Router Info

From IPitomy Wiki
Revision as of 17:10, 12 February 2014 by Mike Lunn (talk | contribs)
Jump to navigation Jump to search

This page contains general information about port forwarding and disabling application layer gateways on particular routers.

Router Compatibility List


Disable SIP Header Transformations and Enable Consistent NAT

SonicWALL SIP ALG is called SIP Header Transformations, this should be Disabled and Consistent NAT should be Enabled:

Create Outbound NAT Policy and Disable Source Port Remap

In some cases the SonicWALL will remap the 5060 and 10000-20000 UDP source ports causing one way audio and calls dropping after 30 seconds.

To resolve this, create an inside to outside rule like the following:

Original Source:
Translated Source:
Original Destination:
Translated Destination:
Original Service:
Translated Service:
Inbound Interface:
Outbound Interface:

PBX Private IP
IP of the WAN interface (X1 IP for example)
Address Group for our SIP servers ( or
Service Group including 5060 UDP and 10000-20000 UDP
WAN interface (X1 for example)

After that go to the Advanced tab and check the box for "Disable Source Port Remap" and click OK.
Once completed the PBX will always use the proper source ports on the WAN side.

Create Access Policy with Increased UDP Timeout

Most often seen in cloud deployments you will see phones going REACHABLE/UNREACHABLE with complaints of calls going directly to voicemail and BLFs not lighting properly.

To fix this add a LAN to WAN Access Policy as follows:

From Zone:
To Zone:
Users Allowed:

SIP (UDP 5060)
Always On

Navigate to the Advance tab and increase the UDP timeout to 300 seconds, once saved phones should remain REACHABLE.


This router has an ALG that can be disabled with the following command

  • /ip firewall service-port disable sip

The info was found at the following two links Mikrotik Wiki Mikrotik Forum


I found this online about solving issues with Fortigate routers and NO AUDIO with remote SIP:

In the command line of the fortigate type the following:

  • config system settings
  • set sip-helper disable
  • set sip-nat-trace disable

Reboot the device

In the command line type the following:

  • config system session-helper
  • show

(now look for SIP, mostly it will be "12")

  • delete 12

Don't use any protection profiles on the firewall of the sip rules.

Cisco Pix 506/501/515

This is for Pix 506/501/515 but it should work with any Cisco Pix, and possibly other Cisco
  1. access-list 101 permit udp any host 64.238.XXX.XXX range 10000 20000
    (Note: Replace 64.238.XXX.XXX with your public IP assigned to be forwarded to the IPitomy PBX)
  2. access-list 101 permit tcp any host 64.238.XXX.XXX range 10000 20000
    (Note: Replace 64.238.XXX.XXX with your public IP assigned to be forwarded to the IPitomy PBX)
  3. static (inside,outside) 64.238.XXX.XX netmask 0 0
    (Note: Replace 64.238.XXX.XXX with users public IP, replace the with users private IP that is assigned to the IPitomy PBX)
  4. no fixup protocol sip 5060
  5. no fixup protocol sip udp 5060