[asterisk-users] OT: Cisco 1841 - Can it be made SIP aware?
peder at networkoblivion.com
peder at networkoblivion.com
Thu Sep 18 19:49:37 CDT 2008
I've had the same experience. I probably have 20-30 customers with
multiple SIP phones behind PIX running 6.3(5) (which has been out almost
3 years) and I have no issues at all. You can even have two phones
behind a PIX being PAT'd to a single external IP with reinvite enabled
in * and you will still get 2 way audio. The SIP Fixup makes changes
inside the SIP packet for internal IPs. The nice thing is that you
don't need to enable NAT on the remote * server either. It thinks the
device is not behind NAT. I have customers with 20 phones behind one IP
connecting to a remote * box with no issues at all and no special PIX
config.
Now the IOS firewall, that is a completely different animal and works
completely different than the PIX/ASA.
Stefan Gofferje wrote:
> Kristian Kielhofner schrieb:
>> IMNSHO, the less SIP aware the better...
>>
>> I have to disable SIP inspection on every IOS/PIX device I come
>> across. Fix the one-way audio problems on your proxy, registrar, etc
>> (in the case, Asterisk).
>>
>> Most SIP ALGs are broken.
>
> Interesting. I have my Asterisk with RFC-1918 IPs behid a NATting PIX
> and the FIXUP SIP of the PIX makes it very easy for me to use my * as
> server for external clients as well as as client for SIP providers.
> The PIX nicely replaces the RFC-1918 IP in the SIP-traffic with the
> current (dynamic) public IP of itself and keeps track of the RTP
> traffic. Actually, it also chages the ports in the RTP negotiation and
> then automatically forward the RTP traffic to the ports, the * was offering.
> Very very convenient.
>
> If the IOS firewall in the newer routers make problems, maybe I should
> not change to an ISR as I planned :).
>
>
> Terve,
> Stefan
>
More information about the asterisk-users
mailing list