ZyWALL 310 not forwarding incoming SIP calls

Lukas
Lukas Posts: 13  Freshman Member
First Comment Friend Collector First Anniversary
edited April 2021 in Security
Hello,
our PBX had to be moved behind NAT (ZyWALL 310), I made several changes to make everything work again, outgoing calls are working fine, but incoming calls are stuck on ZyWALL. I have one interface (lan2) that is connected to the separate VoIP LAN, I was capturing packets on lan2 when calling from PSTN, but there were no relevant packets. Nevertheless, all packets arrived to the ZyWALL WAN port (192.168.51.100):



I have checked that the firewall is not blocking these packets using ZyWALL Log (I had to allow traffic from certain IP addresses to ZyWALL). These packets should be forwarded to PBX (on lan2). I have tried policy routes and NAT rules, but nothing is working - packets are not forwarded.

Here are the policy routes - without this route, outgoing calls are not working:


and this is the route, that I have tryied for the incoming calls, but it is not wokring:


And here is NAT rule that I have tryied:


If you can please help me with this I would be very grateful.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Lukas,
    We don't support IP PBX placed behind ZyWALL/NAT and only support routing without NAT.
    Here are supported SIP ALG scenarios.

    Scenario 1
    VoIP SP server acts as SIP/Media proxy server.
    IP phones are located on LAN with private IP address.


    Scenario 2
    IP PBX and VoIP SP server act as SIP/Media proxy server.
    IP PBX is located with public IP address on DMZ.

    See how you've made an impact in Zyxel Community this year!
    https://bit.ly/Your2024Moments_Community

  • Lukas
    Lukas Posts: 13  Freshman Member
    First Comment Friend Collector First Anniversary
    Hello @Zyxel_Emily,
    thank you for your answer.
    I have finally found the solution: it was my fault, I have forget, that first is applied NAT and THEN firewall. Now everything works as expected. If anyone had similar problem, here is relevant configuration:

    NAT rule:


    policy routing rule:


    firewall rule:

Security Highlight