I have been working with a customer who moved to a new office to setup everything for them. The voip phones are not working right they can call out however no one can call in. I have been on the phone with Polycom guys yesterday at that time Comcast had sent the wrong router it was the Netgear one so they have hooked up another last night the SMCD3G-CCR which is supposed to be good and work with these phone and voip. I have tried everything to get them to work and still cannot dial in. I have made sure the firewall setting were correct on the router where those two check boxes were checked. I also added port forwarding to port 5060 to the IP address of one of the phones then rebooted the phone and still nothing. Polycom tech says that he cannot see the phone on his end. Please help! Can anyone tell me what I need to do to get these guys phones working correctly. Thanks for any help that you can provide!
Hello afurlani and welcome,
If you are not a Comcast VoiceEdge customer then it might be prudent for you to check out the Polycom User guide which may be able to provide you assistance. Most VOIP devices have a main VOIP server device that the SIP phones will access for VOIP internal and external telephony functionality. These VOIP devices must also have a static IP address to make sure that the VOIP phones can consistently access, as well. If you could provide us more detail of your overal network environment we could provide additional assistance.
Look forward to hearing from you.
The Network is simple I just have the SMCD3G-CCr hooked up with the Polycom phones plugged into the router. I also have a Netgear Wireless router so that they could have wireless in the office. There are twp PC's and wireless printer very simple setup. The IP address of the phone is 10.0.10.11. The IP address of the Router is 10.1.10.1 which I can access with no issues. DSCI sent me a document on the issue that is happening which is one way audio. I pasted that below if that helps at all. I don't really understand this IP stuff. Thanks for your help! What other information do you need?
The following section has been documented to help the customer network administrator
facilitate the appropriate changes prior to an UCx demonstration or UCx deployment.
DSCI deploys the UCx product in such a way to reduce the amount of time a customer must
spend configuring their Security devices. Typically, a customer’s network is UCx ready if the
customer supports a security device (router or firewall) which performs basic NAT. General
network connectivity must be established prior to installing phones on the customer LAN. This
means that NAT/PAT should be functional and provide basic Internet browsing prior to installing
If a customer has locked down their network using IP Access Lists (ACL) or firewall policies, the
customer should verify the following ports are not restricted from making outbound connections
from the Customer’s LAN. The customer should not need to make any inbound allotments for
the proper functionality of the UCx product.
FTP TCP/20-21 outbound to host 126.96.36.199
NTP TCP/123 outbound to host 188.8.131.52/24
SBC Charlestown Public
SIP TCP/5060 outbound to host 184.108.40.206
SIP UDP/5060 outbound to host 220.127.116.11
RTP UDP/60000-65535 to host 18.104.22.168
SBC Waltham Public
SIP TCP/5060 outbound to host 22.214.171.124
SIP UDP/5060 outbound to host 126.96.36.199
RTP UDP/60000-65535 to host 188.8.131.52
HTTP TCP/80 outbound to 184.108.40.206
HTTPS TCP/443 outbound to 220.127.116.11
FTP TCP/20-21 outbound to 18.104.22.168
HTTP TCP/80 outbound to 22.214.171.124
HTTPS TCP/443 outbound to 126.96.36.199
FTP TCP/20-21 outbound to 188.8.131.52
HTTP TCP/80 outbound to 184.108.40.206
HTTPS TCP/443 outbound to 220.127.116.11
FTP TCP/20-21 outbound to 18.104.22.168
HTTP TCP/80 outbound to 22.214.171.124
HTTPS TCP/443 outbound to 126.96.36.199
FTP TCP/20-21 outbound to 188.8.131.52
XMPP TCP/5222 outbound to dscicorp.bc.im (currently 184.108.40.206)
XMPP TCP/1081 outbound to dscicorp.bc.im (currently 220.127.116.11)
HTTPS TCP/443 outbound to webmeet.dscicorp.com (currently 18.104.22.168)
HTTP TCP/80 outbound to bria.dsci-net.com (currently 22.214.171.124)
HTTPS TCP/443 outbound to secure.counterpath.com (currently 126.96.36.199)
Manufacturers are adding features to their security devices which alter VoIP traffic as it
traverses the firewall. These devices attempt to mask the internal IP information required by the
ACME Packet to properly communicate with the UCx phone. For this reason, it is required to
disable all VoIP Application awareness features configurable on the firewall. Failure to do so
will cause one way audio issues and call route failures.
Cisco PIX Firewalls
Cisco’s Fixup performs application layer modifications which are not desirable for DSCI’s VoIP.
There are two global Fixup commands which must be disabled to allow the SIP protocol to
traverse the security device unchanged.
All other commands, to include session timers, should be left at their default. Administrators
should note that if a “clear xlate” is performed, UCx phones will cease to function correctly, until
they are rebooted or the phones re-register.
no fixup protocol sip 5060
no fixup protocol sip udp 5060
Cisco ASA Firewalls
Like Cisco’s PIX Firewall, the ASA version needs to have SIP ALG services disabled.
To determine whether the Cisco PIX or Cisco ASA security appliance is configured to support
inspection of sip packets, log in to the device and issue the CLI command show service-policy |
include sip. If the output contains the text Inspect: sip and some statistics, then the device has
SIP inspection enabled. The following example shows a Cisco ASA with SIP inspection
asa#show service-policy | include sip
Inspect: sip, packet 123612, drop 23, reset-drop 0
no inspect sip
Cisco IOS Routers (Using NAT/PAT)
It is recommended that IP Reflexive ACLs are enabled to ensure valid two-way communication
is not restricted. Reflexive ACLs will allow dynamic port mappings for SIP and RTP to occur
when using PAT.
Newer IOSs have a NAT Service which performs packet modification much like fixup for Cisco
Firewalls which needs to be disabled. Administrators should note that if a “clear ip nat
translation *” is performed, UCx phones will cease to function correctly, until they are rebooted
No ip nat service sip udp port 5060
IP Inspect is part of Cisco’s Firewall feature set and is not supported.
Adtran Total Access (Using NAT/PAT)
Adtran routers which have “ip firewall” enabled should have the following two global
configuration entries disabled
no ip firewall alg h323
no ip firewall alg sip
Juniper Netscreen 5-GT
The Netscreens have a Denial of Service (DoS) feature for UDP traffic which should be
disabled. If this feature triggers, VoIP traffic will be blocked, causing call termination. Netscreen
v5.3.0r1.0 (Firewall+VPN) was tested and certified by DSCI as a supported Security Device.
Security Mode: trust-untrust
ALG SIP: DISABLED
UDP Flood Protection: DISABLED
The following SonicWall settings should be set to allow for UCx Phones to properly
communicate through the firewall.
Enable Consistent NAT: DISABLED
Enable SIP Transformations: DISABLED
Enable H.323 Transformations: DISABLED
The following FortiGate Firewall Session Helper must be removed to disable the firewall’s ability
to manipulate SIP traffic.
show sys session-helper
#find the SIP helper ID #
config sys session-help
More hardware configuration notes will be added as additional equipment is certified.
Please see my comments below. Thanks much.
The Network is simple I just have the SMCD3G-CCr hooked up with the Polycom phones plugged into the router. I also have a Netgear Wireless router so that they could have wireless in the office. There are twp PC's and wireless printer very simple setup.
Does this NetGear Wireless Router directly support VOIP? If it does, then you will need to conect NetGear for the VOIP configuration settings. If it does not support VOIP, then you will need check out this link and contact the VoiceEdge folks to see if this service is for you. If the Comcast VoiceEdge service is not for you, then you need to use this site to obtain Polycom support. Generally speaking about VOIP, the way it works is you must have some type of VOIP Server-like device that you VOIP phones interconnect with via a static IP address. When a VOIP phone want to initiate a call, it send an Enet packet with a SIP embedded subpacket that performs the overall VOIP call handling functionality. VOIP phones do not just plug into any wireless router without that device having VOIP server support. You VOIP phones must be registered within the VOIP server for them to work directionally at all. Most VOIP companies have dedicated virtual PBX capability that handles all external call processing.
The IP address of the phone is 10.0.10.11. The IP address of the Router is 10.1.10.1 which I can access with no issues. DSCI sent me a document on the issue that is happening which is one way audio. I pasted that below if that helps at all. I don't really understand this IP stuff. Thanks for your help! What other information do you need?
Honestly, I would recommend that you contact the Comcast VoiceEdge group to see if what they have to offer if for you. http://business.comcast.com/VoiceEdge (888) 751-9584