[Serusers] NAT and protocol aware firewalls

Jesus Rodriguez jesusr at voztele.com
Sun Sep 5 14:05:28 CEST 2004


On Wed, 1 Sep 2004, Helge Waastad wrote:

Hello,

> I just want to dwell around a couple of things.
>
> Several vendors have "application awareness" for instance Cisco has
> <fixup protocol sip...>
>
> Hence the ser will not se the client as nat'ed and will not send
> nat-ping to the clients.
>
>
>
> If the client does not support some kind of keep-alives, I guess you
> will loose connectivity with the clients when standard register expiry
> is 3600 sec. (off course until the next register message is sent)
>
> The Cisco PIX, for instance, have a standard (however configurable) sip
> inactivity timer = 1800sec.
>
>
> What would actually be the best way of dealing with this?

You can use a different port than 5060 for your SIP proxy. This way ALGs
should not modify the packets.

Saludos
JesusR.

-------------------------------
Jesus Rodriguez
VozTelecom Sistemas, S.L.
jesusr at voztele.com
http://www.voztele.com
Tel. 902360305
-------------------------------




More information about the sr-users mailing list