?
Solved

Voip problem in Juniper

Posted on 2009-05-07
3
Medium Priority
?
1,314 Views
Last Modified: 2013-11-12
After 6 months, we've finally finished setting up our Juniper SSG firewall. VPN and routes, etc are finally working. All except one thing: VOIP.

I have a VOIP server running on asterisk. I also have an IM server on a separate box. Both are connected to the DMZ with internal IP of IP 53.0.0.x. So we've set the required ports on Juniper so that it can pass traffic through VIP to the specific computer.
Now, the IM server works great (causing me to believe that the policy & routing in SSG is fine for the IM Server).
But the VOIP part is not working (the VOIP vendor blames it on the SSG, but I find it 80% unlikely because it was setup teh same way as IM routing was set up)

Now the question is, how do we know for sure that the port requested by the VOIP guy has been opened correctly by my network guy? (I'm working with 2 vendors). I tried telnet 1.1.1.1 1234 (port 1234) but it failed to connect

The connection to these servers uses a public IP (say 1.1.1.1), to which we've assigned VIP on SSG so that it will direct traffic from some ports to different computers.

Btw, the voip guy use x-lite software to test the connection.
0
Comment
Question by:SW111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 750 total points
ID: 24333255
Hi,

Disable ALG ( Application Level Gateway) as suggested in below article;

http://www.trixbox.org/forums/trixbox-forums/help/juniper-ssg-firewall-trixbox
0
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 750 total points
ID: 24337413
also use source based NAT on the outgoing VOIP policy
0
 

Author Comment

by:SW111
ID: 24342698
I'm going to ask my network guy and voip guy to try out both solutions.
Please allow one week for us to figure out how to do these. I'll get back to you guys then.
Thanks so much for the input.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
There are no good configuration guides for HP-H3C router to LYNC on the web. :( Big statement, but we havent been able to find one yet. We did find the following document useful, but the information was not enough to use H3C router for use as a L…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question