Solving NAT related issues for Hosted PABXes

If you come across a situation where a customer has multiple handsets usually when upwards of 20 units per site/location, you may have noticed that you get myriad of issues depending on the router/firewall being used.

Some issues that I’ve noticed are, phones loosing registration randomly and unable to register again; Transfer/hold/BLF functions stops working correctly.

The main culprit here is that the router/firewall is unable to cope with NATing table for same source port for this many number of devices and sometimes freezes. The side affect of this is that traffic from the hosted PABX does not reach the handset as the router stops forwarding the traffic inwards.

There are two remedies that I have worked out. First being setting up a VPN, which opens a whole heap of other issues plus brings added complexity. The second being changing the listening port of the device to be unique one. This is much simpler and easier to maintain and troubleshoot.

Now the hard part is that if you have a site with hundreds of provisioning files for each phone, this would be tedious and cumbersome. So here’s a simple script to help you save the day. This is designed for Yealink phones and can be adapted to any other phone model.


#check old yealink phones are there
if ls 001565* 1> /dev/null 2>&1; then

while [ $LOOP -lt 2 ]; do
  for f in $FILES
    #check if sip.listen_port already exists. if not proceed to add following
    if ! grep -q '^[[:blank:]]*sip\.listen_port' "$f"; then				
      UNAME=$(awk '/user_name/{print $NF}' "$f")
      # take action on each file. $f store current file name
      # check the lenght of extension number and set the last 3 digits as listen port
      if [ ${#UNAME} -lt 2 ]; then
        echo "sip.listen_port = 900$UNAME" >> $f
      elif [ ${#UNAME} -lt 3 ]; then
        echo "sip.listen_port = 90$UNAME" >> $f
      elif [ ${#UNAME} -lt 4 ]; then
        echo "sip.listen_port = 9$UNAME" >> $f
        echo "sip.listen_port = 9$UNAME" >> $f
  #check new yealink phones are there
  if ls 805ec0* 1> /dev/null 2>&1; then


Asterisk/FreePBX add Listen/Whisper/Barge facilities to your PABX

This page shows you how to add Listen/Whisper/Barge facilities to your Asterisk based PABX

A few of our customers wanted a feature to listen to other calls. Asterisk/FreePBX already provides ChanSpy, but the problem with it is that you cannot select what extension to listen to. After some digging around, found a few sites with instructions to get this done.

So here’s what I used to implement this. If you’re using this as it is, make sure that there are no feature codes using *222/*223 & *224.

Add below snippet to extensions_custom.conf. Reload asterisk and you’re good to go. To listen on extension 123, simply dial *222123.


exten => _*222x.#,1,Macro(user-callerid,)
exten => _*222x.#,n,Answer
exten => _*222x.#,n,NoCDR
exten => _*222x.#,n,Wait(1)
exten => _*222x.#,n,ChanSpy(sip/${EXTEN:4},q)
exten => _*222x.#,n,Hangup

exten => _*223x.#,1,Macro(user-callerid,)
exten => _*223x.#,n,Answer
exten => _*223x.#,n,NoCDR
exten => _*223x.#,n,Wait(1)
exten => _*223x.#,n,ChanSpy(sip/${EXTEN:4},qw)
exten => _*223x.#,n,Hangup

exten => _*224x.#,1,Macro(user-callerid,)
exten => _*224x.#,n,Answer
exten => _*224x.#,n,NoCDR
exten => _*224x.#,n,Wait(1)
exten => _*224x.#,n,ChanSpy(SIP/${EXTEN:4},qB)
exten => _*224x.#,n,Hangup


Now, say there are some extensions that you don’t want to be listened on (ex. a manager), there are few ways to do it. But the simplest method I found is using below context. This needs to be added before the above set.

Here, no one should be able to listen/whisper/barge on extension 5205’s calls. What this code does is if someone tries to do be naughty, it will simply hangup the call.

exten => _*2225205,1,Macro(user-callerid,)
exten => _*2225205,n,Hangup
exten => _*2235205,1,Macro(user-callerid,)
exten => _*2235205,n,Hangup
exten => _*2245205,1,Macro(user-callerid,)
exten => _*2245205,n,Hangup

A sample QoS config for VOIP service on a Cisco router

The config below is a sample for configuring QoS on a Cisco router. The below config is good for 10 simultaneous calls on G.711 codec. This QoS setting is geared towards SHDSL/EoC/Fibre services with guaranteed bandwidth.

class-map match-any VoIP
match protocol h323
match protocol rtcp
match protocol rtp
match protocol sip
policy-map VOIPQoS
class VoIP
priority 2000
set dscp ef
class class-default
interface GigabitEthernet0/0
service-policy output VOIPQoS

Setting up a Cisco router for auto-provisioning of Cisco handsets

Here is a sample config to setup auto-provisioning for Cisco handsets. This only covers the part of distributing the config files to the handsets and not the config file creation part.

This assumes that VLAN100 is the VOICE VLAN and PCs are connecting via the PC port at the back of the phones.

ip dhcp pool VOICE
option 66 ascii "http://auto.provisioning.url/"
lease infinite
interface Vlan100
description VoiceVLAN
ip address
ip nat inside
ip virtual-reassembly in
interface FastEthernet3
description ToVoiceSwitch
switchport mode trunk
switchport voice vlan 100