WinGate Forums

[funknshine]

Our customer uses Wingate v5.07 B826 for their corporate network. My company has been tasked with installing a Cisco IP phone solution on the network. The phones are Cisco 7960s with the latest SIP firmware (7.1).

The only devices behind Wingate are the phones - the SIP registrar, SIP proxy, TFTP, HTTP and DNS servers all sit outside the Wingate server on the public network on the other side of a leased line connection. The inside network is 192.168.0.0/24. The Wingate server is .85 and .93 has been assigned to the phone. The outside network is X.Y.Z.192/26 and the Wingate server resides on .245, with the TFTP, DNS, HTTP and SIP servers on .236.



A simplified outline of the phone's bootup process is as follows:

1. Phone connects to the TFTP server on port 69 and downloads configuration, then the latest firmware (if newer).

2. Phone connects to the DNS server on port 53 and resolves the name of the SIP server.

3. Phone connects to the SIP server on port 5060 and registers itself as a SIP-UA.

4. Phone connects to the DNS server and resolves the name of the HTTP server.

5. Phone connects to the HTTP server on port 80 and downloads the screen display image.


I have set up an "Assumed User" named "IP Phone" bound to the .93 address and set the global "System Policy" to allow assumed users access to all configured services. Under "Extended Networking," "Port Security,” I have added all of the relevant ports for SIP (5060), DNS (53) TFTP (69) and RTP (5000-5999). HTTP has an entry by default. I have configured both TCP and UDP for those protocols that may use either. I am logging all possible events for all protocols.

The phone boots and fails to reach the TFTP server. It tries dozens of times and then boots from the stored firmware image. It also fails to connect to the SIP server. It is able to retrieve the display image via http and therefore seems to also resolve the HTTP server name via DNS, but I only see a "System Message" entry for HTTP. After it boots all the way up, it is not registered with the SIP server and cannot place or receive calls. I have confirmed the phone's requests are reaching the Wingate server by capturing packets on the private network interface with Ethereal.

If I replace the phone with my laptop (Windows XP) on the same .93 IP address, I immediately have access to download files from the TFTP server, to resolve names via DNS, to register and place/receive calls on a SIP softphone, and to retrieve the display image file via HTTP. If I place the Cisco phone on a public address, it boots up perfectly and can place/receive calls.

Could the moderators suggest a resolution to this issue, or do any users have experience with making the Wingate server work with Cisco phones?

Thanks,

Tom

[Pascal]

How does the phone connect through WinGate ? I'm not familiar with their setup - but do you point them at a proxy or do they use NAT ?

[funknshine]

It is connecting through NAT. I outlined this in my original post:

Under "Extended Networking," "Port Security,” I have added all of the relevant ports for SIP (5060), DNS (53) TFTP (69) and RTP (5000-5999). HTTP has an entry by default. I have configured both TCP and UDP for those protocols that may use either.

The phones point to the public address of the SIP/DNS/TFTP/HTTP server. I have had these phones working from behind a PIX and other firewalls/NAT routers with no problem.

Thanks for the quick reply,

Tom

How does the phone connect through WinGate ? I'm not familiar with their setup - but do you point them at a proxy or do they use NAT ?

[Pascal]

If you enable full debug logging on the ENS Service, does that indicate anything ?

The fact that your laptop works fine when connecting to it indicates that there must be some difference between the phone and your laptop's connection method. It could be that a simple packet capture would indicate what the difference are - looking at the SYN packets for each attempt would give you a good idea of where to start looking.