1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SIP and Juniper Netscreen

Discussion in 'Networks' started by morph, Sep 7, 2014.

  1. morph

    morph Byte Poster

    204
    3
    22
    Hi

    im racking my head a bit with this one and wondered if someone could shed some light on it for me :)

    I've got a juniper firewall in a remote site - its currently got 5 public ip address's. Ive used 3 of these address's to do one to one nat to some sip phones from a sip providers public PBX - that all works fine.

    The site have got another line in and want to use this other line which has only got one public ip address. Ive been told to sort out full cone nat to allow the sip phones to work via one public ip. This line also has a vpn running down it as well as a default internet connection. I'm a bit puzzled about how to achieve this on - ive read about full cone nat and from what ive read this is generally used to do many internal/ private connection out on a particular port. Im assuming im meant to reverse this so its incoming from the sip providers ip to the 3 sip phones internally. Does this make any sense and is full cone nat the way to go ?
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Not a juniper expert but all the SIP phones I have setup all dial out so no need for inbound ports.

    To get the connection to go through a particular connection I usually put a route from the LAN subnet of the phones to route out on a WAN IP address\interface.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. morph

    morph Byte Poster

    204
    3
    22
    i think its more the incoming - will keep looking :)
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    No probs mate - first time I have seen inbound ports needed for SIP phones TBH.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. morph

    morph Byte Poster

    204
    3
    22
    Well this is one of the things - how does the internal sip phone know if its being called from external or is the gateway constantly open ?
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Because the SIP phone always dials out to the hosted\cloud PBX. Have you ever had to provision any of the phones?

    For me I put the MAC in the Cloud PBX of the SIP phone provider. After that there is a URL I put in the SIP phone web interface with username and password and after that it connects outbound. Provided you don't have any restrictions on LAN-WAN rules or any unusual NAT rules then you are good to go.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...