Asterix, JunOS and NAT

I recently needed to work from home, and I brought home one of my desk phones (A Cisco 7940G)

 

It connected to the PABX fine with NAT mode and worked for all of 60 seconds before it went unreachable to the PABX

Now, I’ve fixed this before thanks to help from KungfuMonkeySlayer (http://www.kungfumonkeyslayer.co.uk/index.php/2010/04/sip-through-a-juniper-ssg5-router/)

 

But on my nice new Juniper SRX110 (which Runs JunOS) its completely different and that setting didn’t exist.

 

So after much hair pulling, this is what I did:

Configure Tab
Security > ALG > SIP
 Enable SIP - Ticked
 Enable retail hold resource - Unticked
 Max Call duration - 7200
 C timeout - 3
 t4 Interval - 5
 Inactibe media timeout - 120
 t1 Internval - 500
 SIP invite attack table entry timeout - 5
 Enable Permit NAT applied - Unticked
 Enable Permit routed - Unticked
 Enable attack protection - All servers
Save that
Now go Policy > Applications
 Create a custom application
Application name: Custom-SIP
 Leave everything else alone
Go into the Terms tab and we will create 4 terms
Name: t1
 ALG: SIP
 Match IP protocol: tcp
 Destination port: 5060
 Inactivity timeout: 3600
Name: t2
 ALG: SIP
 Match IP protocol: udp
 Destination port: 5060
 Inactivity timeout: 3600
Name: t3
 ALG: SIP
 Match IP protocol: tcp
 Destination port: 5061
 Inactivity timeout: 3600
Name: t4
 ALG: SIP
 Match IP protocol: udp
 Destination port: 5061
 Inactivity timeout: 3600

(These are the VOIP and VOIP control ports in my config. Yours may differ)

Save that

Now go into Policy > Apply policy

Create a new one:

From: Trust (or whatever zone your phone is in)
To: Untrust (or whatever your SIP server is in)
Name: SIPOut
Source address: ANY or Your phone IP
Destination IP: Your phone server
Application: Custom-SIP
Action: Allow
Save that and move the rule to the top of the chain.

Commit your changes in JunOS

Now restart your phone and it should be ok!

Leave a Reply

Your email address will not be published.

Blue Captcha Image
Refresh

*

RSS
LinkedIn
Share