SIP Trunk and SSG5 - help… cannot get to work



  • I have an SSG5 with 1 dynamic IP address on UNTRUST (rules out using MIP).  I have a NexVortex SIP Trunk account on the UNTRUST side, and a Cisco Call Manager on the TRUST side.  With the below config, I am able to make and receive calls, but with no audio.  I have tried using DIP and SIP ALG per Juniper manual instructions to no avail; I wasn’t able to receive OR make calls with that.  I came up with the below config that allows me to make/receive calls, albeit with no audio…. Does anyone know how to make this work?  THANKS!!!

    unset key protection enable
    set clock ntp
    set clock timezone -5
    set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
    set vrouter trust-vr sharable
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset auto-route-export
    exit
    set service “Crestron 41790” protocol tcp src-port 1024-65535 dst-port 41790-41790
    set service “Crestron 41790” + udp src-port 1024-65535 dst-port 41790-41790
    set service “SIP_NexVortex” protocol tcp src-port 0-65535 dst-port 5060-5060
    set service “SIP_NexVortex” + udp src-port 0-65535 dst-port 5060-5060
    set service “RTP_NexVortex” protocol udp src-port 0-65535 dst-port 8000-16482
    set service “RTP_NexVortex” + tcp src-port 0-65535 dst-port 8000-16482
    set alg sip app-screen unknown-message route permit
    set alg sip app-screen unknown-message nat permit
    unset alg sccp enable
    set alg appleichat enable
    unset alg appleichat re-assembly enable
    unset alg h323 enable
    set alg sctp enable
    set auth-server “Local” id 0
    set auth-server “Local” server-name "Local"
    set auth default auth server "Local"
    set auth radius accounting port 1646
    set scheduler “Block Streaming” recurrent sunday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent monday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent tuesday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent wednesday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent thursday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent friday start 0:0 stop 6:0 start 21:0 stop 23:59
    set scheduler “Block Streaming” recurrent saturday start 0:0 stop 6:0 start 21:0 stop 23:59
    set admin name "firewall"
    set admin password "nCGoLmryItJLcf8OPseIzRAtq1Iddn"
    set admin http redirect
    set admin auth web timeout 10
    set admin auth dial-in timeout 3
    set admin auth server "Local"
    set admin format dos
    set vip multi-port
    set zone “Trust” vrouter "trust-vr"
    set zone “Untrust” vrouter "trust-vr"
    set zone “DMZ” vrouter "trust-vr"
    set zone “VLAN” vrouter "trust-vr"
    set zone “Untrust-Tun” vrouter "trust-vr"
    set zone “Trust” tcp-rst
    set zone “Untrust” block
    unset zone “Untrust” tcp-rst
    set zone “MGT” block
    unset zone “V1-Trust” tcp-rst
    unset zone “V1-Untrust” tcp-rst
    set zone “DMZ” tcp-rst
    unset zone “V1-DMZ” tcp-rst
    unset zone “VLAN” tcp-rst
    set zone “Untrust” screen tear-drop
    set zone “Untrust” screen syn-flood
    set zone “Untrust” screen ping-death
    set zone “Untrust” screen ip-filter-src
    set zone “Untrust” screen land
    set zone “V1-Untrust” screen tear-drop
    set zone “V1-Untrust” screen syn-flood
    set zone “V1-Untrust” screen ping-death
    set zone “V1-Untrust” screen ip-filter-src
    set zone “V1-Untrust” screen land
    set interface “ethernet0/0” zone "Untrust"
    set interface “ethernet0/1” zone "DMZ"
    set interface “wireless0/0” zone "Null"
    set interface “bgroup0” zone "Trust"
    set interface bgroup0 port ethernet0/2
    set interface bgroup0 port ethernet0/3
    set interface bgroup0 port ethernet0/4
    set interface bgroup0 port ethernet0/5
    set interface bgroup0 port ethernet0/6
    set interface bgroup0 port wireless0/0
    unset interface vlan1 ip
    set interface ethernet0/0 ip 71.65.210.200/21
    set interface ethernet0/0 route
    set interface bgroup0 ip 157.146.170.1/24
    set interface bgroup0 route
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    set interface ethernet0/0 ip manageable
    set interface bgroup0 ip manageable
    set interface bgroup0 manage mtrace
    set interface ethernet0/0 vip interface-ip 41790 “Crestron 41790” 157.146.170.10
    set interface ethernet0/0 vip interface-ip 5060 “SIP_NexVortex” 157.146.170.2
    set interface ethernet0/0 dhcp client enable
    set interface bgroup0 dhcp server service
    set interface bgroup0 dhcp server auto
    set interface bgroup0 dhcp server option domainname nc.rr.com
    set interface bgroup0 dhcp server option dns1 209.18.47.61
    set interface bgroup0 dhcp server option dns2 209.18.47.62
    set interface bgroup0 dhcp server option custom 150 ip 74.117.151.2
    set interface bgroup0 dhcp server ip 157.146.170.100 to 157.146.170.199
    set interface bgroup0 dhcp server ip 157.146.170.201 mac 70dee2a68b94
    unset interface bgroup0 dhcp server config next-server-ip
    set interface ethernet0/0 dip interface-ip incoming
    set interface “serial0/0” modem settings “USR” init "AT&F"
    set interface “serial0/0” modem settings “USR” active
    set interface “serial0/0” modem speed 115200
    set interface “serial0/0” modem retry 3
    set interface “serial0/0” modem interval 10
    set interface “serial0/0” modem idle-time 10
    set flow tcp-mss
    unset flow tcp-syn-check
    unset flow tcp-syn-bit-check
    set flow reverse-route clear-text prefer
    set flow reverse-route tunnel always
    set domain nc.rr.com
    set hostname firewall
    set dbuf size 512
    set pki authority default scep mode "auto"
    set pki x509 default cert-path partial
    set dns host dns1 0.0.0.0
    set dns host dns2 0.0.0.0
    set dns host dns3 0.0.0.0
    set dns ddns
    set dns ddns id 1 server-type dyndns refresh-interval 672
    set dns ddns id 1 username harri06665 password uJCHYGauNFbxtgsZJ7C7Zz2XwrnMWA750A==
    set dns ddns id 1 src-interface ethernet0/0 host-name pc-analysts.dyndns.org
    set dns ddns enable
    set address “Trust” “157.146.170.0/24” 157.146.170.0 255.255.255.0
    set address “Trust” “CiscoCME” 157.146.170.2 255.255.255.0
    set address “Trust” “Parkers Ipad” 157.146.170.201 255.255.255.0
    set address “Untrust” “Netflix” netflix.com
    set address “Untrust” “px3.nexvortex.compx3.nexvortex.com
    set address “Untrust” “YouTube” youtube.com
    set group address “Untrust” "Streaming"
    set group address “Untrust” “Streaming” add "Netflix"
    set group address “Untrust” “Streaming” add "YouTube"
    exit
    set policy id 2 name “Dialup_VPN” from “Untrust” to “Trust”  “Dial-Up VPN” “157.146.170.0/24” “ANY” tunnel vpn “Dialup_VPN” id 0x2
    set policy id 2
    exit
    set policy id 4 name “Block Streaming” from “Trust” to “Untrust”  “Parkers Ipad” “Streaming” “ANY” deny schedule “Block Streaming” log
    set policy id 4
    exit
    set policy id 1 from “Trust” to “Untrust”  “Any” “Any” “ANY” permit
    set policy id 1
    exit
    set policy id 7 from “Untrust” to “Trust”  “Any” “VIP(ethernet0/0)” “Crestron 41790” permit
    set policy id 7
    exit
    set policy id 9 from “Untrust” to “Trust”  “Any” “VIP(ethernet0/0)” “SIP_NexVortex” permit
    set policy id 9
    exit
    set pppoe name “ATT"
    set pppoe name “ATT” username "harri06665@att.net” password "zyx/nrFRN3yZ6tsbYKCZ00GFWfngM/n03Q=="
    set nsmgmt bulkcli reboot-timeout 60
    set ssh version v2
    set config lock timeout 5
    unset license-key auto-update
    set telnet client enable
    set ntp server "time.nist.gov"
    set wlan 0 channel auto
    set wlan 1 channel auto
    set wlan change-channel-timer 0
    set ssid name xxxxx
    set ssid ssss authentication wpa2-psk passphrase xxxxxxx encryption auto
    set ssid ssss interface wireless0
    set snmp port listen 161
    set snmp port trap 162
    set snmpv3 local-engine id "0168102006001911"
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset add-default-route
    exit
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    exit


 

42
Online

38.5k
Users

12.7k
Topics

44.5k
Posts