[asterisk-users] OT: Cisco 1841 - Can it be made SIP aware?

peder at networkoblivion.com peder at networkoblivion.com
Thu Sep 18 19:49:37 CDT 2008


I've had the same experience.  I probably have 20-30 customers with 
multiple SIP phones behind PIX running 6.3(5) (which has been out almost 
3 years) and I have no issues at all.  You can even have two phones 
behind a PIX being PAT'd to a single external IP with reinvite enabled 
in * and you will still get 2 way audio.  The SIP Fixup makes changes 
inside the SIP packet for internal IPs.  The nice thing is that you 
don't need to enable NAT on the remote * server either.  It thinks the 
device is not behind NAT.  I have customers with 20 phones behind one IP 
connecting to a remote * box with no issues at all and no special PIX 
config.

Now the IOS firewall, that is a completely different animal and works 
completely different than the PIX/ASA.


Stefan Gofferje wrote:
> Kristian Kielhofner schrieb:
>>   IMNSHO, the less SIP aware the better...
>>
>>   I have to disable SIP inspection on every IOS/PIX device I come
>> across.  Fix the one-way audio problems on your proxy, registrar, etc
>> (in the case, Asterisk).
>>
>>   Most SIP ALGs are broken.
> 
> Interesting. I have my Asterisk with RFC-1918 IPs behid a NATting PIX
> and the FIXUP SIP of the PIX makes it very easy for me to use my * as
> server for external clients as well as as client for SIP providers.
> The PIX nicely replaces the RFC-1918 IP in the SIP-traffic with the
> current (dynamic) public IP of itself and keeps track of the RTP
> traffic. Actually, it also chages the ports in the RTP negotiation and
> then automatically forward the RTP traffic to the ports, the * was offering.
> Very very convenient.
> 
> If the IOS firewall in the newer routers make problems, maybe I should
> not change to an ISR as I planned :).
> 
> 
> Terve,
> Stefan
> 



More information about the asterisk-users mailing list