Solving NAT related issues for Hosted PABXes

If you come across a situation where a customer has multiple handsets usually when upwards of 20 units per site/location, you may have noticed that you get myriad of issues depending on the router/firewall being used.

Some issues that I’ve noticed are, phones loosing registration randomly and unable to register again; Transfer/hold/BLF functions stops working correctly.

The main culprit here is that the router/firewall is unable to cope with NATing table for same source port for this many number of devices and sometimes freezes. The side affect of this is that traffic from the hosted PABX does not reach the handset as the router stops forwarding the traffic inwards.

There are two remedies that I have worked out. First being setting up a VPN, which opens a whole heap of other issues plus brings added complexity. The second being changing the listening port of the device to be unique one. This is much simpler and easier to maintain and troubleshoot.

Now the hard part is that if you have a site with hundreds of provisioning files for each phone, this would be tedious and cumbersome. So here’s a simple script to help you save the day. This is designed for Yealink phones and can be adapted to any other phone model.


#check old yealink phones are there
if ls 001565* 1> /dev/null 2>&1; then

while [ $LOOP -lt 2 ]; do
  for f in $FILES
    #check if sip.listen_port already exists. if not proceed to add following
    if ! grep -q '^[[:blank:]]*sip\.listen_port' "$f"; then				
      UNAME=$(awk '/user_name/{print $NF}' "$f")
      # take action on each file. $f store current file name
      # check the lenght of extension number and set the last 3 digits as listen port
      if [ ${#UNAME} -lt 2 ]; then
        echo "sip.listen_port = 900$UNAME" >> $f
      elif [ ${#UNAME} -lt 3 ]; then
        echo "sip.listen_port = 90$UNAME" >> $f
      elif [ ${#UNAME} -lt 4 ]; then
        echo "sip.listen_port = 9$UNAME" >> $f
        echo "sip.listen_port = 9$UNAME" >> $f
  #check new yealink phones are there
  if ls 805ec0* 1> /dev/null 2>&1; then


A sample QoS config for VOIP service on a Cisco router

The config below is a sample for configuring QoS on a Cisco router. The below config is good for 10 simultaneous calls on G.711 codec. This QoS setting is geared towards SHDSL/EoC/Fibre services with guaranteed bandwidth.

class-map match-any VoIP
match protocol h323
match protocol rtcp
match protocol rtp
match protocol sip
policy-map VOIPQoS
class VoIP
priority 2000
set dscp ef
class class-default
interface GigabitEthernet0/0
service-policy output VOIPQoS