I recently needed to work from home, and I brought home one of my desk phones (A Cisco 7940G)
It connected to the PABX fine with NAT mode and worked for all of 60 seconds before it went unreachable to the PABX
Now, I’ve fixed this before thanks to help from KungfuMonkeySlayer (http://www.kungfumonkeyslayer.co.uk/index.php/2010/04/sip-through-a-juniper-ssg5-router/)
But on my nice new Juniper SRX110 (which Runs JunOS) its completely different and that setting didn’t exist.
So after much hair pulling, this is what I did:
Security > ALG > SIP Enable SIP - Ticked Enable retail hold resource - Unticked Max Call duration - 7200 C timeout - 3 t4 Interval - 5 Inactibe media timeout - 120 t1 Internval - 500 SIP invite attack table entry timeout - 5 Enable Permit NAT applied - Unticked Enable Permit routed - Unticked Enable attack protection - All servers
Now go Policy > Applications Create a custom application
Application name: Custom-SIP Leave everything else alone
Go into the Terms tab and we will create 4 terms
Name: t1 ALG: SIP Match IP protocol: tcp Destination port: 5060 Inactivity timeout: 3600
Name: t2 ALG: SIP Match IP protocol: udp Destination port: 5060 Inactivity timeout: 3600
Name: t3 ALG: SIP Match IP protocol: tcp Destination port: 5061 Inactivity timeout: 3600
Name: t4 ALG: SIP Match IP protocol: udp Destination port: 5061 Inactivity timeout: 3600
(These are the VOIP and VOIP control ports in my config. Yours may differ)
Now go into Policy > Apply policy
Create a new one:
From: Trust (or whatever zone your phone is in)
To: Untrust (or whatever your SIP server is in)
Source address: ANY or Your phone IP
Destination IP: Your phone server
Save that and move the rule to the top of the chain.
Commit your changes in JunOS
Now restart your phone and it should be ok!