Здравствуйте. Прошу Вас помочь в такой ситуации. Недавно появилась необходимость подключить удаленный офис к нашей АТС предприятия, и все бы ничего, но при звонках с телефонов удаленного офиса - отсутствует звук, полностью в обе стороны. Хотя с этих телефонов можно звонить на межгород и международку через наш SIP-транк вполне нормально.
Пробовал сделать на маршрутизаторе one-to-one NAT (static NAT) - разницы нет.
Вот список портов прокинутый на маршрутизаторе: Адрес АТСки 192.168.10.126
Цитата:
nat server protocol tcp global WAN1_IP 22 inside 192.168.10.250 22
nat server protocol tcp global WAN1_IP 5060 inside 192.168.10.126 5060
nat server protocol udp global WAN1_IP 5061 inside 192.168.10.126 5061
nat server protocol tcp global WAN1_IP 5003 inside 192.168.10.126 5003
nat server protocol tcp global WAN1_IP 9500 inside 192.168.10.126 9500
nat server protocol tcp global WAN1_IP 8006 inside 192.168.10.250 8006
nat server protocol tcp global WAN1_IP 443 inside 192.168.10.252 443
nat server protocol tcp global WAN1_IP 9090 inside 192.168.10.126 9090
nat server protocol udp global WAN1_IP 9501 inside 192.168.10.126 9501
nat server protocol tcp global WAN1_IP 5061 inside 192.168.10.126 5061
nat server protocol tcp global WAN1_IP www inside 192.168.10.252 www
nat server protocol udp global WAN1_IP 5060 inside 192.168.10.126 5060
nat server protocol udp global WAN1_IP 5588 inside 192.168.10.126 5588
nat server protocol tcp global WAN1_IP 8080 inside 192.168.10.5 8080
nat server protocol tcp global WAN1_IP 37777 inside 192.168.10.24 37777
nat server protocol tcp global WAN1_IP 37780 inside 192.168.10.24 37780
nat server protocol udp global WAN1_IP 7000 inside 192.168.10.126 7000
nat server protocol udp global WAN1_IP 7001 inside 192.168.10.126 7001
nat server protocol udp global WAN1_IP 7002 inside 192.168.10.126 7002
nat server protocol udp global WAN1_IP 7004 inside 192.168.10.126 7003
nat server protocol tcp global WAN1_IP 8070 inside 192.168.10.126 www
nat server protocol udp global WAN1_IP 23000 inside 192.168.10.126 23000
Телефон подключается к АТСке извне нормально. Даже время актуальное получает с АТСки.
Внутри сети, телефоны звонят нормально и голос ходит.
Во вложении скриншоты настроек. И вот конфиг маршрутизатора. Пробросить на данном маршрутизаторе возможно только 256 портов. По этому сделать все пробросы, согласно скриноту с VOIM8 не получиться.
Цитата:
[HP-MSR20-20]display current-configuration
#
version 5.20, Release 2207P41, Standard
#
sysname HP-MSR20-20
#
firewall enable
#
domain default enable system
#
dns resolve
dns proxy enable
dns server 195.3.244.182
dns server 193.238.109.2
#
telnet server enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
ip http port 1025
#
system-failure maintain
#
acl number 2001
description ===BLOCKED===
acl number 2002
rule 0 permit source 192.168.10.0 0.0.0.255
#
acl number 3015
description ===2 QUEUE OUT===
acl number 3016
description ===2 QUEUE IN===
acl number 3020
description ===3 QUEUE OUT===
acl number 3021
description ===3 QUEUE IN===
rule 0 permit ip destination 192.168.10.220 0
rule 5 permit ip destination 192.168.10.79 0
rule 10 permit ip destination 192.168.10.132 0
rule 15 permit ip destination 192.168.10.8 0
acl number 3050 name PBX_TRAFFIC
rule 0 deny ip source 192.168.10.126 0 destination 10.10.10.0 0.0.0.255
rule 5 deny ip source 192.168.10.126 0 destination 192.168.10.0 0.0.0.255
rule 10 permit ip source 192.168.10.126 0 destination 0.0.0.0 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dar protocol-group 1
protocol BitTorrent
#
traffic classifier SOCIAL_NETS operator or
if-match acl 2002
if-match protocol http host ok.ru
traffic classifier P2P_LIMIT operator or
if-match protocol-group 1
#
traffic behavior ACTION_DENY
filter deny
#
qos policy POLICY_LIMIT_OUT
classifier P2P_LIMIT behavior ACTION_DENY
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher ]Y1.Y-M@-K6I6\J/;D=F8Q!!
authorization-attribute level 3
service-type telnet
service-type ftp
service-type web
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
shutdown
#
interface Ethernet0/0
port link-mode route
description ====LAN Network====
firewall packet-filter 2001 inbound
nat server protocol tcp global WAN1_IP 22 inside 192.168.10.250 22
nat server protocol tcp global WAN1_IP 5060 inside 192.168.10.126 5060
nat server protocol udp global WAN1_IP 5061 inside 192.168.10.126 5061
nat server protocol tcp global WAN1_IP 5003 inside 192.168.10.126 5003
nat server protocol tcp global WAN1_IP 9500 inside 192.168.10.126 9500
nat server protocol tcp global WAN1_IP 8006 inside 192.168.10.250 8006
nat server protocol tcp global WAN1_IP 443 inside 192.168.10.252 443
nat server protocol tcp global WAN1_IP 9090 inside 192.168.10.126 9090
nat server protocol udp global WAN1_IP 9501 inside 192.168.10.126 9501
nat server protocol tcp global WAN1_IP 5061 inside 192.168.10.126 5061
nat server protocol tcp global WAN1_IP www inside 192.168.10.252 www
nat server protocol udp global WAN1_IP 5060 inside 192.168.10.126 5060
nat server protocol udp global WAN1_IP 5588 inside 192.168.10.126 5588
nat server protocol tcp global WAN1_IP 8080 inside 192.168.10.5 8080
nat server protocol tcp global WAN1_IP 37777 inside 192.168.10.24 37777
nat server protocol tcp global WAN1_IP 37780 inside 192.168.10.24 37780
nat server protocol udp global WAN1_IP 7000 inside 192.168.10.126 7000
nat server protocol udp global WAN1_IP 7001 inside 192.168.10.126 7001
nat server protocol udp global WAN1_IP 7002 inside 192.168.10.126 7002
nat server protocol udp global WAN1_IP 7004 inside 192.168.10.126 7003
nat server protocol tcp global WAN1_IP 8070 inside 192.168.10.126 www
nat server protocol udp global WAN1_IP 23000 inside 192.168.10.126 23000
nat server protocol tcp global WAN1_IP 8071 inside 192.168.10.127 www
ip address 192.168.10.1 255.255.255.0
ip address 192.168.137.1 255.255.255.0 sub
ip address 10.10.10.1 255.255.255.0 sub
qos car inbound acl 3020 cir 4096 cbs 256000 ebs 0 green pass red discard
qos car outbound acl 3021 cir 4096 cbs 256000 ebs 0 green pass red discard
ip flow-ordering internal
#
interface Ethernet0/1
port link-mode route
description ====WAN Network====
firewall packet-filter 3001 outbound
nat outbound static
nat outbound
ip address WAN1_IP 255.255.255.252
ip address WAN2_IP 255.255.255.252 sub
dar enable
qos apply policy POLICY_LIMIT_OUT outbound
#
interface NULL0
#
interface Vlan-interface1
#
nqa entry admin ping00
type icmp-echo
destination ip WAN1_GW
frequency 1500
history-record enable
probe timeout 500
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
source interface Ethernet0/1
ttl 255
#
policy-based-route WAN2 permit node 10
if-match acl 3050
apply ip-address next-hop WAN2_GW
#
ip route-static 0.0.0.0 0.0.0.0 WAN1_GW permanent description ===WAN GW===
ip route-static 0.0.0.0 0.0.0.0 WAN2_GW permanent
#
info-center synchronous
info-center console channel 4
#
snmp-agent
snmp-agent local-engineid 800063A20320FDF1DF2D38
snmp-agent sys-info version all
undo snmp-agent trap enable voice dial
#
track 1 nqa entry admin ping00 reaction 1
#
command-alias enable
command-alias mapping display show
#
nqa schedule admin ping00 start-time now lifetime forever
#
nat static 192.168.10.126 WAN2_IP
#
ip flow-ordering stat-interval 10
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return