SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SIP dead Air over NATED SIP in SRX 4100

    Posted 04-21-2022 06:33
    Dears ,
     i have Juniper Srx4100  i have couple of other SIP trunks over this SRX  working fine  but one of the tunnel is observing  Dead Air 
    they are using cisco and voip side Teles media gateway 
    ALG is enabled , policy has been created and  

    set security alg sip application-screen unknown-message permit-nat-applied
    set security alg sip application-screen unknown-message permit-routed

    for RTP 
    term 1 alg sip protocol tcp destination-port 0-65535;
    term 0 alg sip protocol udp destination-port 0-65535;


    From zone: IAC, To zone: Internet
    Policy: BISTALK-SIP-VoIP, State: enabled, Index: 78, Scope Policy: 0, Sequence number: 19
    Source vrf group: any
    Destination vrf group: any
    Source addresses: KBMSS2_SIP_VIF, KAMGW_DGS, KAMGW31-PP
    Destination addresses: BISTALK-SIP, BISTALK-RTP
    Applications: SIP-UDP, junos-sip, BISTALK-RTP
    Action: permit

    IP's and spacific ports for SIP and RTP along with junos-sip are  permited 


    but still dead air 

    any idea 





    ------------------------------
    Samiullah Samir
    ------------------------------


  • 2.  RE: SIP dead Air over NATED SIP in SRX 4100

     
    Posted 04-25-2022 05:31
    Sounds like you are running sip through the SRX and need to engage the ALG parameters for your specific scenario.  The details vary depending on the use of nat and the location of both the phone and the sip proxy.  The overall outline documentation with examples for the scenarios is here.

    https://www.juniper.net/documentation/us/en/software/junos/alg/topics/topic-map/security-sip-alg.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------