One way voice when dialing out

blackshuck13 · September 29, 2015, 6:21pm

I am are getting one way voice on a mitel, but only when we dial out.

It is a CCR1009 running RouterOS 6.25

I have added an accept all firewall rule for testing and the following NAT rules;
dst-nat - dst.address = [WANIP] protocol = 17(udp) to.address = 192.168.88.2 to.ports = 5060
src=nat - src.address = 192.168.88.2 protocol = 17(udp) to.address = [WANIP] to.ports = 5060
dst-nat - dst.address = [WANIP] protocol = 17(udp) to.address = 192.168.88.2 to.ports = 6000-40000
src=nat - src.address = 192.168.88.2 protocol = 17(udp) to.address = [WANIP] to.ports = 6000-40000

I have also disabled h.323 and SIP under Service Ports

We have inherited this from an older IT company and will have to swap it out if we cannot get the issues resolved. If you need any more of the config, I can provide it here

Many thanks to anyone able to help out

Abador · March 10, 2016, 6:14pm

Hello.
I have the same problem, but with a Polycom RealPresence application.
I can’t see or hear anything. The other side sees and hears me perfectly.

pukkita · March 10, 2016, 8:07pm

I assume the WAN IP is a public one, not a private one (i.e. a LAN ip from a DSL router or similar)

Cannot understand what you are trying to accomplish by those rules, posting the actual export (/ip firewall nat export) editing/masking out public ip will definitely help.

Van9018 · March 11, 2016, 9:36am

Audio issues for SIP is usually from port translation. Port Translation is normal in routers. It may happen for only outbound (or inbound) calls due to the way SIP devices may send audio packets before receiving audio, routers may do port translation based on what comes first - inbound or outbound packets.

In the end for SIP, you should rely on SIP-ALG and use no NAT rules. Or give your SIP device a public IP. I find SIP-ALG works very well with Mikrotik. I’ve also found SIP-ALG to be badly implemented on Sonicwalls and DLinks.

When Mikrotik forwards a UDP packet outbound, it’ll automatically forward replies to the internal device for up to 3 minutes. Since your SIP device will likely be set to register every 2 minutes, the connection is forever open. No need to forward port 5060 to your internal IP.

Then with SIP-ALG enabled, the Mikrotik will read the SIP packets and forward RTP audio ports dynamically. If the Mikrotik chooses to do port translation, it’ll update the SIP packets on their way out. So no port ranges required. On my phone system installs, I never set any NAT rules (other than the default masquerade rule).

So first try enabling SIP in IP > Firewall > Service Ports and deleting your NAT rules. Any better?

As for Abador and Polycom RealPresence, I believe that uses H323, but same story.

Also note that if you’re using load balancing, you need to set your PBX/Phone to use only one IP address.

And then your wan IP on the Mikrotik needs to be a public IP.