Firewall / NAT settings to access Voice Services

Nehos voice services use the 180.94.236.0/27 (255.255.255.192) and 180.94.237.0/27 subnet for SIP signaling and RTP media. Please allow traffic using UDP on any port from this subnet to ensure that there are no interruptions to signaling or media.

For sip.nehos.com.au your Domain & SIP Proxy will need to be set to sip.nehos.com.au.

For the Cloud PBX voice network your Domain & SIP Proxy will need to be set to pbx.nehos.com.au or pbx1.nehos.com.au or pbx2.nehos.com.au or pbx3.nehos.com.au (dependent on the service you were assigned).

The voice network supports SIP signaling on UDP on port 5060 and TCP on port 5061.

For CPE equipment that uses STUN the signaling will be TCP or UDP protocol on port 5060 on the same IP addresses listed above for the domain you connect to.

Please ensure that any SIP ALG is disabled (except for Mikrotik routers) as this can interfere with proper SIP signaling. Also disable any “Deep SSL Inspection”.

* Please note that sending SIP signaling to any IP within the 180.94.236.0/27, 180.94.237.0/27 that your equipment was not assigned to may result in your IP being blocked from accessing the Nehos network.

STUN

If your equipment supports STUN then you should enable and use the following address for the stun server :

sip.nehos.com.au and port 5060

Please note that our STUN server uses the same IP and port as the main SIP Proxy. This allows for a much better NAT traversal than other solutions that have STUN on a different IP and port than the main proxy.

SIP OPTIONS should be turned off on your equipment. If our network detects your equipment is behind a NAT it will automatically send your equipment SIP OPTIONS requests to keep your NAT ports open for inbound traffic from our network.

Asterisk supports stun and can be enabled by editing the res_stun_monitor.conf as follows

[general]
stunaddr = sip.nehos.com.au:5060