blog.wansend.com

July 21, 2007

Altigen VOIP over the Internet

Filed under: Cisco — wansend @ 7:28 am

Following are notes for the Altigen Altiware OE 5.0A with Update 4 running on the Windows platform. Configuring Altigen VOIP to work over the Internet can be very tricky. Firewalls are the source of the problem on both the client and server side. Each end of the IP conversation needs to be able to independently contact the other end. If you don’t lock down ports on the server side, hackers will connect on UDP 137, 138, 139, 1026, 1027 and TCP 80, 139 and cause trouble.

Server-side solution: Take a second Cisco router that can bypass the firewall. On it you make the following tweeks:

access-list 105 remark Altigen VOIP ports allowed for route-map
access-list 105 permit tcp host 10.1.1.5 eq 10032 any
access-list 105 permit tcp host 10.1.1.5 any eq 1720
access-list 105 permit tcp host 10.1.1.5 range 49152 50152 any
access-list 105 permit udp host 10.1.1.5 range 49152 50152 any

interface Ethernet0/0
description Inside Network – to hubs. 10.1.1.1
ip policy route-map bypass-firewall

ip nat inside source static 10.1.1.5 200.200.200.5 extendable no-alias no-payload

route-map bypass-firewall permit 10
description Bypass the firewall and go directly out to the Internet
match ip address 105
set ip next-hop 200.200.200.1

Client-side Solution: Go to the website www.dd-wrt.com and find a compatible router. Go ahead and try opening up those ports on your home wifi router before going with the dd-wrt method. Upgrade the router with version v.23 SP2 or better and configure the following client-side port-forwards:

Name Port(s) TCP/UDP Destination Port(s)
AltigenPhone 10032 tcp 192.168.1.2 10032
AltigenH.225 1720 tcp 192.168.1.2 1720
AltigenH.245 49152-50152 both 192.168.1.2 same

1. Plug phone into one of my wireless router’s four ports.
2. Turn phone on and verify that it has an IP address from my DHCP server – 192.168.1.2.
3. Change phone’s server IP 200.200.200.2 via Menu > System > AW Server
4. Turn on phone’s NAT via Menu > Network > Enable NAT > Yes.
5. Register the phone via Menu > Register

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: