VOIP With ZyWall

fabiopig
fabiopig Posts: 4  Freshman Member
First Comment
edited April 2021 in Security
Hi everyone, and congratulations on the initiative.
First of all, I would like to excuse you if my English is not perfect.
I explain to you my situation, in my company we went to VOIP for telephony, at the beginning we signed a contract for a single voip trunk that was managed by my Asterisk PBX1 and everything was fine. We wanted to expand the voice channels and add a new PBX2, so I signed a new contract for another VoIP trunk that would be managed by the latter PBX2.
On my USG300 I activated a new WAN to devote to this new trunk (I informed the public ip at the vendor who provides the trunk)
So the current situation is as follows:
WAN 1: 10.0.0.1
WAN 2: 10.0.0.2
IP Public Trunk 1: 192.0.0.1
IP Public Trunk 2: 192.0.0.2
NAT (Virtual Server) Int WAN2 Orig IP Any Mapped IP PBX2 Prot UDP Port SIP
I've created a new WAN_BIS area and I've associated the WAN2 port
FW rule
From WAN_BIS to LAN IP_Source 192.0.0.2 IP_Dest PBX2 Service SIP Allow
From WAN_BIS to any (including Zywall) any any any Deny
I did not insert any static route.
Data traffic behavior is not regular because voice packets go from one PBX to the other so I have problems.
Can any of you help me to solve the situation?
Thanks.
Fabio

Comments

  • Johan
    Johan Posts: 26  Freshman Member
    First Comment Friend Collector
    Could you try setting the original IP in your NAT rule to be the public IP on which the traffic arrives? So for PBX2 you used the IP 10.0.0.2, then enter this into Original IP on the NAT rule.
  • fabiopig
    fabiopig Posts: 4  Freshman Member
    First Comment

    do you mean the public who told me the trunk voip vendor?
  • fabiopig
    fabiopig Posts: 4  Freshman Member
    First Comment

    but in your opinion is correct that I did not insert any static route?
  • Johan
    Johan Posts: 26  Freshman Member
    First Comment Friend Collector
    fabiopig said:

    do you mean the public who told me the trunk voip vendor?
    Set original IP on the NAT rule to the IP address your WAN2 interface has.

    fabiopig said:

    but in your opinion is correct that I did not insert any static route?
    I would wait with creating static routes, if we can solve it without it that is great. Especially if that is not the issue.
  • Matthew
    Matthew Posts: 9  Freshman Member
    First Answer First Comment Friend Collector Seventh Anniversary
    You could always use a policy route to route any SIP traffic from internal subnets to the WAN2 interface. NAT is intended for Port Translation (Layer 4) and routing to a single IP. It's not really meant to route IP/Layer 3 traffic to specific Interfaces.
    Did you setup a dedicated subnet for your VOIP traffic?

Security Highlight