SRX Services Gateway
SRX Services Gateway

Sip client issue SRX 220h2

‎07-31-2018 12:34 PM
Hello guys. I'm very new to the Juniper world and have an issue that I just can't resolve. I have a static NAT set up for my pbx using public SIP trunks. The NAT is public-pbx any, any port. SIP ALG is off. Security rule is Internet (SIP PROVIDER) to Internal (pbx) application 5060,UDP, ignore alg. All working fine. We can use SIP clients on our pbx but they need to use UDP port 5059. I can get the SIP clients to connect and make a call but can't hear voice. Also when you end the call the dialled number doesn't know.
I hope this makes sense. Thanks in advanced.
5 REPLIES 5
SRX Services Gateway

Re: Sip client issue SRX 220h2

‎08-05-2018 11:37 PM

Can you share your config pertaining to SIP, NAT, appl and policies? 

 

Anand

SRX Services Gateway

Re: Sip client issue SRX 220h2

‎08-06-2018 02:44 AM

In general for the sip you will need the alg on so that the random high ports in the reverse direction of the policy are permitted.  Unless you are opening the wide range used by the pbx to everything.

 

Then in your case you will need to create a custom app for the non standard main port and reference the sip alg in the app so that it can be triggered.

 

And create the policy with only the custom sip app on this so that the whole process will work.  Don't combine with other applications.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: Sip client issue SRX 220h2

[ Edited ]
‎08-21-2018 08:34 AM

Hi ,

 

Config attached. Like I said SIP ALG is disabled and all SIP trunks on 5060 are working fine. It's just the SIP clients that connect to the internal PBX on port 5059 with the issue.

Many thanks in advance.

Barry

Attachments

SRX Services Gateway

Re: Sip client issue SRX 220h2

‎10-09-2019 02:02 PM
Hi spuluka,
I have the SIP ALG off. I'm using static nat with the SIP 5060 and RTP ports open but only from the SIP trunk provider to the PBX. If I want to use SIP clients these use port 5059 to connect and the connection is ok but I'm not getting audio. Could I create a custom application with no alg?
SRX Services Gateway

Re: Sip client issue SRX 220h2

‎10-09-2019 04:12 PM

If you want to leave the alg disabled then your reverse security policy allowing in the high audio ports need to be to any ip address that the phones would be coming from.  So for internet voip that is generally any internet address allowed in on those ports.

 

Using the alg just requires creating the custom application and associating the alg to that in the policy.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home