Hey all... I'm trying to assist someone who is having issues with their NS20
but I don't understand enough about their topology to get them working
properly. So I have a quick question regarding SIP ;)
This is the relevant portion of their get config (at least pertaining to SIP)
set service "PBXtra" protocol udp src-port 0-65535 dst-port 5060-5060
set service "PBXtra" + udp src-port 0-65535 dst-port 10000-51000
set service "PBXtra" + udp src-port 0-65535 dst-port 4569-4569
set alg sip app-screen unknown-message route permit
set alg sip app-screen unknown-message nat permit
set interface untrust ip 10.10.5.190/29
set interface untrust nat
set interface "untrust" mip 10.10.5.189 host 10.134.160.16 netmask 255.255.255.
set interface "untrust" mip 10.10.5.188 host 10.134.160.10 netmask 255.255.255.
set address Untrust "0.0.0.0/0" 0.0.0.0 0.0.0.0
set policy id 6 name "PBXtra" from "Untrust" to "Trust" "Any"
"MIP(10.10.5.189)" "PBXtra" permit log
set policy id 6 application "SIP"
set policy id 6
set service "SIP"
... According to them, they cannot register phones from their location to the
PBX to ours...
They don't want to place their PBX in a DMZ, they want it doing NAT, and from
what I understand NAT+SIP is sketchy...
What's happening because of NAT is, when an outbound call goes out, the
Netscreen's IP address replaces everything in the SIP message:
>>From 10.10.5.188 --> Netscreen --> 10.10.5.189 --> PBX
PBX 10.10.5.189 --> Netscreen ... Netscreen (And what I'm I to do with this!)
Is there a surefire implementation someone has used to get this working? TIA
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey
_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn
|