Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT-8824
12345678910
Software Version 2.7.4 5
Software Version 2.7.4
C613-10444-00 REV A
VoIP Phone Calls and the Firewall
Software Version 2.7.4 enables you to use internet telephony (VoIP) or video
conferencing and still have your LAN protected by a firewall. This uses these
new firewall features:
SIP Application Layer Gateway
Network Address and Port Translation (NAPT)
After describing these new features, this section contains:
Configuring the Firewall to Allow VoIP Phone Calls, a step-by-step
procedure and example for using the SIP ALG and NAPT
New and Modified Commands
SIP Application Layer Gateway
About the SIP ALG VoIP and other multimedia applications create sessions over the Internet
between users, for example between two people speaking on telephones.
Session Initiation Protocol (SIP) establishes, maintains and terminates these
sessions. People making phone calls use phone numbers or email-like
addresses to “call” other users, and SIP proxy servers resolve these names into
IP address and UDP port. This enables the SIP proxy servers to forward voice
traffic appropriately.
If users are “hidden” from the Internet behind a firewall, they cannot receive
SIP messages and so cannot use internet telephony. The SIP Application Layer
Gateway (ALG) enables the firewall to pass SIP messages to users behind the
firewall. The SIP ALG inspects SIP packets and converts their IP addresses,
UDP port numbers and other information as required.
Once SIP has established a session, the actual voice data in the phone call is
carried by Real-time Transport Protocol (RTP) and Real-time Transport Control
Protocol (RTCP). The SIP ALG dynamically controls the opening and closing of
logical ports in order to establish, maintain, and terminate the RTP/RTCP
sessions negotiated by the SIP protocol. It also modifies the RTP/RTCP packet
IP addresses and port numbers to allow voice traffic across the firewall.
For more information about SIP, see the Voice over IP (VoIP) chapter of your
routers Software Reference.
The SIP ALG requires a feature licence, which is provided by default for some
models. For more information, contact your authorised distributor or reseller.
Configuration To enable the SIP ALG, use the command:
enable firewall sipalg
To see whether the SIP ALG is enabled or disabled, use one of the commands:
show firewall
show firewall policy
To see detailed information about how the firewall is processing and
modifying SIP messages, use the command:
enable firewall policy=name
debug={trace|message|parsing|errorcode|sipalg}
For a description of each of the debugging options, see Table 5 on p a ge 11.