Dear All
We have RB2011 and two subnets 10.0.79.0/24 and 10.0.93.0/24. PBX is on the subnet 10.0.79.0/24 all the phones on this subnet are working just fine but on subnet 10.0.93.0/24 we have two phones which have problems in communication with the network 10.0.79.0 (line drop or resetting or one way audio). Communication between this two phones on net 10.0.93 is simply not possible is there any assistance please. NAT is used as
chain=srcnat action=masquerade src-address=10.0.79.0/24 log=no
log-prefix=“”
chain=srcnat action=masquerade src-address=10.0.93.0/24 log=no
log-prefix=“”
No firewall rules
Thank you for any help please 
You using just one Mikrotik where Port 2 is 10.0.79.0/24 and Port 3 is 10.0.93.0/24? No NAT required, remove the masquerade rules.
Usually one-way audio and no-audio issues are from PAT (port address translation). RouterOS is good at not altering port numbers but it’s not guaranteed. Also when using NAT the dynamic ports that were opened may close after a timeout if no sip packets were received in x amount of time. This could be your dropped call issue.
With VoIP, life is easier when you avoid NAT altogether. If your two networks are in different locations, use a site to site IPSec VPN.
Also, try disabling the SIP helper
chain=srcnat action=masquerade src-address=10.0.79.0/24 log=no log-prefix=“”
chain=srcnat action=masquerade src-address=10.0.93.0/24 log=no log-prefix=“”
you should specify an output interface, towards the internet (i guess) so not all traffic, but only the one
that leaves the router will be src-NAT-ed.
the current config will nat everything dynamically, and the to-address will be chosen based on the
interface the packet leaves the router. i hardly think that this is what you want.
Dear doneware
Do you have some example how to NAT only the traffic that goes out to internet.
Disabling SIP is not an option
Dear All
Got it and have tested problem was trivial but all genius solutions are very simple like Mr. Doneware suggested in out interface I have putted outer IP address and sing and dance over the phones everything works nice 
Thank you, thank you very much
I suggested disabling the SIP helper, not SIP.
/ ip firewall service-port set sip disabled=yes
Dear All
Although everything works fine lot better than before is there something more because it seams that after some time after conversation (5-10min) two phones(10.0.93.245 and 10.0.93.132) need reset.
What handsets are you using?
Dear All
Its panasonic KX-NT321 PBX is panasonic KX-NCP500. This only happends on this two phones which are on 10.0.93.XXX so maybe something has to be added on the router.
For marrold SIP helper is disabeled
thanks for the eforts
Dear All
When everything is OK looking at the connections we have sra10.0.93.132:2427-dsta 10.0.79.245:2727 and 10.0.93.132:9301-10.0.79.245:9300 when this is present everything works perfect but after some time elapse it only stays 10.0.93.132:9301-10.0.79.245:9300 which does not have dial tone nor this client can hear you call him. 10.0.79.245 is the address of PBX. why this connection on port 2427 and 2727 is closed after time elapse and maybe how to enable it forever
Do the phones work at all? Do they work a while and stop working?
Yes they are everything is perfect until time elapse when you make a phone call and you finish time starts to count down on ports 2427 and 2727 if you do not make any call during this time count down (1h) it will close this connection thru this ports and live only thru ports 9300 and 9301 with this you do not hear phone signal
This definitely sounds like a NAT issue. I’m unfamiliar on the Panasonic ports and protocols, but with for example a Cisco SPA504G it’s possible to set a ‘NAT keep alive’ option that sends a SIP OPTIONS packet at regular intervals to keep the established connection up.
Can you configure any keep alive, or decrease the registration timeout on this system?
Dear Mr. Marrold
The phone does not have such option and registration time is 60s no problem with registration. The only problem is on this two phones on subnet out of PBX. as temporary solution works increasing udp stream timeout to a days and then resetting the phones and do nothing for few days. So it has to be some settings on a router why it closes open ports 2427on client and 2727 on PBX after time elapses
Yes, it’s more than likely the router due to NAT. If the router sees no traffic from/to these ports for 3 minutes, it will close the connection and remove it from it’s conn track table.
I’m not familiar with Panasonic, what are these ports for?
According to panasonic on this ports goes Media Gateway Control Protocol.
Used for call control command data and LCD/LED data transmission.
Is there some command which will tell the router not to close ports if no traffic
Adjusting the UDP stream timeout, as you have suggested. But this is wrong and could break NAT.
You should fix the issues with the phones, rather than bending the router to get it to work, ideally.
Why can’t they be in the same subnet, or no NAT?
Well this two networks 10.0.79.xxx and 10.0.93.xxx are administration and production so these two phone lines on 10.0.93 belong to production so physically they can not be on the same network with PBX
Present status with NAT is
chain=srcnat action=masquerade src-address=10.0.79.0/24
out-interface=ether1 SBB OPTIKA log=no log-prefix=“”
chain=srcnat action=masquerade src-address=10.0.93.0/24
out-interface=ether1 SBB OPTIKA log=no log-prefix=“”
“Ether1 SBBOPTIKA” is out gate away
If I disable both NAT rules and reset the phones after 3min they will block and this is UDP stream time by default
So the only thing that works for now is increasing UDP stream time I know its far away from perfect but works
If you need any other info it is no problem to provide