Author Topic: NAT'd 5330e IP Phones  (Read 9437 times)

Offline rhyanmeade

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
NAT'd 5330e IP Phones
« on: January 07, 2014, 01:01:40 PM »
Anyone had any luck getting 5330e IP phones to work at remote offices using only NAT?  A customer is requesting 3 remote offices have IP phones installed with NO VPN in place.  I've setup the IP phones with static addresses pointing back to the main 5000, and setup the NAT IP addressing in the 5000.  I can ping the TFTP address from the phone, but the phones simply say "Contacting Server".  Pretty sure I've opened up all the appropriate ports (even tried setting up the DMZ with no luck).  Any other suggestions?
Thanks.


Offline 619Tech

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 230
  • Country: us
  • Karma: +1/-0
    • View Profile
Re: NAT'd 5330e IP Phones
« Reply #1 on: January 07, 2014, 03:39:17 PM »
1. Make sure your NAT is programmed in both locations of the 5000 DB:
a. 5000CP/System/IP Settings/System NAT IP Address
b. 5000CP/System/Devices and Feature Codes/IP Connections/node/P6001(Example)/NAT IP Address

2. Make sure your desired endpoints are configured for NAT; They are set to Native by default:
5000CP/System/Devices and Feature Codes/Phones/x1000(Example)/IP Settings/NAT Address Type = NAT

3. My base endpoint firewall rules:
5566 TCP; 5567 UDP; 6004 – 6604 UDP on 5200
5566 TCP; 5567 UDP; 6004 – 7039 UDP on 5400 & 5600

4. Additional info for 53xx endpoints from documentation:
When using a Mitel 53xx from a remote/teleworker location, make sure port 69 is open on
the corporate firewall to allow communication to the 5000 CP server.

Offline cholzhauer

  • Full Member
  • ***
  • Posts: 194
  • Country: us
  • Karma: +1/-0
    • View Profile
Re: NAT'd 5330e IP Phones
« Reply #2 on: January 07, 2014, 04:10:27 PM »
Agreed.  I have dozens of 5340's working in this manner. 

Open these ports in the firewall:  tcp/3998-4000, tcp/5566, tcp/6800-6802, tcp/6880, udp/20001, udp/5004-5007, udp/6004-6261

Program phone to do TFTP over port 69, and direct it to the public IP address for the ICP IP Address and TFTP server address.

Done

Offline rhyanmeade

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: NAT'd 5330e IP Phones
« Reply #3 on: January 07, 2014, 05:19:48 PM »
I will have to assume I have an issue with the port forwarding on their Cisco E1000 routers then.  I have the DB programming setup, and the listed ports forwarded to the HX.  The only thing I was missing was the TFTP server port in the phone.  Same problem.  More than anything I wanted to verify that it will work as a remote user (not using teleworker), just a matter of playing with the ports/firewall to get it to work..

Thanks for the suggestions!!

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: NAT'd 5330e IP Phones
« Reply #4 on: January 08, 2014, 10:19:04 AM »
I will have to assume I have an issue with the port forwarding on their Cisco E1000 routers then.  I have the DB programming setup, and the listed ports forwarded to the HX.  The only thing I was missing was the TFTP server port in the phone.  Same problem.  More than anything I wanted to verify that it will work as a remote user (not using teleworker), just a matter of playing with the ports/firewall to get it to work..

Thanks for the suggestions!!
Generally, no port forwarding needs to be done at the remote site at all... If there is an issue it is with the firewall/router at the host site, we use the Cisco/Linksys E series all the time at remote offices and they work brilliantly. Actually, the best router we have used for smaller, remote sites for the money is the Cisco/Linksys WRT54GL (must be the GL model, Newegg has them for $49), then replace the stock firmware with Tomato firmware by Polarcloud available here (http://www.polarcloud.com/tomato), and it is free. Rock solid, run them for literally years without a single reboot.

On the local (5000) end, make sure all these ports are port forwarded to the 5000's internal IP:

- Voice Traffic (52xx/53xx): 69, 20001/UDP; 6800-6802/TCP; 3998 and 3999/TCP, 50098-50508/UDP; 6004-6261/UDP
- Maintenance/Remote Web Portal Users: 44000/TCP;  443/TCP;  22/TCP
 
« Last Edit: January 08, 2014, 10:24:42 AM by acejavelin »

Offline rhyanmeade

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: NAT'd 5330e IP Phones
« Reply #5 on: January 08, 2014, 12:36:18 PM »
Amazing how that works.  After 2 days fighting it I went and dug out an old WRT54G (luckily hadn't throw it away), set it up and the phones popped right on.  I really should have known better than trying to use the ISP Branded Netgear and Actiontec DSL routers as apparently they don't properly open ports.  Now the fun task of convincing our sales department to order me some more of these to finish the install..

Thanks guys.  Appreciate the help!!

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4099
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Re: NAT'd 5330e IP Phones
« Reply #6 on: January 08, 2014, 01:22:10 PM »
Amazing how that works.  After 2 days fighting it I went and dug out an old WRT54G (luckily hadn't throw it away), set it up and the phones popped right on.  I really should have known better than trying to use the ISP Branded Netgear and Actiontec DSL routers as apparently they don't properly open ports.  Now the fun task of convincing our sales department to order me some more of these to finish the install..

Thanks guys.  Appreciate the help!!
If you want to use the E1000's, make sure you're on the latest firmware update and turn off firewall and SPI, it works. DD-WRT makes a firmware for the E series as well, it works pretty good if you have a supported model/revision.

Sent from my Nexus 4 using Tapatalk



 

Sitemap 1 2 3 4 5 6 7 8 9 10