The purpose of this document is to define the firewall and general router configuration necessary to implement B4BC’s Voice over Internet Protocol (VoIP) communications on a local area network.
Traffic to/from to the following IP Addresses must be permitted.
We recommend allowing the entire range of addresses listed below as this will allow for future expansion of the VoIP Network while reducing the likelihood that you will have to modify your firewall rules in future.
Source IP Address | Source Port | Destination IP Addresses | Destination Ports |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.55.0/24 194.50.56.0/24 52.29.124.181 3.124.165.251 119.28.67.228 52.221.130.73 | TCP 20 - 25 TCP 389 TCP/UDP 3478 TCP 80 TCP 443 TCP 8443 TCP 21050 - 21051 UDP 21059 UDP 5060 UDP 10000 - 20000 UDP 30000 - 50000 |
Please note, these IP Addresses are subject to change.
Source IP Address | Source Port | Destination IP Address | Destination Port | Destination URL | Purpose |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.35 | UDP 5060 | hosted.sip2sip.net | Registration |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.39 | UDP 5060 & 10000 - 20000 | ast1.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.40 | UDP 5060 & 10000 - 20000 | ast2.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.30 | UDP 5060 & 10000 - 20000 | ast3.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.29 | UDP 5060 & 10000 - 20000 | ast4.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.28 | UDP 5060 & 10000 - 20000 | ast5.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.27 | UDP 5060 & 10000 - 20000 | ast6.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.31 | UDP 5060 & 10000 - 20000 | ast7.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.32 | UDP 5060 & 10000 - 20000 | ast8.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.49 | UDP 5060 & 10000 - 20000 | ast9.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.50 | UDP 5060 & 10000 - 20000 | ast10.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.23 | UDP 5060 & 10000 - 20000 | ast1-vm.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.24 | UDP 5060 & 10000 - 20000 | ast2-vm.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.51 | UDP 5060 & 10000 - 20000 | ast3-vm.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.52 | UDP 5060 & 10000 - 20000 | ast4-vm.sip2sip.net | RTP & SIP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.55.17 | UDP 53 | ns1.sip2sip.net | DNS |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.55.15 | UDP 53 | ns2.sip2sip.net | DNS |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.55.15 | UDP 123 | ntp.sip2sip.net | NTP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.15 | TCP 80, 443 & 8443 | haproxy.sip2sip.net | Services |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.37 | TCP 80 & 443 | hosted.b4bc.co.uk | Web Portal |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.71 | TCP 20 - 25 & 389 | extservices.sip2sip.net | S|FTP SMTP LDAP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.72 | TCP 20 - 25 & 389 | extservices1.sip2sip.net | S|FTP SMTP LDAP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.73 | TCP 20 - 25 & 389 | extservices2.sip2sip.net | S|FTP SMTP LDAP |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.58 | UDP/TCP 3478 | stun1.sip2sip.net | STUN |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.59 | UDP/TCP 3478 | stun2.sip2sip.net | STUN |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.116 | UDP 30000 - 50000 | webrtc1.sip2sip.net | Mobex |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.119 | UDP 30000 - 50000 | webrtc2.sip2sip.net | Mobex |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.114 | UDP 30000 - 50000 | webrtc-drac1.sip2sip.net | Mobex (To be depreciated) |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.114 | TCP 443 & 8443 | webrtc-drac1.sip2sip.net | Mobex (To be depreciated) |
LAN Network or Voice VLAN | 1023 - 65535 | TCP 443 | sqs.eu-west-2.amazonaws.com | WebRTC Stats | |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.26 | TCP 21050 - 21051 | uc.sip2sip.net | UC Plus (CTI) |
LAN Network or Voice VLAN | 1023 - 65535 | 194.50.56.26 | UDP 21059 | uc.sip2sip.net | UC Plus (CTI) |
LAN Network or Voice VLAN | 1023 - 65535 | 3.124.165.251 | TCP 80 & 443 | rpscloud.yealink.com | Redirect |
LAN Network or Voice VLAN | 1023 - 65535 | 119.28.67.228 | TCP 80 & 443 | fdps.fanvil.com | Redirect |
LAN Network or Voice VLAN | 1023 - 65535 | 52.221.130.73 | TCP 80 & 443 | fm.grandstream.com | Redirect |
LAN Network or Voice VLAN | 1023 - 65535 | 52.29.124.181 | TCP 80 & 443 | rps.yealink.com | Redirect |
*.sip2sip.netrps.yealink.comrpscloud.yealink.comfdps.fanvil.comfm.grandstream.com
The preferred IP address assignment mechanism is DHCP as installations typically take less time to complete. Static address assignments are only used when absolutely necessary. Please also refer to the section relating to VLAN.
SIP ALG must always be disabled on the sites router/firewall.
SIP Application Layer Gateway (SIP ALG) is common in many routers and in most cases enabled by default. Its primary use is to modify VoIP packets to aid NAT traversal. Active SIP ALG has been known to cause a plethora of problems caused by adjusting VoIP packets incorrectly, manifesting in a range of intermittent issues such as one way audio, dropped calls, problems transferring calls and handsets dropping registration.
For instructions on disabling SIP ALG, please refer to your router’s documentation.
B4BC will be unable to accept any faults or issues with its VoIP service if SIP ALG is enabled.
B4BC configures its VoIP user agents to perform a SIP registration every 600 seconds with the ITSP. This is an outbound initiated connection utilising the UDP protocol. The purpose of the registration is to inform the ITSP how to route calls to the respective user agent.
Many routers terminate idle UDP sessions after only a few seconds. The effect of this is that following SIP registration, inbound calls will only be successful for those first few seconds after registration. After this period, inbound calls will fail (Assuming the UDP connection has been idle) until the registration expires and the user agent re-registers.
To prevent this scenario, it is vitally important that the edge router’s UDP NAT session timer is set to a value of at least 620 seconds. Please refer to your router vendor’s documentation for instruction.
Quality of service (QOS) refers to the ability of your router to prioritize voice traffic (VoIP) differently than regular internet traffic on your network. VoIP is a real time protocol which means that if information is lost or delayed it will result in a noticeable drop in call quality or a complete loss of it. Symptoms of network congestion include garbled audio, dropped calls and echo.
B4BC recommend that all VoIP installations have QOS enabled, however in certain scenarios, QOS may not be effective due to insufficient WAN bandwidth, and a 2nd internet connection intended for the sole transmission of VoIP may be required.
We will need to know in advance which physical port to connect to in the case of port based VLANs, or any VLAN Tags which may be required for IEEE802.1Q type networks.
Disclaimer:
The information contained within in this document may change to keep abreast of current trends. Best 4 Business Communications cannot accept responsibility for costs you may incur should it be necessary to modify your network as a result of an update to this information.