At 05:06 AM 8/7/2003, Nicholas Irving wrote:

Hi all, Is there any docs on how to set up an Outbound Proxy server so that I can use SER behind a firewall?

I can get my config to work (PIX Firewall 515UR - DLink DSL-604+)

In general, getting NATs and SIP play together is a horrible nightmare. It very much depends on capabilities of your phones and NAT device; the capabilities vary from vendor to vendor and from software version to another one. Getting media over NATs is harder part than signaling and a proxy server alone doesn't help you.

If you are having PIX, you may be lucky -- PIX supports SIP/NAT; you just need to turn it on. More from INOC mailing list:

12.2(15)T does a pretty good job. Note that on some platforms (noteably 1721's) it doesn't work well (or at all) unless you have firewall feature set and have SIP inspection turned on going in adn going out.

Advance warning - Cisco's ATA's can't register through an IOS device with SIP inspection turned on, the inspection rejects the packets. :-(

79[46]0's work well.

Other solution is use of a low-cost low-density CPE SIP/NAT device, like Intertex sells. Yet anther solution is of STUN in phones. Grandstream for example supports STUN.

In general, there are some choices to pick from and it depends how your scenario looks like. If you have a DSL router w/o NAT and you nat in your PIX device, then turning on SIP support in it is the first step to try.

-Jiri