MikroTik

Hello again, this is a special request since is a very complex from my point of view setup so any help will be very well appreciated.

I have a Grandstream VoIP PBX, connected to my Mikrotik. This PBX is setted up in DUAL mode to be able to use two different SIP providers.

On the WAN interface from PBX there is one of the SIP providers configured, on the LAN is the internal LAN network and in one Mikrotik port is setted up the second sip provider. this was the only solution that i've found in order to be able to connect two different SIP providers in one two ports Grandstream UCM.

on the Mikrotik i have setted up SIP ALG since is the only way that i can have both ways audio, but i can only have a couple of SIP channels working because as soon as I have the third concurrent call, there is no audio in one way.

if I dissable SIP ALG i lost audio in every call.

I have setted up SIP ALG adding ports 20000 and 30000 since this feature does not allow me to ad a group of ports for example "20000-30000", i can only set up one by line until I reach 6.

if I dissable SIP ALG and NAT the ports 10000-20000 I lost audio.

I have no clue where I can be wrong, I have been trying several approaches, so any advise will be very well appreciated.

Thanks in advance.

Indeed, you could have a multitude of problems in your scenario, but let's get back to the beginning: did you try disabling only "SIP Direct Media" option before completely disabling SIP helper?

I don't quite understand your setup. On my Grandstream + Mikrotik setups I leave SIP ALG on, turn sip-direct-media off and set the two ports on the UCM to switch/bridge mode so neither port is a WAN port. It's then like a 2 port switch. I don't use any NAT whatsoever because that's what the SIP ALG is supposed to do. I have setup multiple VOIP providers as well and there haven't been any issues. With ALG, you can't use secure SIP (SIPS)

The SIP ALG is supposed to read your SIP messages and setup dynamic port forwarding. You don't have to forward 5060 because it naturally port forwards anyway. Your PBX will register every 2 minutes, so the UPD port 5060 stays forwarded. It's a bit more secure because it stays forwarded only for the host that PBX tried to register to. A NAT rule for 5060 is thus unnecessary.

The SIP-Direct-Media (a component of SIP ALG) is supposed to modify your sip messages so that inbound and outbound audio will skip the PBX and go to the phone. VOIP is flexible like this, SIP only manages the call, the audio can go direct. However your PBX and handset are likely set to forward all audio through the PBX. This will result in your handset dropping audio that doesn't come from your PBX. This may account for your one-way or no-way audio.

If your PBX ethernet ports are configured WAN & LAN, then I think all your handsets must be on the LAN port and VOIP providers must be out the WAN.. I think... In Switch/bridge mode, then PBX and handsets only need to be on the same LAN. I find this setup a little easier to understand.

On other vendors like DLink and SonicWall, the SIP ALG implementations are broken.