Hello everyone,
I want to use an SSG5 in my trusted network (1.1.1.0) as an ALG for SIP-messages, but there is already a dhcp-server, dns-server and default gateway installed. So the SSG5 shall be used as an outbound proxy and redirect SIP-messages received on it's trusted interface (1.1.1.5:5060) to the SIP-Server in the Untrusted zone (10.10.10.10). As you can see with my (example IP-Adresses), there is NATing between the trusted and the untrusted zone. So again, my setup looks like this:
SIP-Client (1.1.1.30)---------->(1.1.1.5:5060)==SSG5-ALG==(10.10.10.1)--------->SIP-Server(10.10.10.10:5060)
I could accomplish to have the SIP-Messages forwarded to the SIP-Server by using a VIP on the trusted interface, which forwarded the SIP-Messages to the SIP-Server. After that i referenced the VIP in a policy. The SIP-Header where correctly re-written, with the IP-Adress of the Untrust-Interface. First step accomplished!
The problem is: how can I forward the SIP-messages from the SIP-server, received on the untrust interface, back to my SIP-client (incoming call)? I can't use a VIP on the untrust interface, as there are several SIP-clients and therefor several ip-adresses. This is pretty similar to the examples "Incoming Call" and "Proxy in the public zone" in the C&E, VOL. 6, Page 35 and 44
respectively. Except for the fact, that I am using a VIP on the trust interface.
Any idea would be appreciated!
Regards, JP