Solved

Cisco Router Firewall to work with VoIP

Posted on 2006-07-05
4
411 Views
Last Modified: 2010-04-12
We will be implementing Cisco routers for all our VoIP installations. The setup is with a Hosted softPBX outside the organization. Previously we had to research the organizations existing firewall box to see if it was cabable of handling the NAT process for VoIP phones. Now we want to use the existing firewall security capabilities of Cisco 800, 1800, and 2800 series routers to handle this NAT process for VoIP calls.

1. What is this "NAT" functionality that handles VoIP calls outside the organization (though a firewall) called? I don't believe it's NAT(something about packet rewrite and handling support of codecs like G.711).

2. Do all these series routers firewallls handle this process and how is it implemented?

3. Any resources you could point me to in learning about this process would also be appreciated.

Thank You
0
Comment
Question by:eidebailly
  • 2
  • 2
4 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 500 total points
Comment Utility
1&2) This functionality is only on the Cisco PIX firewalls and it basically inspects the SIP and RTP traffic and alters the contents of the packets as it goes through the firewall much the same way and inteligent NAT routers do with ftp traffic.

You can have a STUN (proxy) server outside your network and configure the phones etc... to use it. A STUN server detects the presence of NAT and tries to work around the problems caused.

3) http://www.voip-info.org/wiki-STUN
0
 

Author Comment

by:eidebailly
Comment Utility
I was just told by our line-carrier that they currently use 871 routers on up that have at least version 12.4 IOS. They say that this IOS handles the NAT transversal for VoIP. Does that sound right? So that means I wouldn't need anything but one of these routers with IOS to handle VoIP and NAT problem?
0
 
LVL 36

Expert Comment

by:grblades
Comment Utility
I dont know of any specif router feature to enable SIP inspection like the PIX does.
Could you ask your carrier what the command is to enable the feature on the latter IOS version?
0
 

Author Comment

by:eidebailly
Comment Utility
It didn't look like there was a command to enable it. It came with it. ALG: Application Layer Gateway Feature. Which does NAT transveral for VOIP. It looked like it came out around IOS 12.2 but my carrier doesn't use anything lower than 12.4.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now