Hi Masters,
There is a trixbox behind SRX210 and all works well except that phone call to the out side world couldn't hear me at all but I can hear them well (inbound voice).
filter based forwarding based on KB17223 is used to steer traffic:
...
Interfaces {
fe-0/0/4 {
unit 0 {
description Port4DMZ4;
family inet {
filter {
input filter-based-forwarding;
}
address 172.16.3.12/24;
}
}
}
fe-0/0/6 {
unit 0 {
description ISP1;
family inet {
address 1.1.1.2/29;
}
}
}
}
routing-options {
interface-routes {
rib-group inet isp-instances;
}
rib-groups {
isp-instances {
import-rib [ inet.0 ISP-1.inet.0 ISP-2.inet.0 ISP-3.inet.0 ISP-4.inet.0 ];
}
}
}
...
security {
nat {
source {
rule-set OUTGOING {
from zone [ dmz4 trust ];
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone dmz4 to-zone untrust {
policy dmz4-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
...
zones {
security-zone dmz4 {
interfaces {
fe-0/0/4.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
...
firewall {
family inet {
filter filter-based-forwarding {
term VoIP {
from {
source-address {
172.16.3.242/32;
}
}
then {
routing-instance ISP-1;
}
}
...
routing-instances {
ISP-1 {
description AAPTMel;
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 203.185.255.77;
}
}
}
By the way, calls between extensions in the trixbox work well.
thinking of setting up a security nat destination but the problem was that my voice didn't get sent out to the outside world.
any ideas about how srx210 is processing UDP sessions, and what can be done to avoid such problem?
Bob