Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP."— Presentation transcript:

1 SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP

2 Outline NAT SIP Traversal of Firewall SIP Traversal of NAT Solution Summary Reference

3 Types of NAT NAT Computer B IP:222.111.88.2 Port: 10101 Computer A IP:222.111.99.3 Port: 20203 Computer C IP:10.0.0.1 Port: 8000 Full Cone Restricted Cone IP:202.123.211.123 Port: 12345 Port Restricted Cone Computer B IP:222.111.88.2 Port: 10102

4 Types of NAT NAT Computer B IP:222.111.88.2 Port: 10101 Computer A IP:222.111.99.3 Port: 20203 Computer C IP:10.0.0.1 Port: 8000 Symmetric IP:202.123.211.123 Port: 12345 IP:202.123.211.123 Port: 45678

5 SIP Traversal of Firewall Firewall Port 5060 SIP RTP Firewall do not know a certain address and emphermal port Port ? SIP Internal External

6 SIP Traversal of NAT(1) SIP Signaling –Based on TCP –Based on UDP

7 SIP Traversal of NAT(2) RTP – Media Stream

8 Solution Firewall Control Proxy (Middlebox Communications (MIDCOM) Protocol ) Discovery Protocol Solution for Symmetric NATs Application Layer Gateway

9 Firewall Control Proxy (Midcom) Under this case: –SIP Provider is the IP Network Provider Middleboxes –RFC 3303 - Middlebox communication architecture and framework Benefits –Load balancing/Lower Cost/Faster…….

10 Discovery Protocol Universal Plug and Play (UPnP) RSIP STUN

11 UPnP Universal Plug and Play (UPnP) A client can ask the NAT how it would map a particular IP:Port Pushed by Microsoft It won’t work in the case of cascading NATs

12 RSIP (1) To let the internal clients ask an RSIP server, for the specific public resource required by the application

13 RSIP (2)

14 STUN Simple Traversal of UDP Through NATs (STUN RFC3489) Kind of NAT Probe but it can also help determine which kind of NAT you are behind It won’t work in case of symmetric NATs

15 TURN -Solution for Symmetric NATs Connection Oriented Media –“Connection-Oriented Media Transport in SDP, IETF draft” –Add a line a= direction:active Traversal Using Relay NAT –The client doesn’t support the tag above –If both endpoints are behind Symmetric NATs

16 Traversal Using Relay NAT

17 Application Layer Gateway Special purpose code for particular applications/services With a NAT, ALG will examine the application data for occurrences of internal addresses and replace them with routable address

18 Implementation of ALG Parse SIP message CancelInviteCancelAckRegister200 OK404 Translate 1.Keep Call leg -> To- /From-/Call-ID 2.Record IP addresses and replace them Calculate Checksum Send Packet

19 Challenge of SIP ALG ALG cannot handle encrypted SIP messages Scalability Impracticality : speed of deploying new applications Reliability

20 Summary There is no single best solution yet

21 Reference “VoIP Traversal of NAT and Firewall”, Cisco White Paper “NAT Traversal in SIP”, Deltathree, Bruch Sterman, David Schwartz “SIP, NAT and Firewalls”, dynamicsoft, Jonathan Rosenberg “SIP, NAT and Firewalls”, Fredrik Thernelius

Download ppt "SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.

STUN Open Issues Jonathan Rosenberg dynamicsoft. Changes since -00 Answered UNSAF considerations –Still awaiting response from Leslie on whether they.
www.dynamicsoft.com Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.
Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.

Running SIP behind NAT Dr. Christian Stredicke, snom technology AG Tokyo, Japan, Oct 22 th 2002.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
1 SIP IPv6/IPv4 transition solutions 通訊所 鍾國麟. 2 Outline IPV6 transition problem NAT-PT + SIP ALG TZI gateway 3GPP – IMS STUN-Based SIP Proxy.

1 SIP IPv6/IPv4 transition solutions 通訊所 鍾國麟. 2 Outline IPV6 transition problem NAT-PT + SIP ALG TZI gateway 3GPP – IMS STUN-Based SIP Proxy.
RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-

RFC 3489bis Jonathan Rosenberg Cisco Systems. Technical Changes Needed Allow STUN over TCP –Driver: draft-ietf-sip-outbound Allow response to omit CHANGED-
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.
P2P and NAT How to traverse NAT Davide Carboni © 2005-2006.

P2P and NAT How to traverse NAT Davide Carboni ©
Network Address Translation (NAT) 12.10.2009 Prof. Sasu Tarkoma.

Network Address Translation (NAT) Prof. Sasu Tarkoma.
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings
NAT/Firewall穿越技术.

NAT/Firewall穿越技术.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)
Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.
1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.

1 NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University.
Network Address Translation (NAT) 8.10.2007 Adj. Prof. Sasu Tarkoma.

Network Address Translation (NAT) Adj. Prof. Sasu Tarkoma.

Similar presentations

Ads by Google