There are two ways to handle this... 1. Setup sipx to be behind nat, enabling support for remote users and server behind nat, as well as enabling the role for siptrunking and setup your firewall accordingly, which for whatever reason is "not acceptable in your environment".
or 2. Do none of the above and use a separate SBC to handle those roles. The most recent IETF draft: http://tools.ietf.org/html/draft-ietf-sipping-nat-scenarios-10#page-10 (4.1.1. Symmetric Response) is what sipx does in method 1 above. The IETF draft considers it reliable adn does not consider it to be a security issue. Nor do I. ICE is actually a layered protocol. It is reliable, but sipx does not implement it. Whether you want ICE, STUN or TURN, these can be delivered from a firewall with "sip awareness" or from a SBC with these capabilities (i.e. Ingate, etc.). We do this all the time for customers who need to make trunking or dial plan changes during work hours without disruption to users. Good luck. On Wed, Jun 16, 2010 at 10:19 PM, Richard Zhao <[email protected]> wrote: > Hi, > > We are trying out sipXecs for internal usage. An important factor for > us is NAT traversal. We have some experience with Microsoft OCS and it > uses ICE for NAT traversal. It seems a good way to handle this. > > I checked sipXecs docs and it is not very clear about how to configure > STUN/TURN for ICE protocol. Does anyone have experience on this? How > should we set up STUN/TRUN server and have ICE available? I read that > OpenSips has an internal STUN server and it works well. Can I have an > internal STUN server in sipXecs? > > I know that sipXecs has some built-in NAT traversal mechanism but it > needs pinholes on the firewall. That is not acceptable in our > environment. > > Thanks for your help, > Richard > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
