Several months ago we switched from AT&T DSL to AT&T Uverse at my home. It offered “cable” TV and quick Internet for a price that worked or us. Uverse also offers its own VoIP service but we declined that part of the service in favor of using a 3CX remote extension using a Sipura SPA3000 that I bought a few years back.In my experience so far, Uverse is not a Voip-friendly provider unless you use their service. For one, you are stuck with their gateway box. Yes, you can use the “DMZPlus” mode to add your own firewall into the mix but it’s far from perfect. I did manage to get my SPA3000 to work. The Aastra 5xi series of phones doesn’t have as many NAT traversal options however so it wasn’t quite as easy.
First I went to the Global SIP screen and set things up in the usual way so that the phone had the information needed to register to the PBX, etc.
This would work great if the phone could route directly to the PBX and back again but with Network Address Translation occurring on my end throws a monkey wrench into the works when it comes to SIP and RTP.
So next I looked on the Network settings. This is where all of the NAT options live. With typical cable or DSL service, I’d just set a STUN server, maybe check the Rport box and go. In the case of the Uverse 2Wire Residential Gateway, however no combination of these options that I tried worked.
So in the end it seemed necessary to take a look at the available settings on the 2Wire device and see what my options were. There weren’t many.
I ended up explicitly allowing the UDP ports that the phone uses. On the Uverse gateway. Here are the steps:
First I went to the Firewall tab and then Firewall Settings. I selected the phone from the Computer drop down and selected “Allow individual application(s)” like so.
Next, I clicked Add a new user-defined application and created a user-defined app as below.
The phone sends and receives RTP traffic on ports beginning with UDP 3000. I opened up ten ports allowing for five simultaneous calls. This seemed like more than enough for my purposes.
When I was done I clicked “Add Definition” and then the new user-defined app was ready to go. I Selected it on the following page, clicked Add, and then Done. After that the phone worked great.
What I did find odd is that I didn’t need to define a stun server on this phone to get it to work in this situation. The 2Wire residential gateway must do some sort of manipulation of SIP packets because from what I could tell all of the fields looked correct with the appropriate public IPs in the right places.
It’s unfortunate that the phone couldn’t be made to work without making changes to the firewall. But something with the way that the 2Wire handles RTP seems to make it necessary.