1 / 15

The SIP-Based System Used in Connection with a Firewall

This paper discusses various methods like ALG, STUN, TURN, and FCP for integrating SIP with firewalls and NAT, presenting a system to offer SIP services behind NATs. It covers different NAT types, STUN, and TURN technologies with examples for better understanding.

Download Presentation

The SIP-Based System Used in Connection with a Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The SIP-Based System Used in Connection with a Firewall Peter Koski, Jorma Ylinen, Pekka Loula Tampere University of Technology, Pori Pohjoisranta 11 A, P.O.Box 300, FIN-28101 Pori,Finland speaker:Wenping Zhang date:2007.09.07

  2. Outline • Introduction • Types of NAT • Technology • Example • Conclusion • References

  3. Introduction • Different methods, such as ALG, STUN, TURN and FCP have been proposed for using SIP together with firewalls and NAT. • The most suitable solution has to be determined in every situation. • In this paper a system which makes it possible to offer SIP service to customers behind NAT is presented.

  4. Types of NAT • Full Cone • Restricted Cone • Port Restricted Cone • Symmetric

  5. Full Cone

  6. Restricted Cone

  7. Port Restricted Cone

  8. Symmetric

  9. Technology 1/2 • Simple Traversal of UDP through NATs (STUN)

  10. Technology 2/2 • Traversal Using Relay NAT (TURN)

  11. INVITE sip:6229002@193.167.88.44 SIP/2.0 Via: SIP/2.0/UDP 192.168.0.27:5060;branch=z9hG4bK58659f1f From: "6229001" <sip:6229001@193.167.88.44> ;tag=00115c40752 To: <sip:6229002@193.167.88.44> Call-ID: 00115c40-752@192.168.0.27 CSeq: 101 INVITE Contact: <sip:6229001@192.168.0.27:5060> Content-Type: application/sdp Content-Length: 247 v=0 o=Cisco-SIPUA 25800 13441 IN IP4 192.168.0.27 s=SIP Call c=IN IP4 192.168.0.27 m=audio 26324RTP/AVP 8 0 18 101 a=rtpmap:0 PCMU/8000 Example 1/3 INVITE sip:6229002@193.167.88.43:5060 SIP/2.0 Record-Route: <sip:6229002@193.167.88.44;ftag=00115c40752;lr=on> Via: SIP/2.0/UDP 193.167.88.44 Via: SIP/2.0/UDP 192.168.0.27:5060;rport=1162;received=193.167.88.45 From: "6229001" <sip:6229001@193.167.88.44>;tag=00115c40752 To: <sip:6229002@193.167.88.44> Call-ID: 00115c40-752@192.168.0.27 CSeq: 101 INVITE Contact: <sip:6229001@193.167.88.45:1162> Content-Type: application/sdp Content-Length: 286 v=0 o=Cisco-SIPUA 25800 13441 IN IP4 192.168.0.27 s=SIP Call c=IN IP4 193.167.88.44 m=audio 35080RTP/AVP 8 0 18 101 a=rtpmap:0 PCMU/8000

  12. Example 2/3 • Use STUN for SIP Registration

  13. Example 3/3 • Use STUN for RTP

  14. Conclusion • STUN and TURN require client support and this may be a problem in some cases. • TURN can be used with a symmetric NAT, but few clients support TURN.

  15. References • The SIP-Based System Used in Connection with a Firewall • NAT Traversal for VoIP

More Related