cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Di_Junior
Silver

NAT on SIP traffic application layer

Hi Mates

I am trying to establish a connection with one of my client’s partner over SIGTRAN and SIP.
In order to enhance the security of my client, we wish to use private IPs in the internal network, and have their Check Point doing NAT for the SIGTRAN and SIP traffic. Unfortunately, this scenario is not working. But if I use Public IPs everything works as normal.
My two questions are: 
1. Is it possible to perform NAT on SIGTRAN/SIP running UDP protocol at the application layer?
2. If yes, is this functionality included in every Check Point appliance, or specific series?

Tags (1)
0 Kudos
5 Replies
Vladimir
Pearl

Re: NAT on SIP traffic application layer

Please provide more information about your topology, rules and NAT settings.

In the interim, please check sk110370 and you can use sk95369 for overall VOIP on  Check Point references.

0 Kudos
Di_Junior
Silver

Re: NAT on SIP traffic application layer

Hi there, thanks for your reply.

My client is truying to migrate call control traffic from ISUP to SIP and voice traffic to RTP.
The client is using Private addresses in its internal network, and this is what is happening:
1. The SIP trunk became up, but with some problems:
- Calls from the Client could be established, but the calls were mute (No RTP packet were sent from each direction)
- My client could not set up call to its partner, 503 status code (Service unavailable) was being received

Once I changed the client SBC to public address removing the need for NAT, everything worked just fine.

Any additional thoughts to what might be causing this problem.

0 Kudos

Re: NAT on SIP traffic application layer

Hi Di Junior,

create a PRoxy ARP rule on the external interface for the stream.

0 Kudos
Di_Junior
Silver

Re: NAT on SIP traffic application layer

HI Roman,

Any documentation that you would like to refer me to..

Regards

0 Kudos

Re: NAT on SIP traffic application layer

Hi Di Junior,

normally you should not need to create a Proxy ARP rule, because you are initiating the connection. But in my case it helped to get the stream.

Configuring Proxy ARP for Manual NAT 

Regards

0 Kudos