- Community Home
- >
- Networking
- >
- Legacy
- >
- IP Telephony - NBX
- >
- Re: NBX and firewalls
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-12-2011 07:22 AM - edited тАО05-12-2011 07:33 AM
тАО05-12-2011 07:22 AM - edited тАО05-12-2011 07:33 AM
NBX and firewalls
I thought I would step in again and try to get my NBX to work across our Astaro ASG firewall. I am still struggling with this. HP/3com ever written a document about port usage similar to this http://support.microsoft.com/kb/832017?
Here is my struggle.
1. I cant get the PCXSET to work across VPN
2. Astaro has a bridge product that was supposed to be plug and play, but cant get a 3102 to communicate remotely through the bridge.
3. I am happy with the 3com product but cannot purchase technical support.
4. The guy that originally set up the ASG probably did substandard work or was "dangerlously knowledgable" and I got tired of wasting money on him.
5. Astaro tech support was unable to solve the problem.
6. The Astaro recommended field tech couldnt get it to work and blamed it on the NBX.
Waaaa! Ok, I am done whining. Any suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-13-2011 07:01 AM
тАО05-13-2011 07:01 AM
Re: NBX and firewalls
Call setup and audio on the NBX use ports 2093-2096 if in non-SIP mode.
if in SIP Mode, port 5060 is the SIP port by default, ports 8xxx are for the RTP audio.
Remember on your PC.. first you need to connect to the VPN, then start up the PCxset configuration wizard, chose
the right "adapter", then try a test call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2011 08:50 AM
тАО05-18-2011 08:50 AM
Re: NBX and firewalls
3102 tels require a hardware vpn set up . A software vpn is not supported , only for pcxsets .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-01-2011 02:52 PM - edited тАО07-05-2011 01:14 PM
тАО07-01-2011 02:52 PM - edited тАО07-05-2011 01:14 PM
Re: NBX and firewalls
OK, we have some progress.
I hired a guy that got the hardware VPN (Astaro RED) device working "somewhat".
Our office network is DCHP'ed by the fire wall and has a .1.1 domain. The remote VPN hardware has a .4.1 domain and DCHP's locally.
We have a 3102 handset that we configured in the office by auto discovery. We took it to the remote office and get the error message "wait for NCP M". System is set up for IP on the Fly.
We have the remote VPN device set for "any" communication each direction with the "in office" system. The next thing to try will be invoking some multicasting rules. All multicasting should be able to pass on 124.0.1.x domain?
The phone is the only thing connected to the VPN device. Angry IP reports no ip address for any of the handsets when scanned from the .1.1 or .4.1 domain. The NBX Telephone configuration>Telephones>IP settings is not reporting an address for the remote phone. I tried arbitrarily setting an IP address, subnet and gateway at the correct domain, but this did not work either. The odd thing is if I plug in my laptop that has pcXset installed, it works fine. A screen shot of the NBX IP status is attached
Here is a traffic monitor that is going on at the VPN device.
Proto Source IP Port Destination IP Port Bytes in Pkt in Bytes out Pkt out
udp 0.0.0.0 68 255.255.255.255 67 1146 3 0 0
icmp 192.168.4.1 - 192.168.4.254 - 48 1 0 0
Something that is troubling, is the udp 0.0.0.0 response on the packet monitor. Its always paired with the vpn device, 1628 times a day.
Finally and unrelated, my software tunnel for the pcXset is communicating with the NBX on port 143, what is port 143 for?
tcp 10.242.2.6 3271 192.168.1.15 143 115 2 128 2
I am beginning to feel confident that I might actually get this worked out within my lifetime. Any comments?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2011 07:08 AM
тАО07-06-2011 07:08 AM
Re: NBX and firewalls
Your local router at the far end ( home or office ) needs to supply an IP address ( static or DHCP ) before anything can work . If not then in the tel you must statically assign one . I assign the last or a few from the last IP address in my Router range . USe the buttons on the tel and program the IP address syubnet and default Gateway . Then Program the NBX IP address as well ( across the VPN ) . Now the tel will boot up on ports 2093 thru 2096 and try to contact the NBX . A network trace at the near end ( vpn entry point to the network ) , and look to see if the NBX packets ( layer 3 packets ) are getting to the netwokr .
You never stated what type of VPN so I have to assume that Astaro is creating a point to point VPN . You may have issues with Multicast if you set it up for an IPsec . tunnel . You should set it up as a GRE in order to let traffic flow . PCXSet works entirely different than a 3102 tel . Different ports as well ( 2093 thru 2096 UDP Ports ) . Port 143 is a port used on the PCXSet for the NBX ( unique selection by our programmers ) .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2011 10:49 AM - edited тАО07-06-2011 11:07 AM
тАО07-06-2011 10:49 AM - edited тАО07-06-2011 11:07 AM
Re: NBX and firewalls
Its the Astaro RED vpn interface device. http://www.astaro.com/products/astaro-red What they dont tell you is you have to write all the filter/network service rules both ways. Its a very powerful system, but complicated to a novice.
Your right, the 3102 is not getting an IP address. We recognized that its part of the firewall hardware set up problem (self inflicted). We are going to work on this some more next.
Is the manual porgramming of the 3102 (if required) covered in the V3000 documentation?
On handling the IP address to/from the 3102/NBX is one of the things that is confusing me; is this handed by the NBX/V3000's IP on the fly service? Is it to be done at the local gateway? is this done on normal IP traffic for multicast traffic?
Thanks for your reponse Merlin.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2011 11:06 AM
тАО07-06-2011 11:06 AM
Re: NBX and firewalls
There are 2 things here :
1. IP On The Fly .
2. Static IP settings
The NBX uses IPOTF on tels local to the NBX ( Layer 2 tels in the NBX subnet ) not in a different subnet . The tel in your remote location is in a different subnet , so It needs an IP address from that subnet , hence DHCP or STATIC IP on the tel . either way is acceptable .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-06-2011 11:09 AM
тАО07-06-2011 11:09 AM
Re: NBX and firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-07-2011 05:04 AM
тАО07-07-2011 05:04 AM
Re: NBX and firewalls
You're welcome and good luck . Let us know how you make out ....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-20-2011 10:43 AM - edited тАО07-20-2011 11:29 AM
тАО07-20-2011 10:43 AM - edited тАО07-20-2011 11:29 AM
Re: NBX and firewalls
Hi Merlin,
I had time again to work on this. Made some changes last night.
The internal network is 192.168.1.0 with a 255.255.255.0 subnet mask and the remote network is 192.20.1.0 with a 255.255.255.0 subnet mask.
We now have the ability to ping IP's both ways to/from internal and remote networks. My remote PC links up ok with the exchange server. For what ever reason, the remote device will assign a IP to a PC bit will not assign an IP to the 3102. For reference, can I have a list of ethernet ports needed for the 3102/V3000?
Any comments?