Author Topic: Remote User  (Read 4762 times)

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Remote User
« on: May 19, 2017, 04:45:55 PM »
So I'm having a heckuva time getting a 5330 phone to connect from my home.

I've got a  public IP just for this purpose and firewall is forwarding all ports to the 5000.

On the Phone, I've tried two ways:

under remote worker gateway - entered the public IP

and

under manual IP4 settings, added the public IP under TFTP server and ICP

both of these then hang at "contacting server".

I can see the traffic at the firewall - its allowed 20001 UDP followed by a bunch of 6801 TCP ...

Whats happening (or not happening?) that might be preventing the phone from connecting to the 5000?


Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #1 on: May 19, 2017, 04:59:12 PM »
.. I forgot to mention, I do have the Public IP in the DB under IP Connections>NAT IP Address and for the phone, Nat Address Type set to NAT 

Offline tech1302

  • Contributer
  • *
  • Posts: 13
  • Country: gb
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #2 on: May 21, 2017, 03:42:31 AM »
you need all these ports open for it to work

67-68 UDP
69 UDP
20001 UDP
3998-3999 TCP
6800-6802 TCP
5004-5007 UDP
6004-6261 UDP
6604-7039 UDP
50098-50508 UDP

Plus put the public IP under IP connections (P6000)

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Remote User
« Reply #3 on: May 21, 2017, 04:09:48 PM »
edtomfish,

Alright, let's start at the beginning and see where things are at.

Under System > Devices and Feature Codes > IP Connections: Set the Base IP connections Public IP Address
Under System > Devices and Feature Codes > IP Connections: Set the PEC IP connections Public IP Address <-- This requires a second public IP Address or audio won't work if you don't have a PEC ignore this step.

Since you say that you have a full 1:1 NAT then opening ports is not the issue, but some firewalls still do block information if not setup properly.

To get a phone to come up it only requires connecting to the Base IP Address. The PEC is only going to effect audio not the phone functionality.

So, we know when a phone tries to connect it will boot up and look at the Public IP pointed to the Base NIC. It will look for TFTP [UDP: 69 or 20001] to see if it needs a new software load. It will then look to make a MiNet [TCP: 6800-6802] data connection to the Base NIC. At this point the phone should come up and start working as MiNet is for Call Control, but without SAC [TCP:3998-3999] HTML and DSS/BLF functions won't work so you should see those coming from the MiVO-250.

It sounds like your ports 6800-6802 are not getting through in both directions so I would look at that first.

Once it is up then you will need to worry about your audio getting through.
Base NIC: UDP: 6004-6261
PEC NIC: UDP: 6604-7039

You will need two different public IP Addresses if you have a PEC there is no way around this!!!

I know that Tech1302 has a few more ports on their listing, but some of those are for different style phones.

5004-5007 = Inter-Tel IP Endpoints
50098 - 50508 = Mitel IP Endpoints going out which usually does not have to be opened up unless the firewall is really locked down.

Also as you know you will need the phone to be setup as NAT; which you already stated.

Hope that helps.

Thanks,

TE

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #4 on: May 22, 2017, 11:19:23 AM »
Thank you for the reply.  I'm going to double check everything you posted but I think I've narrowed this down but I'm confused as to why/how to resolve.

I'm watching the traffic at the firewall.  Looks like the phone is making an initial request to TCP port 20001 and then its on to port TCP 6801 over and over again.  The firewall is letting it thru and passing to the Mitel so I did a port scan on the server and that port isn't open (6800 is however). 

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #5 on: May 22, 2017, 12:15:14 PM »

So, we know when a phone tries to connect it will boot up and look at the Public IP pointed to the Base NIC. It will look for TFTP [UDP: 69 or 20001] to see if it needs a new software load. It will then look to make a MiNet [TCP: 6800-6802] data connection to the Base NIC. At this point the phone should come up and start working as MiNet is for Call Control, but without SAC [TCP:3998-3999] HTML and DSS/BLF functions won't work so you should see those coming from the MiVO-250.

It sounds like your ports 6800-6802 are not getting through in both directions so I would look at that first.

TE

Double checked everything...

So you're right, this is where we are right now.  6801, 6802 are not showing open on the Mitel box and the phone is trying to reach it on 6801.  What would cause this?

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #6 on: May 22, 2017, 05:58:40 PM »
Every single one of these is open on the firewall, however, not all seem to be open on the mitel box and I believe 6801 and 6802 are the reason why the phone is hanging up.

you need all these ports open for it to work

67-68 UDP
69 UDP
20001 UDP
3998-3999 TCP
6800-6802 TCP
5004-5007 UDP
6004-6261 UDP
6604-7039 UDP
50098-50508 UDP

Plus put the public IP under IP connections (P6000)

Offline tech1302

  • Contributer
  • *
  • Posts: 13
  • Country: gb
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #7 on: May 22, 2017, 06:07:33 PM »
you can see the open ports from the web firewall section.

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #8 on: May 22, 2017, 07:18:19 PM »
Sure enough.  I didn't know this existed.  It doesn't show 6801 as being open.  I attempted to add a rule here to allow it, but that did seem to do anything.  I'm not seeing much documentation on this anywhere either.  Is this builtin firewall accessible another way?

you can see the open ports from the web firewall section.

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Remote User
« Reply #9 on: May 23, 2017, 02:22:14 PM »
edtomfish,

Unfortunately I do not have a MiVO-250 to test with so I can't answer as to what ports you should see open and which you shouldn't. If memory serves me correctly the system should have responded, but the phone should have sent the request on port 6800.

Sorry,

TE

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Remote User
« Reply #10 on: May 24, 2017, 09:49:42 PM »
edtomfish,

I don't know if you are still working on this, but it just occurred to me that the local phones are up and working fine without ports 6801-6802 being open on the system so this most likely is not the issue. Have you tried to perform a Wireshark capture from a phone on site to the MiVO-250 and see the ports that are used and in what order they occur in. This should help you figure out where the communication failure is.

I am currently working on our 3300 side and will be working on them throughout the Summer with no access to a MiVO-250, but if you can get the Wireshark captures from both sides I can help you translate what is going on.

Thanks,

TE

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #11 on: May 25, 2017, 01:53:20 PM »
I just did this actually and was coming back to follow up!

So the packets are making it in to the LAN.  Looking at the capture, the local phones are communicating via 6800 which is OPEN.  The external phones are communicating (trying to) on 6801 and that port is closed.  I see the packets come in and RST ACK.

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #12 on: May 25, 2017, 01:55:21 PM »
I don't see any local traffic attempting 6801, or any external's trying to use 6800.


Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: Remote User
« Reply #13 on: May 25, 2017, 10:54:08 PM »
edtomfish,

I know you have probably already tried this, but have you taken the phone into the LAN set its extension for Native and made sure it comes up without any issues?

Does the phone system have the proper gateway and can it ping something outside the network? You can do this through the command console of the MiVO-250.

It seems like you are right on the cusp of getting this to work, but just missing something not so obvious at the moment. Are there any other Teleworker phones working? Can you try your phone to another MiVO-250 that you know has working Teleworker phones?

I don't think your problem is with port 6801 not being open on the system. I will have some time tomorrow night to work on my system at home and see if I can figure anything out.

Thanks,

TE

Offline edtomfish

  • Contributer
  • *
  • Posts: 22
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Remote User
« Reply #14 on: May 26, 2017, 07:50:04 AM »
I appreciate your thoughts here... sometimes its just nice to know someone is listening, lol.

I cant get any phone to working outside the office.  Tried 3 different phones at 3 different locations.

The phone works on the LAN perfectly (first thing tried)

Gateway is good.  It can communicate outside fine.  Proof of this is that it can TFTP (UDP port 20001) with the phones just fine.

The only difference I'm seeing is that all the internal phones are using port 6800 and anytime outside they are wanting to use 6801 and those packets aren't being heard by the server. 

The problem might NOT be 6801 not being open on the system, but if thats the case the problem is the phones using 6801 and not 6800.

The only thing I have NOT done is tried this phone on another 250 which I'm trying to work out...mainly because I want to see what that traffic looks like compared to what I'm seeing now.


 

Sitemap 1 2 3 4 5 6 7 8 9 10