Support / Voice / SIP Trunking / Whitelisting VoiceTel IP addresses
Whitelisting VoiceTel IP addresses.
VoiceTel SIP service requires customer firewalls, PBXs, and SBCs to allow traffic from VoiceTel signaling and media infrastructure. Blocking these addresses can cause failed registration, failed inbound calls, one-way audio, missing audio, or intermittent call behavior.
Customer responsibility
VoiceTel provides the infrastructure IP addresses and subnets used for SIP signaling and media. The customer is responsible for configuring their firewall, PBX, SBC, NAT rules, and access-control lists correctly.
If a customer uses a managed firewall, hosted PBX, or third-party SBC, they should provide this list to the vendor responsible for that equipment.
Firewall requirements
Allow UDP traffic from one or more of the following VoiceTel infrastructure addresses and subnets. Customers should whitelist the ranges that match their selected VoiceTel routing, registration, media, and geographic configuration.
Cloud infrastructure
| Infrastructure | Subnet |
|---|---|
| Amazon Proxy West | 50.18.88.40/32 |
| Amazon Proxy West | 192.73.251.107/32 |
| Amazon Proxy East | 52.201.88.130/32 |
| Amazon Proxy East | 192.73.251.107/32 |
| Amazon RTPProxy West | 52.9.226.100/32 |
| Amazon RTPProxy East | 52.20.181.50/32 |
Colocation facilities
| Location | Subnet |
|---|---|
| SJC | 104.225.6.160/29 |
| DFW | 104.225.13.72/29 |
| ORD | 192.73.246.104/29 |
| DEN | 192.73.250.96/29 |
| NYC | 192.73.251.104/29 |
| AMS | 94.75.246.192/26 |
| Anycast | 148.59.176.0/23 |
Recommended configuration steps
- Identify the PBX, SBC, or firewall that receives SIP and RTP traffic from VoiceTel.
- Open the firewall or access-control configuration for that device.
- Add UDP allow rules for the VoiceTel infrastructure addresses and subnets used by the deployment.
- Apply the rules to the interface or policy that handles SIP and RTP traffic.
- Confirm that NAT, port-forwarding, and SIP helper behavior are configured correctly for the environment.
- Save and apply the firewall changes.
- Restart or reload the relevant firewall policy if required by the firewall vendor.
- Place inbound and outbound test calls.
- Confirm that calls connect and that audio works in both directions.
PBX and SBC access-control lists
Some PBXs and SBCs maintain their own access-control lists in addition to the network firewall. If the PBX or SBC has a SIP access list, trusted IP list, trunk ACL, or media ACL, add the VoiceTel infrastructure addresses there as well.
After adding the addresses, confirm that the ACL is applied to the active SIP profile, trunk, interface, or listener. Adding addresses to an unused ACL does not allow traffic.
Troubleshooting
If calls still fail after the firewall rules are added, check the following:
- The firewall rules allow UDP traffic.
- The rules are applied to the correct WAN interface or security zone.
- The PBX or SBC is not blocking the same traffic with its own ACL.
- NAT is forwarding traffic to the correct internal PBX or SBC.
- The customer's public IP address matches the IP address configured for any IP-authenticated VoiceTel service.
- The PBX or SBC has been restarted or reloaded if required.
- Test calls are using the expected VoiceTel route, registration domain, or geographic target.
VoiceTel infrastructure includes both SIP signaling and media addresses. Do not whitelist only a single address unless the deployment has been specifically designed and tested that way. Coordinate firewall changes with the PBX, SBC, or firewall administrator and test both call setup and two-way audio after the changes are applied.