Panasonic NS700 SIP Trunk Requirements
1. Introduction
The purpose of this document is to define the firewall and general router configuration necessary to implement Voice over Internet Protocol (VoIP) communications using a Panasonic PBX across a local area network.
Disclaimer:
The information contained within in this document is updated regularly to keep abreast of current trends. Best 4 Business Communications cannot accept responsibility for costs you may incur should it be necessary to update your network as a result of changes to this information.
2. IP Addresses
Two static IP Addresses required outside scope of DHCP. These must be assigned by the network administrator responsible for the site. These addresses are referred to as IP Address A and IP Address B throughout this guide.
- IP Address A - used for SIP
- IP Address B - used for Voice Media
If the installation is to use IP handsets, then a sufficient quantity of DHCP addresses should also be available. A separate article is available describing bespoke DHCP Options that automate the installation of Panasonic IP Phones.
3. NAT Forwards
Mandatory Forwards
Optional Forwards
Port Number
| Forward To
| Purpose
|
UDP 2727
| IP Address A
| MGCP
|
UDP 9300
| IP Address A
| PTAP
|
If 3rd party SIP or Panasonic Mobile Softphone is required
Public Port
| Translate to
| Forward To
|
UDP 58453
| UDP 5060
| IP Address "A"
|
4. Firewall Rules
Ingress and egress traffic from the following IP Addresses must be permitted.
Inbound Rules (Mandatory)
Source IP Address
| Destination IP Address
| Source Port
| Destination Port
| Purpose
|
93.95.124.0/24
| IP Address A
| TCP/UDP 5060
| TCP/UDP 35060
| SIP
|
93.95.124.0/24
| IP Address B
| UDP 10000 - 60000
| UDP 16000 - 16511
| Voice Media
|
146.101.248.192/26
| IP Address A
| TCP/UDP 5060
| TCP/UDP 35060
| SIP
|
146.101.248.192/26
| IP Address B
| UDP 10000 - 60000
| UDP 16000 - 16511
| Voice Media
|
46.102.218.74
| IP Address A
| Any
| TCP 35300 - 35301
| Admin
|
Outbound Rules (Mandatory)
Source IP Address
| Destination IP Address
| Source Port
| Destination Port
| Purpose
|
IP Address A
| 93.95.124.0/24
| TCP/UDP 35060
| TCP/UDP 5060
| SIP
|
IP Address B
| 93.95.124.0/24
| UDP 16000 - 16511
| UDP 10000 - 60000
| Voice Media
|
IP Address A
| 146.101.248.192/26
| TCP/UDP 35060
| TCP/UDP 5060
| SIP
|
IP Address B
| 146.101.248.192/26
| UDP 16000 - 16511
| UDP 10000 - 60000
| Voice Media
|
IP Address A
| 8.8.8.8 + 1.1.1.1
| UDP 53
| UDP 53
| DNS
|
IP Address A
| 216.239.35.0
| UDP 123
| UDP 123
| NTP
|
IP Address A
| 142.0.176.0/20
| Any
| TCP 587
| SMTP
|
Optional Inbound Rules (Only required if implementing IP Extensions over NAT)
Source IP
| Destination IP Address
| Source Port
| Destination Port
| Purpose
|
Any UK
| IP Address A
| Any
| UDP 2727
| MGCP
|
Any UK
| IP Address A
| Any
| UDP 9300
| PTAP
|
Any UK | IP Address B | Any | | Audio |
5. ICMP
Please set your firewall to permit ICMP packets from 93.95.124.0/24 and 146.101.248.192/26. These are purely intended to monitor the health of the SIP Trunk.
6. SIP ALG
SIP ALG must be disabled on all routers. SIP Application Layer Gateway (ALG) is common in many routers and in many cases enabled by default. Its primary use is to modify VoIP packets to aid NAT traversal. Active SIP ALG has been known to cause a mixture of problems by adjusting or terminating VoIP packets incorrectly, manifesting in a range of intermittent issues such as one way audio, dropped calls, problems transferring calls and handsets dropping registration.
B4BC will be unable to accept any faults or investigate any issues with its VoIP service if SIP ALG is enabled. For instructions on disabling this feature please refer to the specific router user guide.
7. UDP NAT Session Timeout
Some routers have been reported to close NAT pinholes despite the PBX sending a keep-alive signal every 20 seconds. To protect against this occurring, it is recommended that UDP NAT
Timeout on the router is set higher than the SIP registration refresh interval for the PBX.
That is higher than 600 seconds. Many routers default settings will terminate idle UDP sessions after a very short time (typically less then 30 seconds).
The effect of this is that following SIP registration, inbound calls will only be successful for the first few seconds after registration, and inbound calls presented outside the default UDP session time will invariably fail until the user agent re-registers. To prevent this scenario, it is vitally important that the edge router’s UDP NAT session timer is set to an appropriate value. Please refer to your vendor’s documentation for instruction.
8. Quality of Service
Quality of service (QOS) refers to the ability of your router to prioritise voice traffic (VoIP) differently from regular internet traffic leaving your network. VoIP uses a real time protocol which means that if information is lost or delayed it will result in a noticeable drop in call quality or a complete loss of it. Symptoms of network congestion include garbled speech and dropped calls.
A VoIP call consists of two basic components, signalling and RTP (the actual conversation). B4BC uses the G711 codec to encode RTP which requires 87 kbps per call. SIP itself uses up to 65.5 kbps per call.
To this end, sufficient bandwidth should be reserved to satisfy the quantity of voice channels and/or remote extensions connected to the network.
9. Virtual LAN
If you require VLANs to be used, we will need to know which physical port/s to connect to in the case of port based VLANs.
In the event that an IEEE802.1Q tagged VLAN is to be used, we will need to know the required VLAN tag values.
Installations on VLANs do require prior planning, and often require cooperation between ourselves and the network administrator/s. If a installation on a VLAN is required, please make us aware of this as soon as possible.