61
Mitel MiVoice Business/MCD/3300 / Re: SIP Trunks and Clients on a Mitel 3300
« on: October 31, 2008, 10:53:20 PM »
A late reply, but the information might help googlers:
You can easily setup 1:1 NAT/PAT on a border firewall to handle a *single* concurrent SIP conversation at a time with any old NAT firewall. You wouldn't want the filter to rewrite source ports though which is common (and sometimes the only way) on cheaper firewalls. That's why I recommended 1:1 NAT. This usually implies that there is no port mapping. If you need multiple concurrent sessions flowing through the firewall you need a SIP proxy (see http://sourceforge.net/projects/siproxd/ ). The proxy will listen on your SIP port and maintain sessions at the application layer (this is the control a L3 firewall lacks). I have written a SIP proxy in C and put a few softphones behind it just for fun. It is trivial to implement.
A VPN (you mean site to site or road warrior?) doesn't need a proxy since there is typically no address translation.
I won't address outbound SIP connections since they will just work.
You can easily setup 1:1 NAT/PAT on a border firewall to handle a *single* concurrent SIP conversation at a time with any old NAT firewall. You wouldn't want the filter to rewrite source ports though which is common (and sometimes the only way) on cheaper firewalls. That's why I recommended 1:1 NAT. This usually implies that there is no port mapping. If you need multiple concurrent sessions flowing through the firewall you need a SIP proxy (see http://sourceforge.net/projects/siproxd/ ). The proxy will listen on your SIP port and maintain sessions at the application layer (this is the control a L3 firewall lacks). I have written a SIP proxy in C and put a few softphones behind it just for fun. It is trivial to implement.
A VPN (you mean site to site or road warrior?) doesn't need a proxy since there is typically no address translation.
I won't address outbound SIP connections since they will just work.