[Serusers] Config for Local SIP Server on Router
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Jun 29 10:20:54 CEST 2004
This setup should be possible with the new rtpproxy in "bridge" mode.
Having the user data on both sers is a bad idea. The local ser should
apply access control and the public SIP server can be restriced by a
firewall. All messages which come from the IP address of the local ser
are trusted and will be routed. You can enhance security by using IPsec
between the proxies.
regards,
Klaus
Jeremy M. Dolan wrote:
> Hi all. I was hoping someone could double-check my thinking, and make
> sure I get off on the right foot with a new SER setup. I don't think
> any of the examples in the admin manual cover my scenario, so I'm not
> entirely sure on how to approach it.
>
> Here comes the crude ASCII:
>
> +--------+ +-------------------+ +-------+ +----------------------+
> | Phones |___| Router/SER Server |___| I'net |___| SER Server/PSTN Gate |
> | 10.x | | 10.0.0.1 - Public | | * | | 17.40.2.42 |
> +--------+ +-------------------+ +-------+ +----------------------+
>
> [Figure explanation: The phones (Cisco 7960s) are on a private, NAT'd
> network. The IP router for this network also happens to be the local
> SIP server, running SER. Another SER server, reachable via the
> Internet, has access to a PSTN Gateway.]
>
> All of the documentation I've seen assumes that either the phones are
> behind NAT, and the SIP server is outside, or that both devices are
> public. I'm hoping that having the SER server multihomed will ease
> some of the issues associated with SIP-through-NAT. Testing without
> the local server showed problems with call transferring and the like,
> though I still suspect this was entirely my fault.
>
> What would be the proper way to go about configuring SER for this
> type of network layout? If I use record_route() and proxy all of the
> RTP traffic, does this avoid needing to mangling up the poor packets
> with the nathelper module? It seems like if I add "mhomed=1" to the
> local server, to get the "Via" header set to the external interface's
> address, and add "reply_to_via=yes" on the public SIP server, the
> local SER should be able to function like a traditional proxy for the
> phones. Is this the next-best thing to end-to-end connectivity?
>
> How about user configuration? Add accounts for each of phone numbers
> to both SER servers, grant them to a new group on the public server
> (17.40.2.42), and then, to forward inbound calls, is it as simple as:
>
> is_user_in("To", "my-local-group") { route(x) }
>
> If it's any easier, I *can* move the SER server to a separate machine
> behind the NAT on the 10.x network.
>
> Thanks for listening, and extra thanks for any insight you can provide.
>
> Jeremy
>
More information about the sr-users
mailing list