SIP/VoIP routing issue, one way or no speech

RouterOS General
1

Hello everyone!

I’m hoping someone can help me with a rather frustrating issue regarding routing of SIP/VoIP traffic. Take note I have Googled and read all previous posts/threads I could possibly find but have had no success. I have completed the MTCNA course but I believe this problem is beyond the scope so hopefully someone will be able to offer some insight.

Basically what I am trying to achieve is to use a MikroTik RB750GL to route VoIP traffic to and from a Samsung OfficeServ 7200 PABX to the SIP provider in this case Neotel. The reason I need to achieve this setup, is because the Samsung PABX needs to remain on the customer’s LAN IP range for the IP phones to work but it also can only have one IP address so changing it’s IP to the “public” IP is not possible.

The setup is as follows:

-A Samsung OfficeServ 7200 PABX is on a customer LAN IP of 10.1.1.10/24 and 10.1.1.11/24 (MGI card which handles RTP traffic) both using gateway 10.1.1.9 ( MikroTik)
-Neotel supplied a “public” IP which is actually a private IP on their WAN by installing equipment at customer’s premises. This so called CPE “public” IP is configured on ether1 on the RB750GL with say 10.0.0.36/29 and it’s gateway 10.0.0.33. The SIP/SBC server is 10.8.0.5 to which the SIP/VoIP traffic is sent to.
-A MikroTik RB750GL (RouterboardOS version 5.22), LAN range set to 10.1.1.9/24 on ether2 (Which is the gateway for Samsung) and 10.0.0.36/29 on ether1 which is the CPE IP for Neotel.


I have done the following & done packet captures to see what is happening:

  1. Added a route to 10.8.0.5 to use ether1 (10.0.0.36) so that the Samsung PABX can reach the SIP server.

  2. If only add a dst-nat rule to route/forward all udp traffic from 10.8.0.5 to 10.1.1.10, then calls can be received in but there is only one way speech (from the Samsung to Neotel but not from Neotel to the Samsung) because the RTP packets route fine from the Samsung (10.1.1.11 RTP & 10.1.1.10 SIP) to 10.8.0.5 (Neotel) but RTP packets appear to be dropped on Neotel’s side since it can’t route back 10.1.1.11. So what needs to then happen is that all outgoing packets need to acually return to 10.0.0.36 (CPE IP) and then be forwarded to 10.1.1.11. (Samsung)

  3. So to correct above problem I add a src-nat rule to masquerade all outgoing traffic on ether1, meaning all RTP traffic will return to the “public Neotel IP” (10.0.0.36) on the RB750 and not the 10.1.1.11 IP of the Samsung. If I do this then there is no speech at all because the router can’t seem to forward the RTP traffic destined for 10.0.0.36 to the LAN IP of 10.1.1.11. This is even with a dst-nat rule that forwards udp traffic from src address 10.8.0.5 and dst address 10.0.0.36 to dst-address 10.1.1.11 on the LAN.

Hoping somebody can give any advise/suggestions as to what I can try. Also note I have also tested all the above with the SIP helper disabled but it seemed to have made no difference.

Thanks & Regards,
Alan