• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1321
  • Last Modified:

Voip problem in Juniper

After 6 months, we've finally finished setting up our Juniper SSG firewall. VPN and routes, etc are finally working. All except one thing: VOIP.

I have a VOIP server running on asterisk. I also have an IM server on a separate box. Both are connected to the DMZ with internal IP of IP 53.0.0.x. So we've set the required ports on Juniper so that it can pass traffic through VIP to the specific computer.
Now, the IM server works great (causing me to believe that the policy & routing in SSG is fine for the IM Server).
But the VOIP part is not working (the VOIP vendor blames it on the SSG, but I find it 80% unlikely because it was setup teh same way as IM routing was set up)

Now the question is, how do we know for sure that the port requested by the VOIP guy has been opened correctly by my network guy? (I'm working with 2 vendors). I tried telnet 1.1.1.1 1234 (port 1234) but it failed to connect

The connection to these servers uses a public IP (say 1.1.1.1), to which we've assigned VIP on SSG so that it will direct traffic from some ports to different computers.

Btw, the voip guy use x-lite software to test the connection.
0
SW111
Asked:
SW111
2 Solutions
 
Kamran ArshadCommented:
Hi,

Disable ALG ( Application Level Gateway) as suggested in below article;

http://www.trixbox.org/forums/trixbox-forums/help/juniper-ssg-firewall-trixbox
0
 
Sanga CollinsSystems AdminCommented:
also use source based NAT on the outgoing VOIP policy
0
 
SW111Author Commented:
I'm going to ask my network guy and voip guy to try out both solutions.
Please allow one week for us to figure out how to do these. I'll get back to you guys then.
Thanks so much for the input.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now