View Full Version : SIP tunneling

06-28-2010, 08:34 PM

What did I missed on connect QuadroM2 and QuadroIDSN connect via SIP tunneling (both behind NAT firewall)? e.g. Firewall ports need to open or forwards? Should I use port 5060 or other?

* master / slave device both setup @ each epygi
* both epygi use port 6000 for SIP tunneling (port forwarded from firewall)
* both behind NAT firewalls and both can detect opened ports via STUN
* both Quadro detected Symmetric NAT

Anyone got an example?


06-28-2010, 11:10 PM
Ordinarily - the Slave device needs to be on the Lan side of the master Quadro, typically on port 5060..

Let us know if that is different to your method.

Just a FYI - the M32X can theoretically have 6 x E1/T1 Gateways - 180 channels worth of ISDN where as only 60 odd channels are configurable on the Wan side.



06-29-2010, 12:49 AM
the 2 Quadro (QuadroM2 E1 & QuadroISDN) are all behind firewall (connection detected symmetric NAT), I'm going to setup SIP tunnel between these 2 VOIP gateway so calls can be routed between them.
I setup the tunnels between the 2 Quadro gateways, and open the firewall port 6000 so that they can talk, however, they can't registered and the error is saying "user not found".
The help session in the manual is too brief to carry out troubleshooting. Does the Quadro supporting the scenario of SIP tunnel between 2 gateway behind the firewall?

Anyone can help on giving an example or offer me idea on troubleshooting the SIP tunnel connection?

07-12-2010, 11:29 PM
I use an existing VPN tunnel between the 2 sites and attempt to establish a SIP tunnel using the VPN via the WAN port (like on the LAN). This eliminate one of the potential problem with port forwarding, however, I still can't make an SIP tunnel between the two devices.

Anyone can shed some light on that?

07-13-2010, 09:24 AM
Hi Waik
I'm missing the point for what purpose you are going to use the SIP tunnel. This feature is mainly for those who installed many Quadros at different office locations and want to have a unique private dial plan across all offices. Without SIP tunneling feature they could achieve the above mentioned goal in one of the following ways:
- Installing the SIP server, configuring it with the needed SIP accounts and dial plan and registering all extensions of all Quadros on that server. The drawbacks of this approach are (just mentioning some of them): the necessity of installation and configuration of primary and backup SIP servers; necessity of configuring new accounts on the server every time when new users are adding to existing Quadros, etc.
- Using the routing tables on Quadro to configure the unique dial plan without SIP server. The main problem with this approach is: the necessity of changing some or all routing tables every time when IP address of Quadro WAN changes
- Using the routing tables on Quadro to configure the unique dial plan without SIP server but to avoid the problems of the previous approach – using the hostnames in the routing tables rather than IP addresses that may change. This needs to configure the dynamic DNS on all Quadros with dynamic IP address.
With the SIP tunneling feature the user can easily build a PBX network of any size without any SIP server and the like.
Conceptually, the SIP tunnel is a two way tunnel that needs to be configured at both endpoint Quadros: on master Quadro it should be configured as a tunnel to slave device and on slave Quadro vice versa – as a tunnel to master device.
Also, when the SIP tunnel is configured between two Quadros, the Slave Quadro registers on Master (regular SIP registration) using the "User name" and password configured with the tunnel.

07-13-2010, 11:55 PM

Thanks for your post.

we have 2 sites and are using Quadro VOIP gateway (QuadroM, QuadroISDN - both connect to Panasonic PABX) we would like to using the WAN link (VPN with no ports blocked) to route inter-site calls. The SIP_tunnel is what we used to route calls between the 2 Quadro devices (without using a SIP server). However, by following the steps in the manual, we can't get pass the 1st step, establish authenication between master and slave Quadro devices.

we try
1. open firewall ports on both sites and port forwarding the chosen port to the Quadro.
2. then we use the WAN link (like a direct link)
but both are failed (either network failure or timeout), however, can ping each other in the web interface (network tool).

We're trying to establish inter-site calls using method 2 and 3 as listed in your post.

07-14-2010, 03:06 AM

Inter office calls are definitely possible I have several sites that are doing exactly that irrespective of the other cpe on the other side.

Draw youself a network map, include the IP Addresses and see if you have some form of overlap of IP addressing. If not look at a subnet mask in case some other problem is occuring because of packets going via the wrong gateway or even that the gateway itself is coming into play causing the poblem.

Draw yourself a map... fill in the details - post it here just incase ..



08-23-2010, 11:52 PM

To allow SIP tunneling to work, is there any requirement? e.g. it works with LAN port only? (based on your previous post - lan side of the master Quadro). i.e. not from the WAN port?


08-24-2010, 09:40 AM
SIP tunnel works both on LAN and WAN. The requirements are:
Slave device sends the SIP registration message to Master so the IP address and SIP port of the Master should be known by Slave and configured on Slave.
Master has to be able to receive the SIP registration messages from Slave, which means the firewall shall be open for those messages. Also, the same SIP user name and authentication password should be configured on both devcies otherwise, the Slave will not pass authentication.

10-19-2010, 10:01 PM
can I use the standard SIP port for the tunnels? I got the tunnels establish between the 2 Epygi devices. When make call and route thru the tunnel, master device said timeout but the slave device didn't have such event logged (i.e. seems no incoming call). any troubleshooting tips or setting that I can enable the logging in the slave device?