Hi list, I'm currently banging my head against the issues of sip+nat on client and registrar side.
Basic scenario is an ssg550m (5.4.0r2.0) MIPping the private ip address of a sip registrar and two possibilities at the UA-end: (1) using a router w/ nat + STUN (2) 'raw' access to the internet + STUN A 'permit any' policy for the mip has been defined Using sjphone for testing purposes, (2) works well, the RTP-stream gets through without any problems. Sniffing packets on the machine using the softphone, scenarion (1) however tries to forward the packets to the private ip of the registrar, which obviously does not work. I've been playing for a while with NAT-dst, NAT-src and those combined as well as MIP; alas it doesn't really seem to matter which mechanism is being used here - currently MIP is my favored way to go. Am i correct to assume that, given the fact that SIP doesn't run on port 5060 here, the ALG of the netscreen device isn't kicking in and if so, a 'permit any' to the MIPped host should in theory do the trick? I've been trying the same scenario on a cisco pix and it works like a charm: 1:1 static nat, 'permit any'-rule and it works pretty much out of the box. Netscreen lingo for 1:1 NAT would be MIP, right? Is there anything I'm missing? I'm aware that dual NAT is a dreaded scenario in this context, still: is it doable with screen os? Thank you in advance and best regards, Sven _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
