SRX Services Gateway
SRX Services Gateway

H.323 ALG exclusion

[ Edited ]
‎02-07-2014 07:37 AM

I've gotten an Avaya 9620 phone to use it's internal IPSEC vpn client to register and make calls successfully.  


The problem is that I needed to disable the H.323 ALG for it to register successfully.  However we need the ALG to utilize a Polycom RMX video conference bridge over NAT port translation.


Is there a way for me to exclude the Avaya VPN phone from the H.323 ALG?


There is a specific IP range that is sepaerate from the rest of the network.  The policy (Untrust to Internal) for the VPN phone to tunnel the traffic is at the bottom of the inbound list.  There's also a policy at the top of the outbound list to tunnel the traffic outward to that IP range.


This is an SRX 240 chassis cluster running 11.4R7.5 

SRX Services Gateway

Re: H.323 ALG exclusion

‎02-08-2014 04:40 AM

You can turn off the alg per polciy following these instructions in KB15492.


But before you do that, you may want to look at KB25300 on setting up Avaya phones with SRX across a vpn to see if this resolves your issue.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
SRX Services Gateway

Re: H.323 ALG exclusion

‎02-10-2014 06:25 AM

Thanks, I'll give it a try.  That PDF is the one I used to make the VPN work.