Support
Community

Hey all,

I tend to type a lot, so this post will be kind of long. But it should include all information necessary.

I already have a ticket open with support regarding this, and they were very very helpful with my first call to them. However I have updated the ticket a couple times today, and called in, and I haven't had anyone reach back out to me in about 6 hours. I realize that's not very long, but this is a critical issue for us so I'm hoping to get some help from the community.

Long story short, I am using an AdTran 908e 2nd Gen basically as an SBC. Eth 0/1 is plugged in to the internet with a public IP (nothing else in front of it), and Eth 0/2 is going to be the private network which will go through a switch but ultimately only needs to talk to 1 computer: a fax server running Biscom FAXCOM. The planned setup is essentially back to back user agents, if I'm understanding it correctly. The Biscom FAXCOM server supports SIP trunking. We are pointing it to the inside interface of the AdTran, and then the outside interface of the AdTran has the information for a Level 3 SIP trunk (provided via VoIP Innovations).

AdTran support was extremely helpful and provided me two things.

1: Linked me to this document, which I followed almost exactly. - SBC SIP Trunking Sample Configuration

2: Provided some additional configuration examples for the firewall options required for letting the two talk to each other.

If I plug my computer directly in to the internet (no firewall or anything) then I can get out to Level 3's SIP Trunk and fax just fine. If I go in to Eth 0/2 like I want, I can't. Packet captures show that the connection goes out, and returns. So it *seems* like the NAT/firewall issues are good. But during the negotiation it ultimately stops responding so the SIP Trunk times out and hangs up. So that makes me think it *is* a NAT/firewall issue. I can definitely reach out and get a response, but it just won't complete.

I have packet captures that I can provide, but I will start with screen shots and my configuration as it may be something obvious in there.

Here is a flow diagram of when I plugged my computer directly to the outside internet, with no AdTran. You can see my IP (204.x.x.x) reaches out to VoIP Innovations (64.136.174.30) as a SIP trunk, which in turn negotiates with Level 3 (4.55.2.2) for us.

And here is one when plugged in behind the AdTran, which does not work. Note that at this time my internal IP was on the 192.168.x.x network. I have since changed it though, so ignore that difference in my config vs this screenshot. For some reason VoIP Innovations is transparent in this one. You only see my computer's IP (192.168.90.10) talk to the inside interface of the AdTran (192.168.90.254, now changed) and Level 3 (4.55.2.2). However, this did go through VoIP Innovations still, as we don't have a SIP trunk directly with Level 3. You see the initial couple of invites and 200 OK. But then it sends several packets trying to do the T.38 handshake over to Level 3, and they never make it back. So it just hangs up. It definitely seems like NAT or firewall.

Here is my config. It has been somewhat "sanitized." I have removed sensitive information, as well as unecessary info (like all of the shut ports).

! ADTRAN, Inc. OS version R10.10.0.E ! Boot ROM version 14.05.00.SA ! Platform: Total Access 908e (2nd Gen), part number 4242908L1 ! Serial number x ! hostname "TA908e" enable password encrypted x ! ip subnet-zero ip classless ip default-gateway 204.x.x.x ip routing ipv6 unicast-routing ! name-server 8.8.8.8 ! no auto-config auto-config authname adtran encrypted password x ! event-history on no logging forwarding no logging email ! service password-encryption ! username "x" password encrypted "x" ! ip firewall no ip firewall alg msn no ip firewall alg mszone no ip firewall alg h323 ! aaa on ftp authentication LoginUseLocalUsers ! aaa authentication login LoginUseTacacs group tacacs+ aaa authentication login LoginUseRadius group radius aaa authentication login LoginUseLocalUsers local aaa authentication login LoginUseLinePass line ! aaa authentication enable default enable ! no dot11ap access-point-control ! interface eth 0/1   ip address  204.x.x.x  255.255.255.252   ip access-policy Public   media-gateway ip primary   no shutdown ! interface eth 0/2   ip address  10.10.80.254  255.255.255.252   ip access-policy Private   media-gateway ip primary   no shutdown ! ip access-list extended Admin   permit tcp any  any eq ssh   permit tcp any  any eq https ! ip access-list extended MatchAll   permit ip any  any   ! ip access-list extended SIP   permit udp any  any eq 5060 ! ip policy-class Private   allow list self self   nat source list MatchAll interface eth 0/1 overload ! ip policy-class Public   allow list SIP self   allow list Admin self ! ssh-server pubkey-chain ! no tftp server no tftp server overwrite http authentication LoginUseLocalUsers http server no http secure-server no snmp agent no ip ftp server no ip scp server no ip sntp server ! sip sip udp 5060 no sip tcp ! voice feature-mode network voice transfer-mode local voice forward-mode local ! voice trunk T01 type sip   description "VI SIP Trunk"   sip-server primary 64.136.174.30 ! voice trunk T11 type sip   description "FAXCOM"   sip-server primary 10.10.80.158   grammar from host local   transfer-mode network ! voice grouped-trunk PROVIDER   trunk T01   accept NXX-NXX-XXXX cost 0   accept 1-NXX-NXX-XXXX cost 0   accept 011-$ cost 0   accept 411 cost 0   accept 611 cost 0   accept 911 cost 0 ! ! voice grouped-trunk FAXCOM   trunk T11   accept $ cost 0 ! ip rtp symmetric-filter ! line con 0   login authentication LoginUseLinePass ! line telnet 0 4   login authentication LoginUseLinePass   no shutdown line ssh 0 4   login authentication LoginUseLocalUsers   no shutdown ! end

Thanks in advance for any and all help!