Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Di_Junior
Advisor
Advisor

NAT on SIP traffic application layer

Hi Mates

I am trying to establish a connection with one of my client’s partner over SIGTRAN and SIP.
In order to enhance the security of my client, we wish to use private IPs in the internal network, and have their Check Point doing NAT for the SIGTRAN and SIP traffic. Unfortunately, this scenario is not working. But if I use Public IPs everything works as normal.
My two questions are: 
1. Is it possible to perform NAT on SIGTRAN/SIP running UDP protocol at the application layer?
2. If yes, is this functionality included in every Check Point appliance, or specific series?

0 Kudos
6 Replies
Vladimir
Champion
Champion

Please provide more information about your topology, rules and NAT settings.

In the interim, please check sk110370 and you can use sk95369 for overall VOIP on  Check Point references.

0 Kudos
Di_Junior
Advisor
Advisor

Hi there, thanks for your reply.

My client is truying to migrate call control traffic from ISUP to SIP and voice traffic to RTP.
The client is using Private addresses in its internal network, and this is what is happening:
1. The SIP trunk became up, but with some problems:
- Calls from the Client could be established, but the calls were mute (No RTP packet were sent from each direction)
- My client could not set up call to its partner, 503 status code (Service unavailable) was being received

Once I changed the client SBC to public address removing the need for NAT, everything worked just fine.

Any additional thoughts to what might be causing this problem.

0 Kudos
Roman_Niewiado1
Contributor

Hi Di Junior,

create a PRoxy ARP rule on the external interface for the stream.

0 Kudos
Di_Junior
Advisor
Advisor

HI Roman,

Any documentation that you would like to refer me to..

Regards

0 Kudos
Roman_Niewiado1
Contributor

Hi Di Junior,

normally you should not need to create a Proxy ARP rule, because you are initiating the connection. But in my case it helped to get the stream.

Configuring Proxy ARP for Manual NAT 

Regards

0 Kudos
SCSupport
Contributor

Hello,

 

Did you ever resolve this? I’m having a similar issue at the moment that’s with TAC.
I posted this article on CheckMates from my other account:

https://community.checkpoint.com/t5/General-Topics/Inbound-Calls-No-Audio-Outbound-Calls-OK-Displaci...

Proxy ARP is all in place so this isn’t it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events