't always have it all open, but I don't even bother with the specific rule unless I can get it working "all open" first.  That is why I don't see how a specific rule is going to help if the all open doesn't.  It is all open for anonymous access on that machine. . .

(in reply to Rotorblade)
Post #: 7
RE: Magicjack. . .ISA blocking VOIP ports? - 22.May2008 3:32:32 AM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
Ok.  Well, I installed the client and created the protocol.  It is still failing as before.  Looking closer at the logs shows this entry:

A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
0x80074e20.

Again, it works fine if I connect it outside the ISA layer.

Any ideas?

(in reply to TechFan)
Post #: 8
RE: Magicjack. . .ISA blocking VOIP ports? - 26.May2008 9:44:38 AM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
It looks like it is the dreaded ISA SIP issues with 5060. . .that stinks.  I guess I have to return this thing since my primary access is through that ISA server. . .and to far away from the actual ISP connection to place it outside.

What I don't get is how products like Gizmo (also SIP based) work just fine.

(in reply to TechFan)
Post #: 9
RE: Magicjack. . .ISA blocking VOIP ports? - 23.May2010 11:36:24 PM   
ksaye

 

Posts: 3
Joined: 23.May2010
Status: offline
For others who are having this issue, I have documented how to get this working below:

Allowing MagicJack through ISA/TMG
This setup assumes you have a working TMG2010 server, but the steps should work with ISA as well.  In my particular case, I decided to run the MagicJack device on the TMG server, but I also tested in on a machine (Windows7, x64) behind the TMG server also.
Assumptions:

TMG is up and working
There is already a rule that allows the TMG server and machines behind the TMG server to communicate with the internet using HTTP and HTTPS.
The rule that we will create below should be very high in the order list, to ensure that no other rule applies, as the UDP “send receive” setting is required.
TMG Rule Setup:
We will simply create a Firewall Rule named “MagicJack” that allows outbound communication (and replies) on UDP port 5070 (needed for registration and connection) and allows for UDP communication on ports above 10,000 (needed for voice communication).
Step 1:  Create a new Access Rule (in TMG, right click Firewall Policy č New č Access Rule).
Step 2:  Name the rule “MagicJack” and click next.
Step 3:  Set the rule action to “Allow” and click next.
Step 4:  On the select protocols, click add and create (and add) the following 2 Protocols.
·      Name: Magic Jack, Protocol: UDP, Direction: Send Receive, Ports: from 5070 to 5070
·      Name: UDP 10K+, Protocol: UDP, Direction: Send Receive, Ports: from 10000 to 65535
Step 5:  On the Access Rule Source screen, select “Local Host” (or Internal if not running on TMG server) and click next.
Step 6:  On the Access Rule Destination screen, select “External” and “Local Host” and click next.
Step 7:  On the User Sets screen, leave the “All Users” and click next.
Step 8:  Click finished then click the apply button to apply changes.  TMG may take a few minutes to apply.

(in reply to TechFan)
Post #: 10
RE: Magicjack. . .ISA blocking VOIP ports? - 25.May2010 1:56:09 AM   
TechFan

 

Posts: 24
Joined: 9.Dec.2004
Status: offline
Thank you. It seems to be working now.

(in reply to ksaye)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Magicjack. . .ISA blocking VOIP ports? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts