Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB

Published byZoe Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB"— Presentation transcript:

1 Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB karl.stahl@intertex.se 1 © 2003 Intertex Data AB Moderator G. Hamilton

2 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 2 How do we connect? PSTN GSM 3G Non Real TimeOR Real Time IP XP SERVER

3 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 3 VoIP: Still island interworking over the PSTN! Just like message handling before mid 90s… Paper was a very compatible media - So is POTS today… But isn’t it time to move beyond? PSTN emai l printer fax Organization 1 Email system 1 emai l Organization 2 Email system 2 fax

4 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 4 IP Phone IP SOHO LAN Enterprise LAN We have a global single new network… XP PIM …but it is seldom used for person to person communication! Everyone has a connection… Operator Network

5 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 5 …and are rapidly moving towards a single protocol! An Internet Standard Used for live person-to-person IP Communication VoIP, IP Telephony Audio, Video, Data Collaboration Presence, Instant Messaging Lots of activity, ongoing work and development “Everyone” is on the wagon MCI/Worldcom, Microsoft, Nortel, AT&T, Alcatel, Siemens, Sprint… SIP – Session Initiation Protocol

6 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 6 So There is a Big Potential! HTTP created the Web SMTP created Email SIP can create universal live IP Communication person-to-person!

7 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 7 The Next Big Usage of the Internet! A.Go beyond replacing sections of the PSTN by IP! The PSTN is something to interwork with, not the core to build around! B.Go beyond the “quality” and “services” of the PSTN! The mobile phone world has shown that there is more than “black telephony”! POTS is 50-100 years old! C.Get connectivity out to the end users! Aren’t we there??? THE TICKING BOMB! How do we get there?

8 Everyone has a connection IP Phone PSTN SIP /PSTN Gateway IP SOHO LAN Business LAN SIP Server IAP XP PIM Firewall/NAT problems! DSL Cable MTU Operator network with NAT NAT Firewall NAT So, why don’t we just connect? SIP is the Protocol for Live Person-to-Person Communication, BUT IT DOES NOT REACH THE EDGE! SIP does not traverse common NATs and Firewalls! And they are still being installed…

9 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 9 SIP Firewall Problems Sessions initiated from outside the firewall - OK, open port 5060, but… Media streams on dynamically allocated port numbers - Ooops…  ! Even with public IP addresses inside Firewall Problems:

10 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 10 SIP NAT/PAT Problems Where is the device? - Registration/location function Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside NAT & PAT Problems:

11 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 11 Suggested Solutions Dynamically controlled Firewall/NATs Midcom: By Firewall Control Proxy UPnP: By the client (Windows) SIP aware Firewall/NATs (SIP Proxy + Registrar) General, handles complex scenarios, PBX functionality [Intertex (SOHO), Ingate (enterprise), …] SIP aware Firewall/NATs (SIP ALG – non Proxy) TLS not possible STUN  TURN  ICE Can cope with certain types existing NATs Complexity has grown in effort to make reliable and handle more NATs. Needs to be implemented in the SIP clients and servers on the net. Still, tight firewalls can not be handled. Tunnelling - Brings the SIP-client to an operator or a corporate LAN Requires ALG for each client on LAN with own address space IPSec, Proprietary

12 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 12 Adding General SIP Traversal to a Firewall Important components: Firewall & NAT Dynamic Firewall Engine SIP Proxy SIP Proxy Server, controlling the firewall User Location SIP Registrar, user location information Firewall Control Protocol Communication between SIP Proxy and firewall In the Ingate and Intertex products: You got a SIP server! Use it just for firewall traversal AND/OR as your - SIP Server - Outbound proxy - Inbound proxy - PBX (The SIP Swich) What have you got?

13 Firewall/NAT problems! Firewall/NAT SIP transparency! Office or home LAN IP Phone SIP Server PSTN SIP /PSTN Gateway Operator network with NAT Internet NAT Firewall NAT Enterprise LAN DSL Cable MTU DMZ inGate SIParator SIP Enabling the Private Networks inGate Firewall IP Phone IX66 IAP

14 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 14 A Future of Live All IP Connectivity SIP capable firewalls make the difference!

15 Internet Just Another Internet Service… PSTN SIP /PSTN Gateway DNS SRV DMZ inGate SIParator XP Ingate Linköping LAN IX66 Intertex Stockholm LAN Sweden USA Sweden IX66 Home Office Users SOHO LAN IX66 XP Boston VON Booth #421 Enterprise LAN XP inGate Firewall Networks Telecom inGate Firewall Sweden ENUM +43 1 25397 531 +43 1 25397 521 +43 1 25397 522+43 1 25397 513 +43 1 25397 511 +43 1 25397 512

16 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 16 Use as Your Main SIP Server Your own SIP server ready to go! Firewall traversal requires NO setup! Features can be applied to other SIP server domains also Get a DNS entry! DynDNS if you don’t have a fixed IP address

17 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 17 Dial Plan with ENUM and Authentication Use both URLs and E.164 numbers conveniently Mimics PBX, e.g. dial 9 for PSTN ENUM checking before passing to PSTN gateway

18 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 18 User Accounts Speed Dial Mapping of incoming PSTN call Authentication Forwarding, Forking Voice mail forwarding

19 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 19 Restriction of Incoming Callers Allow callers based on various criteria SPAM calling may need to be controlled… Or blacklist unwanted (Although easy to bypass)

20 © 2003 Ingate Systems AB © 2003 Intertex Data AB Moderator G. Hamilton 20 SIP Capable Firewalls! Rissneleden 45 SE-174 44 Sundbyberg, Sweden Tel +46 8 6282828 Intertex Data AB www.intertex.se info@intertex.se See us in booth 421!

Download ppt "Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB"

Similar presentations

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.

1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.

Enterprise-Centric UC Live Unified Communication Beyond the Borders © 2010 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingates SIP Trunk-UC.
AG Projects SIP2SIP SIP infrastructure experts SIP2SIP.info SIP accounts for the masses SF Telephony Inaugural Meetup San Francisco, June 30 th, 2010.

AG Projects SIP2SIP SIP infrastructure experts SIP2SIP.info SIP accounts for the masses SF Telephony Inaugural Meetup San Francisco, June 30 th, 2010.
Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks

Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks
Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:

Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:
Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.

Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
TANDBERG Video Communication Server March 2008. TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.

TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.

IP Communications Services Redefining Communications Teresa Hastings Director WorldCom SIP Services Conference – April 18-20, 2001.
© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.

© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.
WebRTC & SIP E-SBC PBX Companion

WebRTC & SIP E-SBC PBX Companion
The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.

Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.

Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.
© 2001 Intertex Data AB, All Rights Reserved Spring VON 2001 Demo 1 Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for:Voice.

© 2001 Intertex Data AB, All Rights Reserved Spring VON 2001 Demo 1 Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for:Voice.

Similar presentations

Ads by Google