Strange issue with Sonicwall TZ 100/Asterisk 1.8 and a famous VOIP ISP

I want to tell a very strange issue occoured some weeks ago using pbx Asterisk 1.8, an router/firewall Sonicwall TZ 100 and a famous Voip ISP.

The system has always worked fine until a couple of weeks ago (pls see in linkografia for config used in Sonicwall TZ100).

Without any warning one day calls began to be randomly “one way”: the caller can hear but the called cannot. Briefly here is what we have verified togheter with the Voip ISP customer care.

Asterik & SonicWall & Voip ISP
In (1) the SIP protocol Asterisk -> Voip ISP

INVITE sip:XXXXX SIP/2.0
........
m=audio 15936 RTP/AVP 18 3 97 8 0 101
.......

Voip ISP -> Asterisk

SIP/2.0 200 OK
...
m=audio 34480 RTP/AVP 8 101
...

According with Sip/SDP the RTP Voice flow use the next UDP/ports.

Asterisk->Voip ISP
src port: 15936
dst port: 34480

Voip ISP -> Asterisk
src port: 34480
dst port: 15926

In (2) we can observe the same SIP packets, but the RTP flow is different.

Asterisk->Voip ISP
src port: 14146
dst port: 34480

Voip ISP->Asterisk
src port: 34480
dst port: 14146

We can see that the src port Asterisk->Voip ISP is different: this is because the SonicWall introduce a NAT in the middle, and because this the src port is changed.

Att.: This happen in a lot of gateway that use NAT not SIP-friendly: the src ports is different from the ports declared in SIP protocol that start the call. Almost all the Voip ISP know this behavior and permit that the call happen correctly.

Att.: In SonicWall, and other similar device, it is possible to activate a more SIP-friendly NAT behavior (named SIP ALG), that avoid change in src port, but this functionality generally does not work well with asterisk-pbx and introduce other problems.

The problem in one-way comm is that after some hundreds of mS the src port change: after this time in (2) we can the following.

Asterisk->Voip ISP
src port: 15166
dst port: 34480

The SonicWall NAT, for unknown causes, for a lot of calls behaves differently and after some hundreds of mS that the call is established change the used src port in RTP voice flow.

We have also verified that the Voip ISP recently had changed the policy and forbid change in src port when the call is established: this was the reason for randomly one-way call.

Solution: Re-configure the SonicWall to use a separated/dedicated Ip Address only for Asterisk Pbx, using NAT 1:1 (it is possible to get a lot of documentation about this kind of configuration).

After that we have used NAT 1:1 WAN Ipaddress -> Lan IP Address Asterisk PBX an all the problem was solved.

Att.: It is important to configure carefully the firewall to permit packets to Asterisk pbx only from the Voip ISP addresses !

Linkografia
Asterisk with Sonicwall TZ100