[Asterisk-Users] SIP and VPN
cp
lists at pleasants.net
Thu Nov 10 10:45:07 MST 2005
The example I gave was going over a VPN with tunnel terminating in the
trusted zone. Put the polices how our traffic traverse through the
netscreen. I would config a policy for trust to untrust traffic and for
untrust to trust or untrust to global if you have MIPing going on.
-chip
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Mark
Johnson
Sent: Thursday, November 10, 2005 12:09 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users] SIP and VPN
Lists Pleasants wrote:
>ScreenOS 5.0x and 5.1x has some issues wit SIP. Try the policies I
have
>listed below.
>
>set policcy id 1001 from "Trust" to "Trust" "Local" "Remote" "SIP"
>permit log count
>set policy id 1001 application "IGNORE"
>set policy id 1002 from "Trust" to "Trust" "Remote" "Local" "SIP"
>permit log count
>set policy id 1002 application "IGNORE"
>
>I am running 5.2r1 without any issues but I have turned off any
>application deep scanning.
>
>unset alg sql
>unset alg q931
>unset alg h245
>unset alg ras
>unset alg sip
>
>-Chip
>
>
>
>
Why do you go from Trust to Trust in your policies? I tried that and
the phone won't work at all. The only way to get it to register is for
me to put Remote as an Untrust zone. Thanks!
Mark
_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list