It (ALG) gets in the way of sipx in trying to negotiate the sip registration or media.
Leaving it on will result in broken media for remote users as well as any itsp calls. It is a big fat no-no. ============================ Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ ----- Original Message ----- From: Robert Hoffmann <[email protected]> To: Tony Graziano <[email protected]> Cc: sipx-users <[email protected]> Sent: Sat May 08 15:19:38 2010 Subject: Re: [sipx-users] Basic deployment scenario - local DNS server mandatory? Thank you very much for the insight! Could you explain *You need to disable ALG/SPI on your zyxel to get remote phones to register. * a little bit further? Yes, as far as I understand sipX is fully capable of dealing with SIP header transitions between private / public realms all by itself - but could I also disable this in order to use my ALG for inside / outside transitions (for remote calls / remote phones registering) ? One advantage using the ALG would be that RTP port forwarding is limited to the ports that are really in use at the time. 2010/5/8 Tony Graziano <[email protected]> > About DNS in general > > http://sipxecs.blogspot.com/2009/10/dns-concepts-for-sipxecs.html > > <http://sipxecs.blogspot.com/2009/10/dns-concepts-for-sipxecs.html>About > subdomains and why you might prefer them > > > http://wiki.sipfoundry.org/display/xecsuserV4r2/Upgrade+or+Install+Planning+for+4.2+and+XMPP > > > On Sat, May 8, 2010 at 2:03 PM, Tony Graziano < > [email protected]> wrote: > >> >> >> On Sat, May 8, 2010 at 1:24 PM, Robert Hoffmann >> <[email protected]>wrote: >> >>> I would like to do a very basic install of sipXecs with the latest ISO. >>> I >>> have a public domain with the needed SIP records. >>> Now I see that the sipX proxy is not starting because it requires a >>> local >>> DNS server with the same SIP records but pointing its local address. >>> I understand that this is basically masquerading the public entries to >>> make things easier at the local network - but is this mandatory by >>> design of >>> sipX? >>> >> No, you need split dns. REINSTALL from ISO and let sipx be your dns >> server >> for the PC's behind nat. If on the LAN, get DNS from sipx, if outside, >> look >> up public dns records. >> >>> >>> I have a Zyxel USG-100 Firewall/UTMA with SIP ALG and would like my SIP >>> phones to use the public SIP DNS records (and the public IP) and then >>> NAT / >>> ALG the phones' requests back ("hairpin") to the sipX proxy. >>> >>> - I am just learning about deployment, is NATing / ALGing to >>> "hairpin" the stuff a smart idea? Is it generally possible? >>> >>> No. You need to disable ALG/SPI on your zyxel to get remote phones to >> register. It's not hairpinning, it registering to sipx, which would use a >> b2bua (sipxbridge) to anchor the media and provide rtp. >> >>> >>> - >>> - Whether it is smart or not, can sipX be configured to not require a >>> local DNS server? - so that I can try the above? >>> >>> You need to dns server on sipx or a dns server INTERNALLY to host the >> proper records, even if no pc points to in internally. If you have a pc >> internally, it should not resolved the domain publicly. >> >>> >>> - >>> >>> Thank you very much for any ideas / advices. I am an IT student and have >>> just started exploring the possibilities of SIP PBX deployments. >>> >>> >>> You might consider running sipx on a subdomain instead of the domain >> itself, I think that will resolve all your problems. Public dns records >> need >> to be available, but local pc/phones need to resolve the subdomain >> internally, not inside, backoutside, then back in. Noone would in their >> right mind WANT to deliberately do that, so thanks for asking, but don;t >> do >> what you asked in the first place. It's a horrible way to start learning. >> >>> >>> _______________________________________________ >>> sipx-users mailing list [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users >>> Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users >>> sipXecs IP PBX -- http://www.sipfoundry.org/ >>> >> >> >> >> -- >> ====================== >> Tony Graziano, Manager >> Telephone: 434.984.8430 >> sip: [email protected] >> Fax: 434.984.8431 >> >> Email: [email protected] >> >> LAN/Telephony/Security and Control Systems Helpdesk: >> Telephone: 434.984.8426 >> sip: [email protected] >> Fax: 434.984.8427 >> >> Helpdesk Contract Customers: >> http://www.myitdepartment.net/gethelp/ >> >> Why do mathematicians always confuse Halloween and Christmas? >> Because 31 Oct = 25 Dec. >> >> > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
