SIP and Juniper Netscreen

Discussion in 'Networks' started by morph, Sep 7, 2014.

  1. morph

    morph Byte Poster

    204
    3
    22
    Sep 7, 2014 #1
    Remove Advertisement - Premium Membership
    Hi

    im racking my head a bit with this one and wondered if someone could shed some light on it for me :)

    I've got a juniper firewall in a remote site - its currently got 5 public ip address's. Ive used 3 of these address's to do one to one nat to some sip phones from a sip providers public PBX - that all works fine.

    The site have got another line in and want to use this other line which has only got one public ip address. Ive been told to sort out full cone nat to allow the sip phones to work via one public ip. This line also has a vpn running down it as well as a default internet connection. I'm a bit puzzled about how to achieve this on - ive read about full cone nat and from what ive read this is generally used to do many internal/ private connection out on a particular port. Im assuming im meant to reverse this so its incoming from the sip providers ip to the 3 sip phones internally. Does this make any sense and is full cone nat the way to go ?
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Sep 8, 2014 #2
    Remove Advertisement - Premium Membership
    Not a juniper expert but all the SIP phones I have setup all dial out so no need for inbound ports.

    To get the connection to go through a particular connection I usually put a route from the LAN subnet of the phones to route out on a WAN IP address\interface.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. morph

    morph Byte Poster

    204
    3
    22
    Sep 8, 2014 #3
    i think its more the incoming - will keep looking :)
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  4. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Sep 8, 2014 #4
    No probs mate - first time I have seen inbound ports needed for SIP phones TBH.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  5. morph

    morph Byte Poster

    204
    3
    22
    Sep 8, 2014 #5
    Well this is one of the things - how does the internal sip phone know if its being called from external or is the gateway constantly open ?
     
    Certifications: Network +, ITIL Foundation, CCENT, CCNA
    WIP: server/ccna security
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Sep 8, 2014 #6
    Because the SIP phone always dials out to the hosted\cloud PBX. Have you ever had to provision any of the phones?

    For me I put the MAC in the Cloud PBX of the SIP phone provider. After that there is a URL I put in the SIP phone web interface with username and password and after that it connects outbound. Provided you don't have any restrictions on LAN-WAN rules or any unusual NAT rules then you are good to go.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...