Multiple phones through a 2Wire 2700 HGV (Bt Business Hub)

Discussion in 'UK VOIP' started by Alister, Jan 10, 2008.

  1. Alister

    Alister Guest

    Hi I am having trouble getting multiple SIP phones to work correctly
    through a BT Business Hub Router
    connecting to an asterisk server over the T'internet.

    I am experiencing one way audio and dropped calls - signs which point
    to a firewall issue.

    I know the firewall at the asterisk end is fine 'cos it's a proper
    Cisco Pix which I've configured
    to allow SIP AIX and RTP to and from the external address of the BT

    Unfortunately I cannot seem to open the ports on the BT router for
    more than one internal IP address
    as this router's web interface does not seem to give a direct method
    for opening ports.

    What you have to do is create an 'application' which has ports
    assigned to it, and then you can
    assign this application to an IP address on the internal network.
    Unfortunateley when I try to assign
    this application to more than one phone the GUI gives me an error
    saying I cannot apply this
    to more than one IP.

    Has anyone managed to get this working?

    Any help gratefully received.

    Alister, Jan 10, 2008
    1. Advertisements

  2. Alister

    Rob Guest

    Can't you create multiple 'applications' or instances of your 'application'
    and apply each of them to one of your required internal IP addresses?

    Rob, Jan 10, 2008
    1. Advertisements

  3. Alister

    alexd Guest

    Are you trying to allow your phones outbound access? You could try
    disabling the firewall completely while you test it and see if that helps.
    It sounds like you're trying to use the port-forwarding mechanism, which
    isn't going to let you forward the same outside address:port to different
    inside address:ports, unless you have multiple outside addresses [in
    which case you could just give the phones outside IPs and be done with
    alexd, Jan 10, 2008
  4. Alister

    Alister Guest

    Hi Rob,

    Thanks for the suggestion, but I tried that and it won't let you.

    As alexd says, you can only use the port forwarding to forward
    specific outside ports to one inside address.

    Unfortunately this is the only firewall control this router gives you.


    Alister, Jan 10, 2008
  5. Alister

    Alister Guest

    You are quite correct, and I have investigated the router further with
    the manufacturer and this is the case.
    The only firewall control this router offers is port forwarding in the
    manner you describe, or to assign a single
    external IP (which is the same as the router's) to a DMZ which has no
    firewall on it at all.

    It looks like I will do this and have another router / firewall in the
    DMZ with one interface as the external IP and the other
    on an internal IP and then connect the phones via a switch.
    I can then set up access-lists to only allow Voip traffic through the
    second router. Bit of a pain though!

    If you have any better suggestions I'd love to hear them!

    Alister, Jan 10, 2008
  6. Alister

    alexd Guest

    Perhaps it's worth replacing the BT router, as you may run into a similar
    problem again in the future with other applications.
    If I read you right, the plan is:

    (Net)--(BT router)--(Another router)--(switch)--(handsets)
    I think before you throw any more hardware at the problem, you should
    validate that what you're planning is going to work. I can't see how
    adding another link in the chain is going to fix a firewalling problem on
    the BT router. If you just use the one handset, and modify the rules to
    allow it out, does it work? How does internet browsing work if you have
    to add an explicit permit rule to allow a host out, but can only add rule
    at a time?

    Do you have any sites where audio does work?

    Have you tried using a handset [or softphone] from home to test it?

    Does Asterisk have a public IP? If not, have you told it what it's public
    address is? [

    Are the handsets SIP or IAX?

    Have you tried disabling/enabling SIP fixup on the PIX?

    If you have to add another router, you'd probably be best off adding
    something that can terminate a VPN from the PIX, and run the calls over
    the VPN. This would bring all the usual benefits of VPNs with it.
    alexd, Jan 10, 2008
  7. Alister

    Linker3000 Guest

    Maybe I am not getting the entire picture here - or maybe its an IAX
    thing - but why do you need to specify port forwarding to every phone?

    Lots of our sites have multiple (SIP) phones connected via ADSL to a
    central Asterisk server and STUN takes care of 'what goes where' -
    there's no specific SIP (in your case IAX) forwarding setup on the
    site's router. Remember, the phones initiate the connection/registration
    to the Asterisk server and so the setup is outbound with the help of
    NAT/STUN- nothing unexpected is initially going to be inbound and thus
    needs help getting past the firewall/NAT routing.

    Worse case (and I still can't see why you'd need it), why not have a
    local Asterisk server to which all the phones register and tie this
    server to the remote one?

    Fill me in, or tell me to shut up, if I'm missing something here!?
    Linker3000, Jan 10, 2008
  8. Alister

    Alister Guest

    I have considered that, but have heard a of number of instances where
    a third party router would not work correctly with a BT ADSL
    Yes That's correct.

    I may be wrong but it appears that the only way to turn the firewall
    off on this router
    is to assign whatever you are connecting to its internal interface to
    the DMZ, to which it then assigns
    an external (dynamic) IP, and as it only allows you to do this to one
    host, this will have to be a router
    with an inside and outside ethernet interface so that I can assign non
    routable internal IP's to the phones.

    It is incoming traffic which the BT Firewall is blocking - not 5060
    but the RTP range 10000 - 12000
    We can initiate and answer calls and register the handsets but lose
    SIP - a mixture of ATCOM AT530 and Seimens S450IP
    No need, the Pix end of things is quite happy.

    The Asterisk Server has a public IP, and connections to it from other
    sites we run
    have no problems at all - we have a satellite office with its own
    Asterisk and the
    two are connected by IAX. We have a further site in france with
    multiple phones on an
    ADSL from which again connects to the main asterisk site
    with no problems.

    At home I have a sip phone which sits behind a BT Router with Static
    IPs and it works fine.

    It is just this site - and this router - which are the problem.
    I have a spare PIX 501 which I was thinking of using as the router,
    which would mean I could
    possibly use VPN, but on voip to voip calls wouldn't that effectively
    stop RTP from bypassing the asterisk?

    As I understand it, Asterisk initiates the connection but then hands
    it off to the two hosts using RTP for the
    voice and SIP for the call control. If I am wrong, I'm sure you'll let
    me know :)

    btw I do appreciate the time you are taking to try and help - I'm
    sorry if I haven't explained things clearly.

    Alister, Jan 11, 2008
  9. Alister

    Alister Guest


    I wouldn't dream of telling you to shut up :)

    The phones are SIP and the problem is incoming connections -
    specifically the RTP ports
    that a VoIP call uses for voice traffic. There seems to be no way of
    telling this router to let
    traffic through from outside unless you do it on a per device basis.
    I can register the handsets, and initiate and receive calls, but I get
    either one-way audio or none at all.

    I don't really want to have to go to the trouble of having another
    asterisk at this office just for seven phones
    - particularly as this office is in Somerset and I (as the only IT
    bod) am based in Derbyshire.

    We already run two Asterisk servers - one in Derbyshire and one in
    Warwickshire, and I would rather these phones
    used one or other of these. We run an office in France which uses the
    Warwickshire asterisk with no problems.

    My problem is just this bl***y BT Business Hub, which is designed to
    be user friendly and consequently seems impossible
    to configure for anything other than web browsing or e-mail.

    Do you use BT Broadband at all? and if so what router have you got on
    the end of it?


    Alister, Jan 11, 2008
  10. Alister

    alexd Guest

    There are some 2Wire experts in there, might be worth a shot if you're
    reluctant to bin it.
    OK here's another idea - how about putting the IAX firmware on the
    Atcoms? Won't fix the Siemens, of course.
    Replace the router. It can't be that hard, all you need is username,
    password and the static IP details [if you've got them]. Having googled
    your router, I'm concerned that there is a VoIP implementation on there,
    and it may be doing silly stuff to your SIP traffic.
    Yes. Calls will be fine from the branch to the site where Asterisk is,
    but calls from said branch to other sites over SIP will again be one
    sided. If you've got enough bandwidth at the Asterisk end, you could stop
    the relevant extensions from being able to reinvite and you should be OK.

    explains how Asterisk handles re-invites.
    alexd, Jan 11, 2008
  11. Alister

    Alister Guest

    <Lots of useful information>


    Thank you for all your suggestions,

    You have given me some different ideas to think about, and thanks for
    the link to the
    2wire forum, good stuff!

    I have not made a my mind up yet, butt when I do I'll let you know
    what happens.

    Thanks again for your help

    Alister, Jan 12, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.