Mitel Forums - The Unofficial Source
Mitel Forums => MiVoice Office 250/Mitel 5000 => Topic started by: d95gas on April 12, 2013, 02:32:39 PM
-
Hi everyone,
well been lurking around the forum for some time now, well since we got our first Mitel 5000 CP system (System Release [5.0.46]: Mitel 5000 Release mtl-5000-5_0-release-17) about 8 months ago, fantastic resource to help the "newbies" :-)
Anyway, pretty much got into the interface and happy with all the setup and configuring handsets etc, so time to move onto new areas (for me).
I have a couple of users who work remotely, so need to put the Mitel 5312 into their homes and set them on on their DSL connections.
Here is what info I have:
System is 5000 CP and have setup the NAT in in the two relevant locations. Have got the WAN IP address and port forwarding and that all works fine as I frequently connect remotely with the Admin & Diag software.
I believe I am going to need a list of ports to open on the users DSL router, and forward to whatever IP address their system assigns to the 5312.
From here I am a bit stuck.
Would anyone be good enough to do a flowchart or similar of the process involved to get this working from outside the business network, or point me to a decent flowchart that I can use to set this all up.
In my head I am probably over complicating the whole process, so hoping with your guidance I can complete this task without too much grief.
Oh my licensing also shows that I have 6 spare "IP Network licenses" in addition to having plenty of "CAT D licenses"
Any help would be really appreciated.
D95
-
You are seriously overthinking it...
For remote users, generally nothing needs to be done on the remote end, standard router, NAT, basic firewall, etc, are all fine... generally nothing needs to be "opened up" or port forwarded in your standard SOHO router (Linksys, Netgear, DLink, or embedded DSL modem router). Note if you are building a VPN tunnel to the main location, these requirements change, but that doesn't seem to be the plan here.
On the 5000 end, port forwarding needs to be done on a range of ports to the 5000, including:
67&68/UDP
69&20001/UDP
6800-6802/TCP
3998&3999/TCP
50098-50508/UDP
6004-6261/UDP
You also need to make sure the System NAT address (ie. the public IP address of the router forwarding ports to the 5000) is set properly in TWO places:
System\IP Settings\System NAT IP Address
System\Devices and Feature Codes\IP Connections\P6000\NAT IP Address
And to finish it all off, on the remote phones themselves in:
System\Devices and Feature Codes\Phones\<Ext num>\IP Settings
Change the NAT Address Type to NAT.
Boot the phone, hold down 7 and enter Teleworker Mode, enter the public IP from the System NAT Address above and all should be happy in the world!!!
If you are using G.711 (uncompressed) CODEC, which is the default, that is all that is required!
The IP Networking Licenses are to network together multiple 5000 controllers using Inter-Tel Networking Protocol, these are often included in non-networked systems because they are typically included in "bundles" that vendors sell.
The Class "D" licenses are the licenses for Mitel IP Phones and will be automatically and dynamically allocated as needed to phones currently online.
-
AWESOME! AWESOME AWESOME! ;D
Acejavelin that was exactly what I was looking for, spot on write-up that and I have followed to the letter. I will test this later today from my home location first, as I know I have decent connectivity and I have full access to the router if needed.
Just to confirm I have followed and hung on your every word ;) I took a couple of screenshots of each stage, if you wouldn't mind checking?
First one is the Ports setup as being opened on the Draytek 2800 - This is the 5000 CP end:
Fingers crossed for later today for the big test :D
Once again Acejavelin many thanks for the superb "idiots guide"
Graeme
[Post modified by Ralph to remove IP addresses that my cause a security risk]
-
Hello
You've missed a System NAT IP address on the main IP settings page, I would also delete the screen shots as you don't want everyone knowing your external address and the fact you have a lovely 5000 sat there accepting Minet connections :)
If you have any users on a BT Homehub you can expect some issues, swap it out for anything else really but we normally use Draytek.
Apart from that you should be good to go.
(I'm really being good here stopping myself from reconfiguring my 5312 to your external IP and trying to guess some passwords ;D )
-
(I'm really being good here stopping myself from reconfiguring my 5312 to your external IP and trying to guess some passwords ;D )
d95gas, take the hint here and edit your screen shots. Hate to see you get hacked.
Ralph
-
Also, although I am not familair with the Draytek Routers, usually "Opening" ports and Port Forwarding are different, but if it worked for programming (44000) then it should be the right one, just an "incorrect" name.
NTEDave and Ralph seemed to catch the the only stuff that stands out to me as well.
-
(I'm really being good here stopping myself from reconfiguring my 5312 to your external IP and trying to guess some passwords ;D )
d95gas, take the hint here and edit your screen shots. Hate to see you get hacked.
Ralph
Thanks Dave. I would alter the Image BUT, for some reason I dont have the ability to edit my own posts :-( have asked Ralph to do the necessary.
And if you are the person I think you are :-) I know you are a good lad and would'nt do such dirty deeds :-) You in Peterlee ?
the NAT Address I missed: is it the one where it currently states 255.255.255.255 ??
Our system engineer either put that in or it was defaulted on install, hence I left it, So you are saying I need to change that for the WAN IP address (NAT) ?
-
I removed the screen shots.
Ralph
-
:D yes you need to set this NAT IP address up to be you external IP address as well.
Yes I'm in Peterlee, which Graeme are you then? I know about four who are spelt that way?
-
:D yes you need to set this NAT IP address up to be you external IP address as well.
Yes I'm in Peterlee, which Graeme are you then? I know about four who are spelt that way?
Thanks Ralph.
-
:D yes you need to set this NAT IP address up to be you external IP address as well.
Yes I'm in Peterlee, which Graeme are you then? I know about four who are spelt that way?
Thanks Ralph.
I was the I.T Manager at "Northern Training Trust" all those years ago :-)
-
Ah right, I was racking my brains trying to think which Graeme I would know that may have these questions! :)
Are you still in the North East then? Give me a shout if you need any help on site, Mitel 5000 is what I do nearly all day every day.
-
Yep still in the North-east and still into I.T, although I now cover from M4 Gloucester up to the Shetlands and across to Belfast :-) just a small area. I will keep you in mind on the Mitel side, although you know my supplier "Graham - Online Unified" ;-)
-
Ahh yes I know Graham. Wouldn't want to stand on his toes :D
-
Well finally got round to installing and testing this. On trying it through the normal method we add the Mitel's to the system, previously defining ICP on the phone to the NAT address of the system, I continually got to DHCP then the error "Option 128 Missing".
So tried with the pressing 7 and putting the handset to teleworker mode, this worked fine, got an address from the system and applied the extension number. So happy about that.
BUT,
On using the remote extension I have found:
1. I can ring internal extension numbers fine. but when ringing external numbers I just get silence. The display shows as if the call
is connected and you can see the countdown timer running......but total silence.
2. When I dial an internal extension and it hits Voicemail. I can see the voicemail recording counting up, but I don't hear the other
ends voicemail initial speech.
Any ideas where I might have slipped up ????
thanks
graeme
-
Check your gateways normally it will be a routing issue if you have no/one way speech.
Sounds like your internal extensions gateway might be right but your system may be incorrect, are they the same?
-
Well finally got round to installing and testing this. On trying it through the normal method we add the Mitel's to the system, previously defining ICP on the phone to the NAT address of the system, I continually got to DHCP then the error "Option 128 Missing".
So tried with the pressing 7 and putting the handset to teleworker mode, this worked fine, got an address from the system and applied the extension number. So happy about that.
Yes, as you discovered the phones must be in Teleworker mode and have the IP address set properly, or they will fail with an "Option xxx missing" and not boot properly.
...You also need to make sure the System NAT address (ie. the public IP address of the router forwarding ports to the 5000) is set properly in TWO places:
System\IP Settings\System NAT IP Address
System\Devices and Feature Codes\IP Connections\P6000\NAT IP Address
And to finish it all off, on the remote phones themselves in:
System\Devices and Feature Codes\Phones\<Ext num>\IP Settings
Change the NAT Address Type to NAT.
Check these three settings... if they are all correct and you are getting one-way/no audio, it is a networking issue, ports not forwarded correctly or other settings. These are the three main ones you can control. The most common one I see is on the phone itself, changing the NAT Type.
-
Thanks for the advice guys.
I have checked the two places on the Mitel;
System\IP Settings\System NAT IP Address
System\Devices and Feature Codes\IP Connections\P6000\NAT IP Address
Both settings have the same WAN IP address
on the remote phone have changed it to NAT
Router is a Draytek 2820 and have the open ports set as per the attachment:
Still no voice........
On the phone I have set the ICP to the WAN Address and in Teleworker mode given the WAN Address.
Thanks
Graeme
-
I know it's not ideal but you could temporarily put the Mitel in the DMZ to eliminate a port forward issue.
You don't have an expansion processor do you?
-
put the phone in the DMZ, now when I dial from the Remote teleworker phone, I can hear the other end fine, but they cannot hear me.....Grrrrr frustrating :-)
-
I actually meant the phone system, try putting the system in the DMZ and see what happens.
-
Another thing to try is disabling SIP ALG on the router if it has an option.
-
put the phone in the DMZ, now when I dial from the Remote teleworker phone, I can hear the other end fine, but they cannot hear me.....Grrrrr frustrating :-)
Yes, DMZ the system and try again. This does appear to be a port forwarding issue.
-
You will HAVE to disable SIP Alg on the Draytek. You can only do this through the command line interface. I have 2830 here that works fine once you have SIP Alg turned off. BTW guys, on the Draytek opening the ports is all you need, it automatically punches them through the firewall for you.
-
Okay guys, I have:
System on DMZ
the phone on the remote end on DMZ
Still only one way traffic I can hear them (system end) they cannot hear me (remote)
On the Draytek's on both ends, have checked sip_alg and both confirmed as disabled.
Both ends are running across ADSL and both have 6mb down and 512k up. Currently no network issues, and the half of the call we do get is good quality.
Any more suggestions :-(
Thanks for your input.
-
Just to confirm the "Open Ports" on the System end, we have probably gone to the extreme after scanning every tech document we could find, but we can always remove later once its working. The following have been opened:
(https://dl.dropboxusercontent.com/u/8684635/Temp/Open%20Ports%20System%20End.png)
Also, ran Syslog on the remote end whilst making a call to the system end (192.168.1.202) the following is the result:
(https://dl.dropboxusercontent.com/u/8684635/Temp/Traffic.png)
-
Have you checked the SIP Alg from the command line? My guess is still the SIP_Alg if its not been done from the command line.
-
Have you checked the SIP Alg from the command line? My guess is still the SIP_Alg if its not been done from the command line.
Yep checked from command line and SIP_ALG is off on both ends.
-
mmm... thinking a bit differently now, do both Draytek routers support VPN.
Could you just setup a VPN between all sites?
Also looking at your port forwarding it looks like entry 6 is forwarding most UDP ports 6000 - 60000, is this your intent?
-
mmm... thinking a bit differently now, do both Draytek routers support VPN.
Could you just setup a VPN between all sites?
Also looking at your port forwarding it looks like entry 6 is forwarding most UDP ports 6000 - 60000, is this your intent?
VPN was our next thought. Entry No 6 was just a test.....If I recall, at the moment we are just trying to expand what we have to see if it has any effect. Nothing we seem to do makes any difference.
when looking at the Syslog from the Draytek you can see when the call is made, starts off ok, but the second the call is answered the log is flooded with "User: 192.168.1.201 -> 192.168.3.10 (ICMP) Destination Unreachable�"
both routers can ping each other with no problems. And we thought by putting the phone and the system in the DMZ it would solve the problem.......but we were wrong again.
So now just banging heads against the wall!!!!!
-
I wouldn't worry about putting phone in DMZ, just have it NATting normally.
Remove all port forwarding from system router and put system in DMZ, leave remote phone behind NAT. Test and see what happens.
-
I wouldn't worry about putting phone in DMZ, just have it NATting normally.
Remove all port forwarding from system router and put system in DMZ, leave remote phone behind NAT. Test and see what happens.
Okay removed all open ports.
System placed into DMZ
Remote phone removed from DMZ and just NATing.
Result was that we lost the audio coming from the system end . (Originally, on the remote phone, I could hear the system end, they could not hear me)
Place phone back in DMZ . I can hear the system end, they cannot hear me
-
I am not familiar with Draytek routers so I am of limited help.
Is there other firewall rules in place on the router? It sounds like there could be some really restrictive rule on outbound.
Disable firewall rules if applicable.
Do you have other routers that you could try? Or maybe try the VPN tunnel.
-
I am not familiar with Draytek routers so I am of limited help.
Is there other firewall rules in place on the router? It sounds like there could be some really restrictive rule on outbound.
Disable firewall rules if applicable.
Do you have other routers that you could try? Or maybe try the VPN tunnel.
The crazy thing is that there are no other firewall rules. In fact yesterday afternoon we disabled the firewall on both ends for a short period and it never changed anything. Really am getting frustrated with something that should really be plug n play with some minor adjustments of the ports.
Just seems that no matter what we try, it makes no difference to the system. Even gone to the extreme of adding additional open ports that control other elements of Mitels, and still no luck,
As you can see from the logs above, it connects - communicates then seems to block the incoming voice packets, outgoing is no issue.
Going to stick a PC on the other end and run the "network qualifier" to see if that shows up anything......But for now I am stumped.
-
Have you tried defaulting the Drayteks back to factory ( or would that be too complicated). I had issues like this when I was trying to get my MBG on a 3300 to work (its simple really but I had messed about that much with it...). I defaulted the router (2830) and set it up as was with the username etc. and did the routing bit (and turned off sip on the command line) and bingo it worked first time.
Its so easy to change something on these routers and mess them up they are so configurable.
-
Have you tried defaulting the Drayteks back to factory ( or would that be too complicated). I had issues like this when I was trying to get my MBG on a 3300 to work (its simple really but I had messed about that much with it...). I defaulted the router (2830) and set it up as was with the username etc. and did the routing bit (and turned off sip on the command line) and bingo it worked first time.
Its so easy to change something on these routers and mess them up they are so configurable.
Unfortunately that would give us a headache as currently we are working remote and would have no way of getting back into the router unless we were at the remote site :-( but very confident nothing else has been changed, pretty much left "as-is" out of the box.
Had two of confirm all the settings, and that SIP_ALG is off on both ends. We are just waiting to get someone to hook up a laptop at the remote end so we can run the network qualifier to see if that throws any light on the subject.
I do appreciate the suggestions and information, all to easy to "miss the obvious" sometimes :-)
-
Well back from my travels yet again, so again its time to try and get this dam teleworker working.
So, we have swapped out the previous handset for another 5312 that was working on the system fine.
Phone configured in Teleworker mode with the remote end WAN IP
Phone has been configured for NAT mode
Server has the relevant WAN IP in the relevant places
Mitel 5000 unit is in the DMZ on the remote end.
Various ports opened on either end (Previous to putting 5000 in DMZ)
Current state: Teleworker phone boots and connects fine from remote location. All correct relevant info is displayed on the screen, Ext, Phone ID, Date & Time
From the teleworker phone; I phone an extension on the system. I can hear them. They cannot hear me. Same applies if the remote end initiates the call.
The 5000 end of the network is using a Draytek Vigor 2820
The Teleworker end is using a Draytek Vigor 2830
Both have recent firmware on.
I am now scratching my head where the issue could be, so any advice from out there in "Mitel Land" would be very much welcome in order to restore my sanity.
Thanks.
-
Try changing the 2820 Firmware to 3.3.3
Don't use any DMZ at either end.