Solved

Voip problem in Juniper

Posted on 2009-05-07
3
1,309 Views
Last Modified: 2013-11-12
After 6 months, we've finally finished setting up our Juniper SSG firewall. VPN and routes, etc are finally working. All except one thing: VOIP.

I have a VOIP server running on asterisk. I also have an IM server on a separate box. Both are connected to the DMZ with internal IP of IP 53.0.0.x. So we've set the required ports on Juniper so that it can pass traffic through VIP to the specific computer.
Now, the IM server works great (causing me to believe that the policy & routing in SSG is fine for the IM Server).
But the VOIP part is not working (the VOIP vendor blames it on the SSG, but I find it 80% unlikely because it was setup teh same way as IM routing was set up)

Now the question is, how do we know for sure that the port requested by the VOIP guy has been opened correctly by my network guy? (I'm working with 2 vendors). I tried telnet 1.1.1.1 1234 (port 1234) but it failed to connect

The connection to these servers uses a public IP (say 1.1.1.1), to which we've assigned VIP on SSG so that it will direct traffic from some ports to different computers.

Btw, the voip guy use x-lite software to test the connection.
0
Comment
Question by:SW111
3 Comments
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 250 total points
ID: 24333255
Hi,

Disable ALG ( Application Level Gateway) as suggested in below article;

http://www.trixbox.org/forums/trixbox-forums/help/juniper-ssg-firewall-trixbox
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 250 total points
ID: 24337413
also use source based NAT on the outgoing VOIP policy
0
 

Author Comment

by:SW111
ID: 24342698
I'm going to ask my network guy and voip guy to try out both solutions.
Please allow one week for us to figure out how to do these. I'll get back to you guys then.
Thanks so much for the input.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question