ScreenOS Firewalls (NOT SRX)
Reply
Visitor
atou
Posts: 2
Registered: ‎11-11-2009
0

source and destination for avaya voip

I need to do source & destination nat for Avaya voip.

We are using a cluster of SSG-140 and using role-based nat.

When I do a capture I see H.225.0 RAS RegistrationConfirm message with the IP of the PBX but it's the original IP and not the natted IP.

I guess this is the problem as the phone receives this message but doesn't responds to it.

 

I already disabled the ALG for H323, changed some settings for the H.323 ALG but no change.

 

Has anybody an idea how to get this solved?

 

Thanks,

 

Anthony

 

Distinguished Expert
spuluka
Posts: 2,514
Registered: ‎03-30-2009
0

Re: source and destination for avaya voip

If you create a permit policy to the phone ip address and turn on logging the log will name any alg that is applied to the traffic.  This will let you know if processing by one of the alg is indeed the issue and which one to turn off.

 

You could also try putting the application type on that policy to "ignore" instead of the default "none".  This turns off processing of all alg for that traffic.  But if you need the alg to apply then it won't work.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.