• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi

 

We face some issues dialing external VTC's using SIP. H323 works. The same dial rule on our DMA should redirect external calling attempts to our RPAD.

 

For some reason SIP doesn't work. We dial from RPD. I can see that DMA attempts to signal with RPAD and that TCP5061 traffic goes through the firewall. The calls however failover to H323. The call log on our RPAD shows nothing about these attempts.

 

Someone told me to use this dial rule for both SIP and H323. Dial external networks by H.323 URL, Email ID or SIP URI (without any scripts)

 

I did but things don't work. I have tried to add my RPAD as an external SIP peer and make a dial rule to route external SIP calls this way. But this gives me some odd results. And I'd rather set this up right.

 

The disconnect reason on the DMA says proxy terminated (assuming it's the RPAD that doesn't accept the call). If you need some logs please say so.

 

I have been monitoring our firewall all along. And no denies happen in this communication.

16 REPLIES 16
HP Recommended

Hello MathuasSEC

 

What port do you use in the Site - SIP routing settings (on DMA or on RM)?

What ports do you use in the RPAD's Internalnal Port Settings?

 

What software verision of DMA and RPAD do you have?

 

 

 

Regards

 

 

HP Recommended

Please share the following details to trobleshoot further:-

 

1) Version of DMA and RPAD

2) What Service records you have created in internal and external domain?

3) In which mode you have configured RPAD((DMZ or pure public IP)?

4) Have you cheaked logs on firewall in RPAD in DMZ mode?

 

BR

Yash Pal

HP Recommended

Thanks for the replies.

I have attached the SIP routing settings (2.JPG). IP-address is the private on of the RPAD. I have also attached the RPAD external/internal port settings. (1.JPG). Also please see the DMA SIP signaling settings (3.JPG).

RPAD: 4.0.1_build_15927
DMA: 6.1.2_Build_169630

External to internal calls work fine. SRV records are these (but I don't think it should matter much when inbound calls to VMR's work?) - at least I thought only the initiator searched for the SRV-record and the opposite site just routed back using the IP-address? If I'm wrong we might have an issue as the SIP URI of the initiator when we dial internal to external is username@ourdomain.loc (generated by RPRM). This .loc domain is obviously not known to the remote external parties. (but again not sure if it matters)

We have split DNS so our external domain exists internally - but the records are "cloned".

H.323 point to video.ourdomain.xx
_h323ls._udp.ourdomain.xx                         UDP 1719
_h323cs._tcp.ourdomain.xx                          TCP 1720

SIP point to video.ourdomain.xx
_sips._tcp.ourdomain.xx                               TCP 5016
_sip._tcp.ourdomain.xx                                  TCP 5060
_sip._udp.ourdomain.xx                                UDP 5060

A Record
video.ourdomain.xx        rpad public address on the external side and rpad private address internally.                                               

RPAD is in its own DMZ statically NAT'ed to a public address (which our external service record uses). We only use one port (external) on the RPAD.

Whenever we dial I tried filtering the RPAD public/private addresses in our firewall log. Also tried filtering on the DMA IP address. I see no denies here.

HP Recommended

Hi

 

Your RPAD is listening TCP ports 5070, 5071 for SIP calls from DMA, but DMA sends SIP calls to TCP 5061, and RPAD doesn't recieve them.

 

On the RM Site settings -> SIP routing, change the SIP port from 5061 to 5071.

 

Regards

HP Recommended

We only use eth0 on RPAD (external port) - see attached. For me it seems 5071 is used if you use the internal port as well. I may be wrong though?

HP Recommended

From RPAD Administrator guide 4.1

 

"The system also has default internal SIP port settings used for communication to and from the
RealPresence DMA system, which acts as the SIP server. "

 

RPAD uses Exteral Ports for communication with external\Internet users and Internal ports for communication with local SIP server (DMA).

 

 

 

Regards

 

HP Recommended

Thanks for the reply.

 

I was told by an SE (who I can't reach at the moment) that I didn't need to use an extra port. H323 works as is though without using the RPAD internal port.

So in this case I was setup eth1 as internal port in say the same LAN (or another LAN) as the DMA and make the SIP routing for this site go through to the LAN IP of RPAD? Sounds plausible.

Is this THE way to do it? We would rather put as much security in our firewall as possible and not have the RPAD route between (or at least have an interface) in both DMZ and LAN. Surely we could add an extra LAN, but it seems overly complicated for this task.

HP Recommended

there is some misunderstanding.

 

I mean the TCP port not ethernet port.

 

You just need specify the same port in the RM's Site settings and RPAD's SIP internal ports settings.

H323 works because you use the same ports 1719+1720 for External and Internal ports on RPAD.

 

 

Regards

HP Recommended

I see. We tried some changes, but are still challenged.

 

I setup the SIP routing to use port 5071. Allowed the traffic in our firewall. Can see the traffic passes through, whenever we dial internal to external.

 

But nothing appears in the RPAD call log - only DMA. Did a packet capture on RPAD and can see that it sends an ICMP unreachable back to the DMA as response to the SIP invite. (UDP 5071). It is as if it doesn't listen on the port. RPAD is setup as per the screenshot uploaded here earlier.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.